Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
Feature request: Add a PCAP-over-IP client to stenotype, so that packets can be read from a TCP socket as an alternative to sniffing an interface.
PCAP-over-IP can be used to live-stream captured packets from a remote sniffer to Stenographer, but the most useful use-case is probably in order to read decrypted HTTPS traffic from a TLS proxy without having to replay it to a dummy network interface. There are several downsides of replaying packets to an interface, such as requiring root privs and risk of packet loss, so reading them from a TCP socket instead is preferable.
It would be nice if stenotype would support the same TCP socket interface syntax as Wireshark/tshark.
stenotype --iface=TCP@192.168.1.2:57012
Another option would be to add a custom option specifically for PCAP-over-IP:
stenotype --pcapoverip-connect=192.168.1.2:57012
Or to start a listening socket that awaits packet sources to connect using PCAP-over-IP
Feature request: Add a PCAP-over-IP client to stenotype, so that packets can be read from a TCP socket as an alternative to sniffing an interface.
PCAP-over-IP can be used to live-stream captured packets from a remote sniffer to Stenographer, but the most useful use-case is probably in order to read decrypted HTTPS traffic from a TLS proxy without having to replay it to a dummy network interface. There are several downsides of replaying packets to an interface, such as requiring root privs and risk of packet loss, so reading them from a TCP socket instead is preferable.
It would be nice if stenotype would support the same TCP socket interface syntax as Wireshark/tshark.
stenotype --iface=TCP@192.168.1.2:57012
Another option would be to add a custom option specifically for PCAP-over-IP:
stenotype --pcapoverip-connect=192.168.1.2:57012
Or to start a listening socket that awaits packet sources to connect using PCAP-over-IP
stenotype --pcapoverip-listen=57012