RE: Remote capture capabilities

["Fulvio Risso" <fulvio.risso () polito it>]

> -----Original Message-----
> From: owner-tcpdump-workers () sandelman ottawa on ca
> [mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of
> Michael Richardson
> Sent: giovedi 5 giugno 2003 15.13
> To: Invernizzi Fabrizio
> Cc: tcpdump-workers () tcpdump org
> Subject: Re: [tcpdump-workers] Remote capture capabilities
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> > > > > > "Invernizzi" == Invernizzi Fabrizio
> <Fabrizio.Invernizzi () TILAB COM> writes:
>     Invernizzi> is there any plans to have remote capture capabilities
>     Invernizzi> included in libpcap?
>
>   None.
>   I would want at the least:
>     1) an IETF standard capture format
>     2) an IETF standard filter language
>     3) a clear explanation of the trust model implied

... 4) a Japanese Pope sitting in Rome.
Why don't you say just "no, I don't want it?"

If there is a sufficient number of people interested in remote capture, we
can provide all you need to make it working on unix as well (bsd and linux
are already up and running).

This means, obviously, that libpcap and WinPcap will start diverging, which
is a bad thing for both projects.
I can't believe that the only option is "no", full stop.

Cheers,

        fulvio

>   I know of no standard "remote capture" interfaces or protocols,
> but please
> educate me.
>
>   As far as I can tell, "ssh remotehost tcpdump args" works as well as
> anything, and has a well defined security system already.
>
>     Invernizzi> I need such a feature in order to simultaneous capture
>     Invernizzi> traffic in different point of the network, and,
> the only way
>     Invernizzi> i found out, is to have to different tcpdump running on
>     Invernizzi> different unix machines and do post analisys of saved
>     Invernizzi> captured traffic.
>
>   Yes. The other reason that you might want to do this is because
> you want to
> avoid capturing the traffic about the capture.
>
> ]       ON HUMILITY: to err is human. To moo, bovine.           |
>  firewalls  [
> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON
> |net architect[
> ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/
> |device driver[
> ] panic("Just another Debian GNU/Linux using, kernel hacking,
> security guy"); [
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Finger me for keys
>
> iQCVAwUBPt9B6IqHRg3pndX9AQF9HwQAmyOjG0MhgbL9yPG4Y+XpDcPGULXByF2S
> QTzyioo8765yjgRKF7rX08EAGoy0os6ECC4fysAfsZh14DnBAPzXo5F7umfO4Cwm
> ABGT3UUpb7xLczaaPwUuJmRUw0sjdnQgMd+F3moyinrT3OZttiRnNCz9XA/Ws8k0
> /EHv6Bhn8EA=
> =YwG8
> -----END PGP SIGNATURE-----
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use
mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe