Wireshark mailing list archives
Re: Capture from multiple remote machines
From: Roland Knall <rknall () gmail com>
Date: Mon, 17 Nov 2014 10:38:24 +0100
Hi There exisyts a new interface in Wireshark, called extcap. It is a plugin interface, which allows you to use self-written programs as capture interfaces. So far the interface is only in main, but if you download any 1.9x version, it should be included. This would allow you to write a program, which acts as a ssh-remote capture tool. Multiple instances of those interfaces may be used together, so you could, in theory, implement your scenario. Synchronizing the captures would be a totally different task altogether. Documentation is not yet complete for extcap, but there is a basic python demo program in the ./doc folder of the current wireshark source tree. regards, Roland On Mon, Nov 17, 2014 at 1:17 AM, Ozan T <ozan.tcn () gmail com> wrote:
Hi all, I am working in a company that develops network softwares. We often need to capture from multiple servers in order to see if there is a packet loss, blocked packet, or the original packet altered etc. So, everytime we capture from source and destination, then compare captures manually. ( Generally, we are not allowed to access to switch or anything that stays between source and destination ) I have searched a bit but I think it is not possible to capture from multiple machines remotely with wireshark. We really need this feature/tool ( Also, I discussed with some other people around me, many of them think that this feature may make things easier for them ) . One way or another we will have to develop it. If you think such a feature would be useful in wireshark, we would like to target wireshark rather than a seperate project. Ofcourse, if this is possible with current wireshark, I would like to learn :) or if there is an ongoing project about that. I just need an idea what you think about that feature in wireshark project, then we can plan/discuss things according to it. Basic representation of feature after our initial look : Connect remote machines via ssh/pipe/rpcap as o now possible for single machine Capture and merge in real time Thanks. Ozan. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Capture from multiple remote machines Ozan T (Nov 16)
- Re: Capture from multiple remote machines Roland Knall (Nov 17)
- Re: Capture from multiple remote machines Ozan T (Nov 17)
- Re: Capture from multiple remote machines Patrick Klos (Nov 18)
- Re: Capture from multiple remote machines Ozan T (Nov 19)
- Re: Capture from multiple remote machines Dario Lombardo (Nov 19)
- Re: Capture from multiple remote machines Ozan T (Nov 19)
- Re: Capture from multiple remote machines Ozan T (Nov 19)
- Re: Capture from multiple remote machines Roland Knall (Nov 17)