[Winpcap-users] rpcap protocol

Jeroen . jeronimo8888 at hotmail.com
Tue Jun 28 18:47:14 GMT 2005


Sounds very plausable. But is also sounds like a big change.
In the mean time you need applications to start using the protocol so that 
you get
the nesessary feedback. Any ideas how to overcome this dillema ?

(I got some ideas of my own, about how i would go at it but this isn't the 
place for them I guess. I was looking for remote sniffer support and found 
this. Whenever there are two options, build-it-your-self or hook up with the 
standard, the choise is easy. Now you're saying the de facto standard for 
remote capturing is about to change and implementing the current is not a 
smart thing to do..)

>From: Guy Harris <guy at alum.mit.edu>
>To: winpcap-users at winpcap.org
>CC: jeronimo8888 at hotmail.com
>Subject: Re: [Winpcap-users] rpcap protocol
>Date: Tue, 28 Jun 2005 09:28:47 -0700
>
>Fulvio Risso wrote:
>
>>We never put the documentation on the website because we do not believe 
>>this is the "last version" of the protocol.
>>For isntance, we know some architectural bug that we plan to fix, sooner 
>>or later.
>
>...and there will probably be libpcap API changes that require protocol 
>changes, e.g. different calls for getting statistics (to handle 64-bit 
>counters and to get the statistics as a tag/value list, so that new 
>statistics can be added without breaking binary compatibility and so that 
>only the statistics supported by a given platform are returned), a call to 
>"set a filter" that takes a more abstract representation of a filter 
>expression (so that code can be generated at the time the filter is set, to 
>handle platforms that have filter engines that don't support the BPF 
>machine language, and to handle reading capture files with multiple 
>different link-layer types), etc..
>
>In addition, there will probably be a fancier scheme of some sort for doing 
>authentication (would something such as SPNEGO make sense here, so the 
>client and server can negotiate what sort of authentication to use?).
>
>>No, it is not.
>>Unless the guy at sourceforge modified his protocol in order to be 
>>compatible with WinPcap.
>
>Correct.  His protocol was based on ONC RPC, but the one in WinPcap isn't.

_________________________________________________________________
Talk with your online friends with MSN Messenger http://messenger.msn.nl/




More information about the Winpcap-users mailing list