> On 3. Aug 2023, at 19:18, Bakul Shah <ba...@iitbombay.org> wrote: > > Not quite what you asked for but I recently found > https://github.com/gcla/termshark -- it seems to be like wireshark but for a > terminal window. Like tcpdump it has the -D option that will return a list of > interfaces. If you are handy with go programming, you may wish to consider > enhancing it to listen to multiple interfaces. It is under 1400 lines of > code. May be you can use one goroutine per interface and then each can feed > packets to the display goroutine over a go channel. [I haven't actually dug > into the code, but this is how I would go about it -- but first check that > libpcap is reentrant] termshark can use dumpcap for capturing, which already supports multiple interfaces. So it would be a matter of passing the right parameters to dumpcap.
Best regards Michael > >> On Aug 1, 2023, at 11:21 AM, Zane C B-H <v.ve...@vvelox.net> wrote: >> >> So what is a good way to get all packets passing through that the kernel >> currently sees? Apparently any is not support on non-Linux systems and pflog >> would require adding log to all rules. Similarly only logs packets that >> match a rule. >> > >
