Ethereal: RE: [Ethereal-users] Capturing on multiple interfaces simultaneously

Ethereal-users: November 2002

Subject: RE: [Ethereal-users] Capturing on multiple interfaces simultaneously
From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>
Date: Thu, 7 Nov 2002 07:02:34 -0600

> On some platforms (Linux) Ethereal can capture from the 
> virtual ALL device which makes it capture from all network devices.

Yup.  I've seen that before (and I'm using Linux), which is what made me think perhaps I just hadn't figured out a way to capture from only two.

> There is no support in ethereal to capture from only a subset 
> of network interfaces.  No one has implemented this yet.

Ah.  Yet another opportunity to code my own stuff.  :-)

> But you can run multiple tcpdump-tethereal captures, one for 
> each interface, and later
> merge the aptures using mergecap into a single unified capture file.

Yes, but that's what I'm trying to avoid.

In my case, I'll probably be able to build a bidirectional port mirror, which should mux the two data streams together for me.  Since neither data stream is >100Mb, muxing them onto a 1Gb interface should be safe enough.

Anyway, the earlier discussion about 'splitcap' has my current attention, so when I have time to code I'm going to work on that first.  However, if time allows, perhaps I'll attempt to do something like this next (although I haven't the faintest idea of where to begin; yet another Learning Opportunity).

Thanks!

--J

Prev by Date: RE: [Ethereal-users] RFMON question
Next by Date: [Ethereal-users] RTP packets for VoIP solution
Previous by thread: Re: [Ethereal-users] Capturing on multiple interfaces simultaneously
Next by thread: [Ethereal-users] help with interface
Index(es):
- Date
- Thread