group__remote.html

WinPcap V4.01技术手册

create a file called <code>rpcapd.ini</code> in the same folder of the
executable, and put the configuration commands in there. In order for the
service to execute the commands, you have to stop and restart it again (i.e. the
initialization file is parsed only at the beginning). Viceversa, the UNIX
version of <code>rpcapd</code> is able to read the configuration file when
sending a kill -HUP signal to it. In that case, all the existing connections
remain in place, while the new connections will be created according to the new
parameters.</p>
<p>In case the user does not want to create the configuration file manually, it
can launch <code>rpcapd</code> with the requested parameters plus the &quot;<code>-s
filename</code>&quot; one. The daemon will parse all the parameters and save
them into the specified configuration file.</p>
<h3>Starting the remote daemon as a standard executable</h3>
<p>The <code>rpcapd</code> executable can be launched directly, i.e. it can run
in the foreground as well (not as a daemon/service). The procedure is quite
simple: you have to invoke the executable from the command line with all the
requested parameters but the &quot;<code>-d</code>&quot; flag. The capture
server will start in the foreground.</p>
<h2><a name="StartCap"></a>Starting a capture on a remote machine</h2>
<p>If you are using a tool that is already aware of the remote capture (like
Analyzer), everything is simple. The capture wizard will help you to locate the
appropriate interface on the remote machine.</p>
<p>If your preferred tool is not aware of the remote capture, you can still use
the remote capture. In this case you have to read the next Section.</p>
<p><b>Be carefully</b>: the capture server (<code>rpcapd</code>) must be up and
running on the remote machine.</p>
<h3>New string specifiers for interface selection</h3>
<p>If your preferred tool is not aware of the remote capture, the only thing you
must do is to insert, as interface specifier, the indication of the remote
machine you want to contact. The following forms are allowed:</p>
<div align="left">
  <table border="1">
    <tr>
      <th>Adapter String</th>
      <th>Description</th>
    </tr>
    <tr>
      <td>
        <pre>file://filename</pre>
      </td>
      <td>It opens a local file.</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://host.foo.bar/adaptername</pre>
      </td>
      <td>It opens a remote adapter; the host is specified by means of the
        literal name, without port number (i.e. it uses the RPCAP default port).</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://host.foo.bar:1234/adaptername</pre>
      </td>
      <td>It is the same as before, but it uses a different port number.</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://10.11.12.13/adaptername</pre>
      </td>
      <td>It opens a remote adapter, but the host is specified by means of an
        IPv4 numeric address, without port number (i.e. it uses the RPCAP
        default port).</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://10.11.12.13:1234/adaptername</pre>
      </td>
      <td>It is the same as before, but it uses a different port number.</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://[10.11.12.13]:1234/adaptername</pre>
      </td>
      <td>It is the same as before, but the numeric address is specified within
        square brackets (like IPv6 addresses).</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://[1:2:3::4]/adaptername</pre>
      </td>
      <td>It opens a remote adapter, but the host is specified by means of an
        IPv6 numeric address, without port number (i.e. it uses the RPCAP
        default port). In case of IPv6 addresses you MUST use the square
        brackets.</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://[1:2:3::4]:1234/adaptername</pre>
      </td>
      <td>It is the same as before, but it uses a different port number.</td>
    </tr>
    <tr>
      <td>
        <pre>rpcap://adaptername</pre>
      </td>
      <td>It opens a local adapter, without using the RPCAP protocol.</td>
    </tr>
    <tr>
      <td>
        <pre>adaptername</pre>
      </td>
      <td>It opens a local adapter; it is kept for compability, but it is
        strongly discouraged.</td>
    </tr>
    <tr>
      <td>
        <pre>(NULL)</pre>
      </td>
      <td>It opens the first local adapter; it is kept for compability, but it
        is strongly discouraged.</td>
    </tr>
  </table>
</div>
<p>The following formats are not allowed:</p>
<table border="1">
  <tr>
    <th>Adapter String</th>
    <th>Description</th>
  </tr>
  <tr>
    <td>
      <pre>rpcap://</pre>
    </td>
    <td>It cannot be used to open the first local adapter.</td>
  </tr>
  <tr>
    <td>
      <pre>rpcap://hostname/</pre>
    </td>
    <td>It cannot be used to open the first remote adapter.</td>
  </tr>
</table>
<h2><a name="UNIX"></a>Installing the Remote Capture Daemon in UNIX</h2>
<p>The WinPcap source archive can be compiled in UNIX as well. Currently, remote
capture has been tested on Linux and BSD. What you have to do is:</p>
<ul>
  <li>download the WinPcap sources</li>
  <li>unpack the sources
    <ul>
      <li>we suggest to use the <code>unzip -a</code> command in order to
        convert DOS files to UNIX ones</li>
    </ul>
  </li>
  <li>move to the <code>libpcap</code> folder</li>
  <li>type:
    <ul>
      <li><code>./configure</code></li>
      <li><b>Warning</b>: in case the previous step reports an error, please
        regenerate the <code>configure</code> file using <code>automake</code>
        (version 2.50 or higher required)</li>
      <li><code>make</code></li>
    </ul>
  </li>
  <li>move to the <code>rpcapd</code> folder</li>
  <li>type <code>make</code></li>
</ul>
<p>The remote capture capabilities are turned on by default on Linux and
FreeBSD. In case you do not want remote capture capabilities in libpcap, you can
type</p>
<pre>    ./configure --disable-remote</pre>
<p>at the &quot;<code>configure</code>&quot; step. All the possible flags are
listed when typing <code>./configure --help</code>.</p>
<p>What you obtained right now, is:</p>
<ul>
  <li>a library file (<code>libpcap.a</code>), which can be linked to other
    applications (like <code>tcpdump</code>) in order to enable the remote
    capture for them.</li>
  <li>an executable (<code>rpcapd</code>) that is the remote daemon</li>
</ul>
<p><b>Warning</b>: in order to run the <code>rpcapd</code> daemon, the program
must either</p>
<ul>
  <li>run as root (or)</li>
  <li>run as user, but it must be owned by root and must be SUID root (<code>chmod
    u+s rpcapd</code>)</li>
</ul>
<h3>Known bugs</h3>
<p><b>FreeBSD</b>: the first time you call the <code>pcap_stat()</code>, the
function takes several seconds to return. Therefore, programs like Analyzer seem
to hang up for 20-30 seconds at the beginning of the capture (if this is done
with BSD as a remote probe). We're investigating to solve this issue.</p>
<p><i>For any question, please refer to the WinPcap help page.</i></p>

</body>

</html>
 
<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 
CACE Technologies. All rights reserved.</p>