curl-users
Re: pcap output
Date: Thu, 16 Jun 2011 23:52:36 +0200
On Thu, 16 Jun 2011, Richard Silverman wrote:
>On Thu, 16 Jun 2011, Daniel Nagy wrote:
>> I had in mind to write a more generic command wrapper like:
>>
>> $ pcapout --outfile=my.pcap curl http://kernel.org/
>>
>> If pcapout would be such a wrapper programm, it could wrap the system
>> calls of curl and generate a .pcap file without the need of root-right
>> to listen on the network interface, as the system calls of curl and
>> other programs provide enough information to build a correct .pcap file
>> ( i think ).
>
> What's the point of reconstructing what you *think* said traffic *ought* > to look like (if that's what you're suggesting; I'm not clear)?
>
Yes thats what I was suggesting. Implying you can get every important information you need to rebuild the pcap packets ( those are IP Address, MAC Address , IP Headers .. etc. ) just from analysing the system calls , so that you dont need to actually 'capture' on the interface itself , which theirfore does not require root privileges, than you could build a clean pcap file using this method. this has the benefit that you can more easily debug on the network traffic. Currently I am doing it , that I start up wireshark , fire my curl command which I want to debug, and filter for http in wireshark. That requires me that I need to reset the capture every time i run my curl command. And I need to know on which port the program communicates. This works for curl because it speaks http , but it looks different for other programs. Sure, I will have a look at your suggested --trace arguments, but that would only do it for curl. having a pcapwrapper I could wrap it around every network program and see its traffic in
a pcap file which only contains traffic from that program.
e.g.:
$ pcapout --outfile=apt.pcap apt-get update
this would make me a file which only contains traffic made by apt-get.
I hope you see that this way you could more easily analyse program's network traffic.
> The only really meaningful data in that would be the contents of the curl TCP stream
not really, I could also be interested in the IP( or network interface) from which the request was sent or to which IP the remote domain name got resolved for this particular call of curl. An also interesting information would be the time difference in which the packets arrive, as the pcap file format stores these as well.
Best
Daniel Nagy
-- NEU: FreePhone - kostenlos mobil telefonieren! Jetzt informieren: http://www.gmx.net/de/go/freephone ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2011-06-16