Re: remote capture framework

[Max P <addax.ws () gmail com>]

> > Yes, rpcap daemon does not have cashing functionality. It'll sent
> > packets as it captured.  Packet will be lost if you does not
> > connected to rpcap daemon
>
> I have servers at remote sites that have local interfaces that are
> faster than the links to my (central) site.  Some sniffing sessions
> will be faster than the link home can handle.  There are analagous
> (but less severe) problems on the LAN.  So I need remote sniffers to
> be able to cache the captures at native speed and spool them out at a
> slower rate.

rpcap is open source. I do not think it's difficult to add simple caching to
it.
I see advantage in rpcap for you to not invent communication protocol
between wireshark and remote site. But it's really the case only if you need

real time capture (of cause if it can be named "real time" for your WAN
situation).


>  > > it doesn't seem to have a mechanism to centrally list many
> > > supported devices;
>
> > It's not clear what you mean but you can get list of available
> > interfaces on remote machine via rpcap
>
> I have a whole bunch of devices.  Before someone can list available
> interfaces, they need to know which device to go to.  It would really
> be nice to have a searchable list of all known devices and all known
> interfaces to start with.  Although if necessary, that list could be
> on a webpage somewhere rather than in wireshark.

This problem push me to modify Wireshark that days. I made it remember
my interfaces statically. So ones set they were available to use at any
start of Wireshark.

Max

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe