65 lines
2.4 KiB
Plaintext
65 lines
2.4 KiB
Plaintext
The following instructions apply if you have a Linux platform and want
|
|
libpcap to support the 'ACN' WAN/LAN router product from from SITA
|
|
(http://www.sita.aero)
|
|
|
|
This might also work on non-Linux Unix-compatible platforms, but that
|
|
has not been tested.
|
|
|
|
See also the libpcap INSTALL.txt file for further libpcap configuration
|
|
options.
|
|
|
|
These additions/extensions have been made to PCAP to allow it to
|
|
capture packets from a SITA ACN device (and potentially others).
|
|
|
|
To enable its support you need to ensure that the distribution has
|
|
a correct configure.in file; that can be created if neccessay by
|
|
using the normal autoconf procedure of:
|
|
|
|
aclocal
|
|
autoconf
|
|
autoheader
|
|
automake
|
|
|
|
Then run configure with the 'sita' option:
|
|
|
|
./configure --with-sita
|
|
|
|
Applications built with libpcap configured in this way will only detect SITA
|
|
ACN interfaces and will not capture from the native OS packet stream.
|
|
|
|
The SITA extension provides a remote datascope operation for capturing
|
|
both WAN and LAN protocols. It effectively splits the operation of
|
|
PCAP into two halves. The top layer performs the majority of the
|
|
work, but interfaces via a TCP session to remote agents that
|
|
provide the lower layer functionality of actual sniffing and
|
|
filtering. More detailed information regarding the functions and
|
|
inter-device protocol and naming conventions are described in detail
|
|
in 'pcap-sita.html'.
|
|
|
|
pcap_findalldevs() reads the local system's /etc/hosts file looking
|
|
for host names that match the format of IOP type devices. ie. aaa_I_x_y
|
|
and then queries each associated IP address for a list of its WAN and
|
|
LAN devices. The local system the aggregates the lists obtained from
|
|
each IOP, sorts it, and provides it (to Wireshark et.al) as the
|
|
list of monitorable interfaces.
|
|
|
|
Once a valid interface has been selected, pcap_open() is called
|
|
which opens a TCP session (to a well known port) on the target IOP
|
|
and tells it to start monitoring.
|
|
|
|
All captured packets are then forwarded across that TCP session
|
|
back to the local 'top layer' for forwarding to the actual
|
|
sniffing program (wireshark...)
|
|
|
|
Note that the DLT_SITA link-layer type includes a proprietary header
|
|
that is documented as part of the SITA dissector of Wireshark and is
|
|
also described in 'pcap-sita.html' for posterity sake.
|
|
|
|
That header provides:
|
|
- Packet direction (in/out) (1 octet)
|
|
- Link layer hardware signal status (1 octet)
|
|
- Transmit/Receive error status (2 octets)
|
|
- Encapsulated WAN protocol ID (1 octet)
|
|
|
|
|