|The following instructions apply if you have a Linux platform and want
|libpcap to support the 'ACN' WAN/LAN router product from from SITA
|This might also work on non-Linux Unix-compatible platforms, but that
|has not been tested.
|See also the libpcap INSTALL.txt file for further libpcap configuration
|These additions/extensions have been made to PCAP to allow it to
|capture packets from a SITA ACN device (and potentially others).
|To enable its support you need to ensure that the distribution has
|a correct configure.in file; that can be created if neccessay by
|using the normal autoconf procedure of:
|Then run configure with the 'sita' option:
|Applications built with libpcap configured in this way will only detect SITA
|ACN interfaces and will not capture from the native OS packet stream.
|The SITA extension provides a remote datascope operation for capturing
|both WAN and LAN protocols. It effectively splits the operation of
|PCAP into two halves. The top layer performs the majority of the
|work, but interfaces via a TCP session to remote agents that
|provide the lower layer functionality of actual sniffing and
|filtering. More detailed information regarding the functions and
|inter-device protocol and naming conventions are described in detail
|pcap_findalldevs() reads the local system's /etc/hosts file looking
|for host names that match the format of IOP type devices. ie. aaa_I_x_y
|and then queries each associated IP address for a list of its WAN and
|LAN devices. The local system the aggregates the lists obtained from
|each IOP, sorts it, and provides it (to Wireshark et.al) as the
|list of monitorable interfaces.
|Once a valid interface has been selected, pcap_open() is called
|which opens a TCP session (to a well known port) on the target IOP
|and tells it to start monitoring.
|All captured packets are then forwarded across that TCP session
|back to the local 'top layer' for forwarding to the actual
|sniffing program (wireshark...)
|Note that the DLT_SITA link-layer type includes a proprietary header
|that is documented as part of the SITA dissector of Wireshark and is
|also described in 'pcap-sita.html' for posterity sake.
|That header provides:
|- Packet direction (in/out) (1 octet)
|- Link layer hardware signal status (1 octet)
|- Transmit/Receive error status (2 octets)
|- Encapsulated WAN protocol ID (1 octet)