Re: capturing on both interfaces simultaneously

[dragorn () durandal kismetwireless net]

On Wed, Nov 30, 2011 at 01:06:19PM +0100, Joerg Mayer wrote:
> On Mon, Nov 28, 2011 at 02:35:24PM -0500, abhinav narain wrote:
> > I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
> > I am able to capture packets on phy0, interface.
> > But what should I do to capture packets on phy0,phy1 simultaneously in the
> > same program ?
> >
> > I don't think I can use "any" interface as it might capture packets from
> > bridge interface also !
>
> The current *development* tree of Wireshark supports simultanous capture
> on several interfaces and this includes the text version tshark. AFAIK,
> tcpdump does not support this - but you may alway start tcpdump multiple
> times, once for each interface and later merge the capture files.

Kismet does this as well, if you're in the wireless space.

But yeah -  mergecap is your friend otherwise, it's application level
logic to capture from multiple sources.

-m

> Ciao
>     Joerg
> -- 
> Joerg Mayer                                           <jmayer () loplof de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.

--

Attachment: _bin
Description: