tcpdump mailing list archives
RE: Remote capture capabilities
From: "Fulvio Risso" <fulvio.risso () polito it>
Date: Thu, 5 Jun 2003 18:35:08 +0200
-----Original Message----- From: owner-tcpdump-workers () sandelman ottawa on ca [mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of Michael Richardson Sent: giovedi 5 giugno 2003 15.13 To: Invernizzi Fabrizio Cc: tcpdump-workers () tcpdump org Subject: Re: [tcpdump-workers] Remote capture capabilities -----BEGIN PGP SIGNED MESSAGE-----"Invernizzi" == Invernizzi Fabrizio<Fabrizio.Invernizzi () TILAB COM> writes: Invernizzi> is there any plans to have remote capture capabilities Invernizzi> included in libpcap? None. I would want at the least: 1) an IETF standard capture format 2) an IETF standard filter language 3) a clear explanation of the trust model implied
... 4) a Japanese Pope sitting in Rome. Why don't you say just "no, I don't want it?" If there is a sufficient number of people interested in remote capture, we can provide all you need to make it working on unix as well (bsd and linux are already up and running). This means, obviously, that libpcap and WinPcap will start diverging, which is a bad thing for both projects. I can't believe that the only option is "no", full stop. Cheers, fulvio
I know of no standard "remote capture" interfaces or protocols, but please educate me. As far as I can tell, "ssh remotehost tcpdump args" works as well as anything, and has a well defined security system already. Invernizzi> I need such a feature in order to simultaneous capture Invernizzi> traffic in different point of the network, and, the only way Invernizzi> i found out, is to have to different tcpdump running on Invernizzi> different unix machines and do post analisys of saved Invernizzi> captured traffic. Yes. The other reason that you might want to do this is because you want to avoid capturing the traffic about the capture. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPt9B6IqHRg3pndX9AQF9HwQAmyOjG0MhgbL9yPG4Y+XpDcPGULXByF2S QTzyioo8765yjgRKF7rX08EAGoy0os6ECC4fysAfsZh14DnBAPzXo5F7umfO4Cwm ABGT3UUpb7xLczaaPwUuJmRUw0sjdnQgMd+F3moyinrT3OZttiRnNCz9XA/Ws8k0 /EHv6Bhn8EA= =YwG8 -----END PGP SIGNATURE----- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use
mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Remote capture capabilities Invernizzi Fabrizio (Jun 04)
- Re: Remote capture capabilities Michael Richardson (Jun 05)
- RE: Remote capture capabilities Fulvio Risso (Jun 05)
- Re: Remote capture capabilities Michael Richardson (Jun 05)
- RE: Remote capture capabilities Fulvio Risso (Jun 05)
- Re: Remote capture capabilities Michael Richardson (Jun 05)
- RE: Remote capture capabilities Fulvio Risso (Jun 05)
- Re: Remote capture capabilities Michael Richardson (Jun 05)