Ethereal

[Ethereal-dev] Running Tethereal forever (bis)
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: September 2004

I want to supervise (24x7) the traffic running through some remote network remote sites, from
a supervision center.

On the each of the remote sites, I have a PC running tethereal with a filter. I use
tethereal purely as a filter, either for newtwork event (TCP RST...) or applicative events
(dedicated protocols using a dedicated plugin).

Less than 0,1 % of the packets get through the filter.

The filtered packets are sent through ssh and pipes to a console running Ethereal
in the supervision center. (I am working on a program derived from mergecap
to merge capture from files, I will make it public when I am done.)

Waht's wrong with tcpdump : it doesn't do applicative filtering and sends back too much traffic, which is not
what I want, and is not realistic on a networking point of view.

On my view, an option saying : drop all packets that are more than 5 minutes old and
"garbage collect" the resources used by those packets would be very useful.

On the central supervision site I would like to run Ethereal forever as well, but it's less critical, since
I can restart it every day, an the filtered traffic is low compared to the real traffic.

Pierre JUHEN



Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.