Wireshark mailing list archives
Re: remote capture framework
From: Morty <morty+wireshark () frakir org>
Date: Sat, 15 May 2010 00:04:01 -0400
On Fri, May 14, 2010 at 09:43:49AM -0700, Phil Paradis wrote:
It's not all that difficult to do on-demand captures and/or filtering with the init script; for on-demand captures; you can use chkconfig (or equivalent) to turn it on and off as desired. For filtering, you can either put the filter into the script (say in a variable at the top) or read it from a separate file on start.
It's already possible for people to do a packet capture now if they log in and run tcpdump themselves. The trick is to let them do this remotely. From a central NOC, people need to be able to identify which system and interface will assist with their troubleshooting; then specify a filter for the system and interface; also specify criteria like capture size, ring vs. stop, and snaplen; start the capture; get status; stop the capture; and transfer the capture file to a local computer for analysis. rpcap can do some of this, but is more oriented towards streaming. Is there anything (free) out there that does this already? Max suggested modifying rpcap. I'm more of a Perl guy than a C guy, though, so it might be easier for me to write something new in Perl than modify something in C. - Morty ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- remote capture framework Morty (May 13)
- Re: remote capture framework Phil Paradis (May 13)
- Re: remote capture framework Morty (May 13)
- Re: remote capture framework Phil Paradis (May 14)
- Re: remote capture framework Morty (May 14)
- Re: remote capture framework Morty (May 13)
- Re: remote capture framework Morty (May 17)
- Re: remote capture framework Phil Paradis (May 13)
- Re: remote capture framework Max P (May 13)
- Re: remote capture framework Morty (May 13)
- Re: remote capture framework Max P (May 14)
- Re: remote capture framework Morty (May 13)