1The following instructions apply if you have a Linux platform and want 2libpcap to support the 'ACN' WAN/LAN router product from from SITA 3(http://www.sita.aero) 4 5This might also work on non-Linux Unix-compatible platforms, but that 6has not been tested. 7 8See also the libpcap INSTALL.txt file for further libpcap configuration 9options. 10 11These additions/extensions have been made to PCAP to allow it to 12capture packets from a SITA ACN device (and potentially others). 13 14To enable its support you need to ensure that the distribution has 15a correct configure.in file; that can be created if neccessay by 16using the normal autoconf procedure of: 17 18aclocal 19autoconf 20autoheader 21automake 22 23Then run configure with the 'sita' option: 24 25./configure --with-sita 26 27Applications built with libpcap configured in this way will only detect SITA 28ACN interfaces and will not capture from the native OS packet stream. 29 30The SITA extension provides a remote datascope operation for capturing 31both WAN and LAN protocols. It effectively splits the operation of 32PCAP into two halves. The top layer performs the majority of the 33work, but interfaces via a TCP session to remote agents that 34provide the lower layer functionality of actual sniffing and 35filtering. More detailed information regarding the functions and 36inter-device protocol and naming conventions are described in detail 37in 'pcap-sita.html'. 38 39pcap_findalldevs() reads the local system's /etc/hosts file looking 40for host names that match the format of IOP type devices. ie. aaa_I_x_y 41and then queries each associated IP address for a list of its WAN and 42LAN devices. The local system the aggregates the lists obtained from 43each IOP, sorts it, and provides it (to Wireshark et.al) as the 44list of monitorable interfaces. 45 46Once a valid interface has been selected, pcap_open() is called 47which opens a TCP session (to a well known port) on the target IOP 48and tells it to start monitoring. 49 50All captured packets are then forwarded across that TCP session 51back to the local 'top layer' for forwarding to the actual 52sniffing program (wireshark...) 53 54Note that the DLT_SITA link-layer type includes a proprietary header 55that is documented as part of the SITA dissector of Wireshark and is 56also described in 'pcap-sita.html' for posterity sake. 57 58That header provides: 59- Packet direction (in/out) (1 octet) 60- Link layer hardware signal status (1 octet) 61- Transmit/Receive error status (2 octets) 62- Encapsulated WAN protocol ID (1 octet) 63 64 65