Re: Remote capture capabilities

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Invernizzi" == Invernizzi Fabrizio <Fabrizio.Invernizzi () TILAB COM> writes:
    Invernizzi> is there any plans to have remote capture capabilities
    Invernizzi> included in libpcap? 

  None.
  I would want at the least:
    1) an IETF standard capture format
    2) an IETF standard filter language
    3) a clear explanation of the trust model implied

  I know of no standard "remote capture" interfaces or protocols, but please
educate me.

  As far as I can tell, "ssh remotehost tcpdump args" works as well as
anything, and has a well defined security system already.

    Invernizzi> I need such a feature in order to simultaneous capture
    Invernizzi> traffic in different point of the network, and, the only way
    Invernizzi> i found out, is to have to different tcpdump running on
    Invernizzi> different unix machines and do post analisys of saved
    Invernizzi> captured traffic. 

  Yes. The other reason that you might want to do this is because you want to
avoid capturing the traffic about the capture.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPt9B6IqHRg3pndX9AQF9HwQAmyOjG0MhgbL9yPG4Y+XpDcPGULXByF2S
QTzyioo8765yjgRKF7rX08EAGoy0os6ECC4fysAfsZh14DnBAPzXo5F7umfO4Cwm
ABGT3UUpb7xLczaaPwUuJmRUw0sjdnQgMd+F3moyinrT3OZttiRnNCz9XA/Ws8k0
/EHv6Bhn8EA=
=YwG8
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe