Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote capture framework

From: Morty <morty+wireshark () frakir org>
Date: Fri, 14 May 2010 02:25:42 -0400
On Thu, May 13, 2010 at 10:37:20PM -0700, Max P wrote:


I had used rpcap for remote capture for long time few years ago. I
even midify Wireshark that days to have access to rpcap features
from GUI.


Cool.  :)


Yes, rpcap daemon does not have cashing functionality. It'll sent
packets as it captured.  Packet will be lost if you does not
connected to rpcap daemon


I have servers at remote sites that have local interfaces that are
faster than the links to my (central) site.  Some sniffing sessions
will be faster than the link home can handle.  There are analagous
(but less severe) problems on the LAN.  So I need remote sniffers to
be able to cache the captures at native speed and spool them out at a
slower rate.


it doesn't seem to have a mechanism to centrally list many
supported devices;



It's not clear what you mean but you can get list of available
interfaces on remote machine via rpcap


I have a whole bunch of devices.  Before someone can list available
interfaces, they need to know which device to go to.  It would really
be nice to have a searchable list of all known devices and all known
interfaces to start with.  Although if necessary, that list could be
on a webpage somewhere rather than in wireshark.


It was cross platformed. I have link to compiled linux version in my
old post.



As I remember rpcap supports user filters from Wireshark interface
dialog.


Cool, thanks.  :)

So far, it looks like my options are rpcap, which will start on-demand
and use user filters but doesn't have remote caching, and a dumpcap
init script, which will cache remotely but won't start on demand or
use user filters.

- Morty
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: