📄 group__remote.html
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"><title>WinPcap: Remote Capture</title><link href="style.css" rel="stylesheet" type="text/css"><link href="tabs.css" rel="stylesheet" type="text/css"></head><body><!-- Generated by Doxygen 1.5.1 --><div class="tabs"> <ul> <li><a href="main.html"><span>Main Page</span></a></li> <li><a href="modules.html"><span>Modules</span></a></li> <li><a href="annotated.html"><span>Data Structures</span></a></li> <li><a href="files.html"><span>Files</span></a></li> <li><a href="pages.html"><span>Related Pages</span></a></li> </ul></div><h1>Remote Capture</h1><table border="0" cellpadding="0" cellspacing="0"><tr><td></td></tr><tr><td colspan="2"><br><h2>Modules</h2></td></tr><tr><td class="memItemLeft" nowrap align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__remote__struct.html">Exported Structures and Definitions</a></td></tr><tr><td class="memItemLeft" nowrap align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__remotefunc.html">Exported Functions</a></td></tr><tr><td class="memItemLeft" nowrap align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__remote__pri__func.html">Internal Functions</a></td></tr><tr><td class="memItemLeft" nowrap align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__remote__pri__struct.html">Internal Structures and Definitions</a></td></tr></table><hr><a name="_details"></a><h2>Detailed Description</h2><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="GENERATOR" content="Microsoft FrontPage 4.0"><meta name="ProgId" content="FrontPage.Editor.Document"><title>Using WinPcap Remote Capture</title></head><body><hr><ul> <li><a href="#RunningModes">Remote Capture Running Modes</a></li> <li><a href="#Config">Configuring the Remote Daemon (rpcapd)</a></li> <li><a href="#StartCap">Starting a capture on a remote machine</a></li> <li><a href="#UNIX">Installing the Remote Capture Daemon in UNIX</a></li></ul><hr><p>WinPcap comes with Remote Capture capabilities. This is an highlyexperimental feature that allows to interact to a remote machine and capturepackets that are being transmitted on the remote network.</p><p>This requires a <b>remote daemon </b>(called <code>rpcapd</code>) whichperforms the capture and sends data back and a <b>local client </b>that sendsthe appropriate commands and receives the captured data.</p><p>WinPcap extends the standard WinPcap code in such a way that allWinPcap-based tools can expoit remote capture capabilities. For instance, thecapabillity to interact with a remote daemon are added to the client softwarewithout any explicit modification to it. Vice versa, the remote daemon must beexplicitely installed (and configured) on the remote machine.</p><h2><a name="RunningModes"></a>Remote Capture Running Modes</h2><p>The Remote Capture Protocol (RPCAP) can work in two modes:</p><ul> <li><b>Passive Mode</b> (default): the client (e.g. a network sniffer) connects to the remote daemon, it sends them the appropriate commands, and it starts the capture.</li> <li><b>Active Mode</b>: the remote daemon try to establish a connection toward the client (e.g. the network sniffer); then, the client sends the appropriate commands to the daemon and it starts the capture. This name is due to the fact thet the daemon becomes <i>active</i> instead of <i>waiting</i> for new connections.</li></ul><p>The Active Mode is useful in case the remote daemon is behind a firewall andit cannot receive connections from the external world. In this case, the daemoncan be configured to establish the connection to a given host, which will havebeen configured in order to <i>wait</i> for that connection. After establishingthe connection, the protocol continues its job in almost the same way in bothActive and Passive Mode.</p><p>Analyzer (<a href="http://analyzer.polito.it/30alpha/">http://analyzer.polito.it/30alpha/</a>)has a set of commands (in the <b>Capture</b> menu) that allows you to accept aremote connection and then start the capture on the remote device. Currently,Analyzer is the only tool that is able to work in active mode, since it requiressome modifications to the application code.</p><h2><a name="Config"></a>Configuring the Remote Daemon (rpcapd)</h2><p>The Remote Daemon is a standard Win32 executable running either in consolemode or as a service. The executable can be found in the <code>WinPcap</code>folder and it has the following syntax:</p><pre> rpcapd [-b <address>] [-p <port>] [-6] [-l <host_list>] [-a <host,port>] [-n] [-v] [-d] [-s <file>] [-f <file>]</pre><p>The daemon can be compiled and it is actually working on Linux as well.</p><p>Here there is a brief description of the allowed commands:</p><div align="left"> <table border="1"> <tr> <th>Switch</th> <th>Description</th> </tr> <tr> <td> <pre>-b <address></pre> </td> <td>It sets the address the daemon has to bind to (either numeric or literal). Default: it binds to all local IPv4 and IPv6 addresses.</td> </tr> <tr> <td> <pre>-p <port></pre> </td> <td>It sets the port the daemon has to bind to. Default: it binds to port 2002.</td> </tr> <tr> <td> <pre>-4</pre> </td> <td>It binds only to IPv4 addresses. Default: both IPv4 and IPv6 waiting sockets are used.</td> </tr> <tr> <td> <pre>-l <host_list_file></pre> </td> <td>It specifies a file that keeps the list of the hosts which are allowed to connect to this daemon (if more than one, the file keeps them one per line). We suggest to use literal names (instead of numeric ones) in order to avoid problems with different address families (IPv4 and IPv6).</td> </tr> <tr> <td> <pre>-n</pre> </td> <td>It permits NULL authentication (usually used with '-l', that guarantees that only the allowed hosts can connect to the daemon). Default: the username/password authentication mechanism is required.</td> </tr> <tr> <td> <pre>-a <host, port></pre> </td> <td>It forces the daemon to run in active mode and to connect to 'host' on port 'port'. This does not exclude that the daemon is still able to accept passive connections.</td> </tr> <tr> <td> <pre>-v</pre> </td> <td>It forces the daemon to run in active mode only (default: the daemon always accepts active connections, even if the '-a' switch is specified).</td> </tr> <tr> <td> <pre>-d</pre> </td> <td>Forces the daemon to run in background, i.e. as a daemon (UNIX only) or as a service (Win32 only). <b>Warning</b> (Win32): this switch is provided automatically when WinPcap installs this daemon into the Win32 services (control panel - administrative tools - services).</td> </tr> <tr> <td> <pre>-s <file></pre> </td> <td>It saves the current configuration to file.</td> </tr> <tr> <td> <pre>-f <file></pre> </td> <td>It loads the current configuration from file; all the switches specified from the command line are ignored and the file settings are used instead.</td> </tr> <tr> <td> <pre>-h</pre> </td> <td>It prints an help screen.</td> </tr> </table></div><h3>Installing the remote daemon</h3><p>The remote daemon is installed automatically when installing WinPcap. Theinstallation process places the <code>rpcapd</code> file into the <code>WinPcap</code>folder. This file can be executed either from the command line, or as a service.For instance, the installation process updates the list of available serviceslist and it creates a new item (<b>Remote Packet Capture Protocol v.0(experimental)</b> ). To avoid security problems, the service is inactive and ithas to be started manually (control panel - administrative tools - services -start).</p><p>The service has a set of "standard" parameters, i.e. it it launchedwith the "<code>-d</code>" flag (in orde to make it running as aservice) and the "<code>-f rpcapd.ini</code>" flag. The user can⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -