1353141SphilipThe following instructions apply if you have a Linux platform and want 2353141Sphiliplibpcap to support the 'ACN' WAN/LAN router product from SITA 3353141Sphilip(http://www.sita.aero) 4353141Sphilip 5353141SphilipThis might also work on non-Linux Unix-compatible platforms, but that 6353141Sphiliphas not been tested. 7353141Sphilip 8353141SphilipSee also the libpcap INSTALL.txt file for further libpcap configuration 9353141Sphilipoptions. 10353141Sphilip 11353141SphilipThese additions/extensions have been made to PCAP to allow it to 12353141Sphilipcapture packets from a SITA ACN device (and potentially others). 13353141Sphilip 14353141SphilipTo enable its support you need to ensure that the distribution has 15353141Sphilipa correct configure.ac file; that can be created if neccessay by 16353141Sphilipusing the normal autoconf procedure of: 17353141Sphilip 18353141Sphilipaclocal 19353141Sphilipautoconf 20353141Sphilipautoheader 21353141Sphilipautomake 22353141Sphilip 23353141SphilipThen run configure with the 'sita' option: 24353141Sphilip 25353141Sphilip./configure --with-sita 26353141Sphilip 27353141SphilipApplications built with libpcap configured in this way will only detect SITA 28353141SphilipACN interfaces and will not capture from the native OS packet stream. 29353141Sphilip 30353141SphilipThe SITA extension provides a remote datascope operation for capturing 31353141Sphilipboth WAN and LAN protocols. It effectively splits the operation of 32353141SphilipPCAP into two halves. The top layer performs the majority of the 33353141Sphilipwork, but interfaces via a TCP session to remote agents that 34353141Sphilipprovide the lower layer functionality of actual sniffing and 35353141Sphilipfiltering. More detailed information regarding the functions and 36353141Sphilipinter-device protocol and naming conventions are described in detail 37353141Sphilipin 'pcap-sita.html'. 38353141Sphilip 39353141Sphilippcap_findalldevs() reads the local system's /etc/hosts file looking 40353141Sphilipfor host names that match the format of IOP type devices. ie. aaa_I_x_y 41353141Sphilipand then queries each associated IP address for a list of its WAN and 42353141SphilipLAN devices. The local system the aggregates the lists obtained from 43353141Sphilipeach IOP, sorts it, and provides it (to Wireshark et.al) as the 44353141Sphiliplist of monitorable interfaces. 45353141Sphilip 46353141SphilipOnce a valid interface has been selected, pcap_open() is called 47353141Sphilipwhich opens a TCP session (to a well known port) on the target IOP 48353141Sphilipand tells it to start monitoring. 49353141Sphilip 50353141SphilipAll captured packets are then forwarded across that TCP session 51353141Sphilipback to the local 'top layer' for forwarding to the actual 52353141Sphilipsniffing program (wireshark...) 53353141Sphilip 54353141SphilipNote that the DLT_SITA link-layer type includes a proprietary header 55353141Sphilipthat is documented as part of the SITA dissector of Wireshark and is 56353141Sphilipalso described in 'pcap-sita.html' for posterity sake. 57353141Sphilip 58353141SphilipThat header provides: 59353141Sphilip- Packet direction (in/out) (1 octet) 60353141Sphilip- Link layer hardware signal status (1 octet) 61353141Sphilip- Transmit/Receive error status (2 octets) 62353141Sphilip- Encapsulated WAN protocol ID (1 octet) 63353141Sphilip 64353141Sphilip 65