[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ethereal-dev
Subject:    Re: [ethereal-dev] Packet capture
From:       Guy Harris <guy () netapp ! com>
Date:       2000-01-25 22:37:18
[Download RAW message or body]

> Wouldn't it be easier to turn on "kdebug" in pppd and write a little
> script to reformat the appropriate syslog entries for feeding into
> ethereal?

I don't think so - that procedure sounds *really* cumbersome and
kludgey; I fail to see why somebody who wants to see *all* the traffic
on a PPP line shouldn't simply be able to supply "pppN" to a
packet-capture program such as tcpdump or Ethereal.  If you don't want
to see all the traffic, supply a capture filter.

> These mod.s are really, really stretching the meaning of "packet
> socket".

As far as I'm concerned, anything that purports to be a mechanism for
raw packet capture for sniffing should supply all traffic and should
supply all headers, including the link-layer header, period, end of
discussion.

Unless a "packet socket" isn't intended for raw packet capture for
sniffing, those changes would merely cause PPP on Linux to behave the
way it should when listened to by a raw packet socket; if a packet
socket *isn't* intended for raw packet capture for sniffing, a mechanism
should be provided that *is* so intended.

[prev in list] [next in list] [prev in thread] [next in thread]