Re: GUI Change for Wireshark Remote Interfaces

[Guy Harris <guy () alum mit edu>]

On Oct 27, 2016, at 11:28 AM, Roland Knall <rknall () gmail com> wrote:

> Guy, is the version on github for libpcap already equipped with pcap_open on Mac?

The current version on github has pcap_open() in pcap-new.c; *however*:

        1) it's not in Makefile.in, so it doesn't show up if you do autotools builds;
        
        2) it's only in CMake builds if HAVE_REMOTE is defined, which is done by default only on Windows;

        3) I have not tested whether it builds and is useful on any UN*X platform - it might not work.

> I'll change the title accordingly, but the interface changes should be ok so far, right?

So far, yes.

> Just a short question though, isn't "tcpdump over ssh" or "remote peek" covered by extcap?

Yes, there is an sshdump in extcap for tcpdump-over-ssh, but that's not a reason *not* to do it in libpcap; doing it in 
libpcap would mean *all* programs that use libpcap can use it (although the programs would need some changes to handle 
remote capture if the user has to be prompted for a user name or a password).

As far as I know, there is no extcap program for "remote peek".

> What would those section of the interfaces need to perform such tasks in a way of configuration?

There will probably be new pcap APIs that allow a pcap module to declare a set of additional per-module parameters, 
even for *local* interfaces (such as channels for radio-based networks), and the interface dialogs would have to handle 
that.  I think extcap already has a mechanism for that.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe