The Tcpdump Group git mirrors - libpcap/blob - doc/README.sita

   1 NOTE: this is not currently supported; the configure script doesn't
   2 support --with-sita, and CMake doesn't support enabling SITA ACN
   3 support.  The code currently does not compile; it should really be
   4 implemented as an additional remote capture mechanism, using a URL,
   5 rather than as a separate version of libpcap that supports only the ACN
   6 product, but the infrastructure for that isn't yet available.
   7
   8 The following instructions apply if you have a Linux platform and want
   9 libpcap to support the 'ACN' WAN/LAN router product from SITA
  10 (https://www.sita.aero)
  11
  12 This might also work on non-Linux Unix-compatible platforms, but that
  13 has not been tested.
  14
  15 See also the libpcap INSTALL.txt file for further libpcap configuration
  16 options.
  17
  18 These additions/extensions have been made to PCAP to allow it to
  19 capture packets from a SITA ACN device (and potentially others).
  20
  21 To enable its support you need to ensure that the distribution has
  22 a correct configure.ac file; that can be created if necessary by
  23 using the normal autoconf procedure of:
  24
  25 aclocal
  26 autoconf
  27 autoheader
  28 automake
  29
  30 Then run configure with the 'sita' option:
  31
  32 ./configure --with-sita
  33
  34 Applications built with libpcap configured in this way will only detect SITA
  35 ACN interfaces and will not capture from the native OS packet stream.
  36
  37 The SITA extension provides a remote datascope operation for capturing
  38 both WAN and LAN protocols.  It effectively splits the operation of
  39 PCAP into two halves.  The top layer performs the majority of the
  40 work, but interfaces via a TCP session to remote agents that
  41 provide the lower layer functionality of actual sniffing and
  42 filtering. More detailed information regarding the functions and
  43 inter-device protocol and naming conventions are described in detail
  44 in 'pcap-sita.html'.
  45
  46 pcap_findalldevs() reads the local system's /etc/hosts file looking
  47 for host names that match the format of IOP type devices.  ie.  aaa_I_x_y
  48 and then queries each associated IP address for a list of its WAN and
  49 LAN devices.  The local system the aggregates the lists obtained from
  50 each IOP, sorts it, and provides it (to Wireshark et.al) as the
  51 list of monitorable interfaces.
  52
  53 Once a valid interface has been selected, pcap_open() is called
  54 which opens a TCP session (to a well known port) on the target IOP
  55 and tells it to start monitoring.
  56
  57 All captured packets are then forwarded across that TCP session
  58 back to the local 'top layer' for forwarding to the actual
  59 sniffing program (wireshark...)
  60
  61 Note that the DLT_SITA link-layer type includes a proprietary header
  62 that is documented as part of the SITA dissector of Wireshark and is
  63 also described in 'pcap-sita.html' for posterity sake.
  64
  65 That header provides:
  66 - Packet direction (in/out) (1 octet)
  67 - Link layer hardware signal status (1 octet)
  68 - Transmit/Receive error status (2 octets)
  69 - Encapsulated WAN protocol ID (1 octet)
  70
  71