>>>>> "Erik" == Erik Hjelmvik <[email protected]> writes:
Erik> I've been using tcpdump and netcat to achieve what I call
Erik> "Pcap-over-IP", as described here:
Erik>
http://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner
Erik> This is a very simple solution that allows me to capture
Erik> network traffic from remote devices, such as firewalls etc.
Erik> However, it would be even better if tcpdump would have native
Erik> support for Pcap-over-IP so that I wouldn't have to use
Erik> netcat.
Erik> What do you guys think? Would it be relevant to implement a
Erik> Pcap-over-IP client in tcpdump?
On your server side, you are, I think done.
What you want, on the client side, is the ability to open a socket.
Instead of doing that, we should permit -r to take something that it
feeds to popen().
Or, the other question is... why not use /dev/fd and some shell script?
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
