Re: [Wireshark-dev] Capturing on multiple interfaces [FEATURE REQUEST]

Fri, 29 Feb 2008 05:02:27 -0800 


On 29.02.2008, at 10:31, Guy Harris wrote:


Andreas Fink wrote:
Apparently its possible on some platforms to capture on all interfaces 
(tcpdump on linux does this).
under MacOS X, however only the first interface is used. This means
running tcpdump or dumpcap twice and merging the files later together if 
you want to capture dualhomed traffic (like SCTP).
Suggestion: fix dumpcap to accept something like -i en0 -i en1 or -i 
en0,en1. In the fist case it does take the last passed interface.
Or maybe fix libpcap to take all interfaces on MacOS X if none is specified? 

Linux supports opening a PF_PACKET socket and not binding it to a
particular interface; that's how the "any" device is implemented.
Systems using BPF don't support opening a BPF device and not binding it to a particular device, which is why there's no "any" device on *BSD or 
OS X (or Solaris or HP-UX or Tru64 UNIX or Irix or Windows) - it's
fairly simple to do on Linux, but much more complicated on other platforms.
Hmm. how about creating a virtual BPF driver in the kernel offering all traffic as alternative way? 
Not that i'm saying thats easy to do.
I'll check the source of dumpcap to see if I find a way of doing this because in protocols like SCTP in telco environment, multihoming is standard. So you either debug in single link setup (bringing down redundancy) or capturing twice and merge together. Both result in lots of "hand code". 
But from what I've seen so far it can be tricky.










Andreas Fink

Fink Consulting GmbH
Global Networks Schweiz AG
BebbiCell AG

---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331  Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail:  [EMAIL PROTECTED]
www.finkconsulting.com www.global-networks.ch www.bebbicell.ch
---------------------------------------------------------------
ICQ: 8239353 MSN: [EMAIL PROTECTED] AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333

Say NO to Power Line Communications: http://www.youtube.com/watch?v=pdcY0Eetvsw






_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to