Re: Suggestion: Pcap-over-IP client support in tcpdump

[Michael Richardson <mcr () sandelman ca>]

> > > > > "Erik" == Erik Hjelmvik <erik.hjelmvik () gmail com> writes:
    Erik> I've been using tcpdump and netcat to achieve what I call
    Erik> "Pcap-over-IP", as described here:
    Erik> http://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner

    Erik> This is a very simple solution that allows me to capture
    Erik> network traffic from remote devices, such as firewalls etc.
    Erik> However, it would be even better if tcpdump would have native
    Erik> support for Pcap-over-IP so that I wouldn't have to use
    Erik> netcat.

    Erik> What do you guys think? Would it be relevant to implement a
    Erik> Pcap-over-IP client in tcpdump?

On your server side, you are, I think done.

What you want, on the client side, is the ability to open a socket.
Instead of doing that, we should permit -r to take something that it 
feeds to popen(). 

Or, the other question is... why not use /dev/fd and some shell script?

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.