|
Packit |
209cc3 |
The following instructions apply if you have a Linux platform and want
|
|
Packit |
209cc3 |
libpcap to support the 'ACN' WAN/LAN router product from SITA
|
|
Packit |
209cc3 |
(http://www.sita.aero)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
This might also work on non-Linux Unix-compatible platforms, but that
|
|
Packit |
209cc3 |
has not been tested.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
See also the libpcap INSTALL.txt file for further libpcap configuration
|
|
Packit |
209cc3 |
options.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
These additions/extensions have been made to PCAP to allow it to
|
|
Packit |
209cc3 |
capture packets from a SITA ACN device (and potentially others).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
To enable its support you need to ensure that the distribution has
|
|
Packit |
209cc3 |
a correct configure.ac file; that can be created if neccessay by
|
|
Packit |
209cc3 |
using the normal autoconf procedure of:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
aclocal
|
|
Packit |
209cc3 |
autoconf
|
|
Packit |
209cc3 |
autoheader
|
|
Packit |
209cc3 |
automake
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Then run configure with the 'sita' option:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
./configure --with-sita
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Applications built with libpcap configured in this way will only detect SITA
|
|
Packit |
209cc3 |
ACN interfaces and will not capture from the native OS packet stream.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SITA extension provides a remote datascope operation for capturing
|
|
Packit |
209cc3 |
both WAN and LAN protocols. It effectively splits the operation of
|
|
Packit |
209cc3 |
PCAP into two halves. The top layer performs the majority of the
|
|
Packit |
209cc3 |
work, but interfaces via a TCP session to remote agents that
|
|
Packit |
209cc3 |
provide the lower layer functionality of actual sniffing and
|
|
Packit |
209cc3 |
filtering. More detailed information regarding the functions and
|
|
Packit |
209cc3 |
inter-device protocol and naming conventions are described in detail
|
|
Packit |
209cc3 |
in 'pcap-sita.html'.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_findalldevs() reads the local system's /etc/hosts file looking
|
|
Packit |
209cc3 |
for host names that match the format of IOP type devices. ie. aaa_I_x_y
|
|
Packit |
209cc3 |
and then queries each associated IP address for a list of its WAN and
|
|
Packit |
209cc3 |
LAN devices. The local system the aggregates the lists obtained from
|
|
Packit |
209cc3 |
each IOP, sorts it, and provides it (to Wireshark et.al) as the
|
|
Packit |
209cc3 |
list of monitorable interfaces.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Once a valid interface has been selected, pcap_open() is called
|
|
Packit |
209cc3 |
which opens a TCP session (to a well known port) on the target IOP
|
|
Packit |
209cc3 |
and tells it to start monitoring.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
All captured packets are then forwarded across that TCP session
|
|
Packit |
209cc3 |
back to the local 'top layer' for forwarding to the actual
|
|
Packit |
209cc3 |
sniffing program (wireshark...)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note that the DLT_SITA link-layer type includes a proprietary header
|
|
Packit |
209cc3 |
that is documented as part of the SITA dissector of Wireshark and is
|
|
Packit |
209cc3 |
also described in 'pcap-sita.html' for posterity sake.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
That header provides:
|
|
Packit |
209cc3 |
- Packet direction (in/out) (1 octet)
|
|
Packit |
209cc3 |
- Link layer hardware signal status (1 octet)
|
|
Packit |
209cc3 |
- Transmit/Receive error status (2 octets)
|
|
Packit |
209cc3 |
- Encapsulated WAN protocol ID (1 octet)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|