Re: Capture from multiple remote machines

[Ozan T <ozan.tcn () gmail com>]

Thank you.

I will have a look at that.


Thanks,
Ozan.

On Mon, Nov 17, 2014 at 11:38 AM, Roland Knall <rknall () gmail com> wrote:

> Hi
>
> There exisyts a new interface in Wireshark, called extcap. It is a plugin
> interface, which allows you to use self-written programs as capture
> interfaces. So far the interface is only in main, but if you download any
> 1.9x version, it should be included.
>
> This would allow you to write a program, which acts as a ssh-remote
> capture tool. Multiple instances of those interfaces may be used together,
> so you could, in theory, implement your scenario. Synchronizing the
> captures would be a totally different task altogether.
>
> Documentation is not yet complete for extcap, but there is a basic python
> demo program in the ./doc folder of the current wireshark source tree.
>
> regards,
> Roland
>
> On Mon, Nov 17, 2014 at 1:17 AM, Ozan T <ozan.tcn () gmail com> wrote:
>
> > Hi all,
> >
> >
> > I am working in a company that develops network softwares. We often need
> > to capture from multiple servers in order to see if there is a packet loss,
> > blocked packet, or the original packet altered etc. So, everytime we
> > capture from source and destination, then compare captures manually. (
> > Generally, we are not allowed to access to switch or anything that stays
> > between source and destination )
> >
> > I have searched a bit but I think it is not possible to capture from
> > multiple machines remotely with wireshark.
> >
> > We really need this feature/tool ( Also, I discussed with some other
> > people around me, many of them think that this feature may make things
> > easier for them ) . One way or another we will have to develop it. If you
> > think such a feature would be useful in wireshark, we would like to target
> > wireshark rather than a seperate project.
> >
> > Ofcourse, if this is possible with current wireshark, I would like to
> > learn :) or if there is an ongoing project about that.
> >
> > I just need an idea what you think about that feature in wireshark
> > project, then we can plan/discuss things according to it.
> >
> >
> >
> > Basic representation of feature after our initial look :
> >
> > Connect remote machines via ssh/pipe/rpcap as o now possible for single
> > machine
> > Capture and merge in real time
> >
> >
> > Thanks.
> > Ozan.
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> > ?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe