1NOTE: this is not currently supported; the configure script doesn't 2support --with-sita, and CMake doesn't support enabling SITA ACN 3support. The code currently does not compile; it should really be 4implemented as an additional remote capture mechanism, using a URL, 5rather than as a separate version of libpcap that supports only the ACN 6product, but the infrastructure for that isn't yet available. 7 8The following instructions apply if you have a Linux platform and want 9libpcap to support the 'ACN' WAN/LAN router product from SITA 10(https://www.sita.aero) 11 12This might also work on non-Linux Unix-compatible platforms, but that 13has not been tested. 14 15See also the libpcap INSTALL.md file for further libpcap configuration 16options. 17 18These additions/extensions have been made to PCAP to allow it to 19capture packets from a SITA ACN device (and potentially others). 20 21To enable its support you need to ensure that the distribution has 22a correct configure.ac file; that can be created if necessary by 23using the normal autoconf procedure of: 24 25aclocal 26autoconf 27autoheader 28automake 29 30Then run configure with the 'sita' option: 31 32./configure --with-sita 33 34Applications built with libpcap configured in this way will only detect SITA 35ACN interfaces and will not capture from the native OS packet stream. 36 37The SITA extension provides a remote datascope operation for capturing 38both WAN and LAN protocols. It effectively splits the operation of 39PCAP into two halves. The top layer performs the majority of the 40work, but interfaces via a TCP session to remote agents that 41provide the lower layer functionality of actual sniffing and 42filtering. More detailed information regarding the functions and 43inter-device protocol and naming conventions are described in detail 44in 'pcap-sita.html'. 45 46pcap_findalldevs() reads the local system's /etc/hosts file looking 47for host names that match the format of IOP type devices. ie. aaa_I_x_y 48and then queries each associated IP address for a list of its WAN and 49LAN devices. The local system the aggregates the lists obtained from 50each IOP, sorts it, and provides it (to Wireshark et.al) as the 51list of monitorable interfaces. 52 53Once a valid interface has been selected, pcap_open() is called 54which opens a TCP session (to a well known port) on the target IOP 55and tells it to start monitoring. 56 57All captured packets are then forwarded across that TCP session 58back to the local 'top layer' for forwarding to the actual 59sniffing program (wireshark...) 60 61Note that the DLT_SITA link-layer type includes a proprietary header 62that is documented as part of the SITA dissector of Wireshark and is 63also described in 'pcap-sita.html' for posterity sake. 64 65That header provides: 66- Packet direction (in/out) (1 octet) 67- Link layer hardware signal status (1 octet) 68- Transmit/Receive error status (2 octets) 69- Encapsulated WAN protocol ID (1 octet) 70 71 72