> Gentle People,
> I've submitted an IETF draft (I-D) that describes a
> packet format for remote packet capture and I'd like to
> get comments from this group. There are a number
> of ideas in the draft, but the basic idea is to build
> remote packet taps, but without the problems of RMON
> packet capture or "port copy" schemes.
>
> http://www.ietf.org/internet-drafts/draft-bullard-pcap-01.txt
>
> I'm trying to address performance, privacy and
> deployment problems in existing packet capture strategies.
> If you get a chance to read it, and have any comments,
> reactions, opinions, flames, whatever, I'd love to hear
> them.
There was a discussion, back in October 2000, of remote packet capture
facilities; it started in "[EMAIL PROTECTED]", and I added
"tcpdump-workers" to it.
The first message was
http://www.ethereal.com/lists/ethereal-dev/200010/msg00415.html
In a followup, the folks at the Politecnico di Torino who do the WinPcap
version of libpcap (and the WinDump port of tcpdump, and their own
Analyzer packet analyzer) noted that they were looking at a capture
protocol for doing remote captures:
http://www.ethereal.com/lists/ethereal-dev/200010/msg00450.html
Further discussion ensued - mostly discussing how a remote device would
be specified in libpcap, although I thought I remembered some discussion
of the form of the protocol.
I don't know how far they've progressed in that work; you might want to
contact them (if they don't speak up here).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
