📄 wpcap__remote_8htm-source.html
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"><title>WinPcap: wpcap_remote.htm Source File</title><link href="style.css" rel="stylesheet" type="text/css"><link href="tabs.css" rel="stylesheet" type="text/css"></head><body><!-- Generated by Doxygen 1.5.1 --><div class="tabs"> <ul> <li><a href="main.html"><span>Main Page</span></a></li> <li><a href="modules.html"><span>Modules</span></a></li> <li><a href="annotated.html"><span>Data Structures</span></a></li> <li id="current"><a href="files.html"><span>Files</span></a></li> <li><a href="pages.html"><span>Related Pages</span></a></li> </ul></div><div class="tabs"> <ul> <li><a href="files.html"><span>File List</span></a></li> <li><a href="globals.html"><span>Globals</span></a></li> </ul></div><h1>wpcap_remote.htm</h1><a href="wpcap__remote_8htm.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <html><a name="l00002"></a>00002 <a name="l00003"></a>00003 <head><a name="l00004"></a>00004 <meta http-equiv=<span class="stringliteral">"Content-Type"</span> content=<span class="stringliteral">"text/html; charset=windows-1252"</span>><a name="l00005"></a>00005 <meta name=<span class="stringliteral">"GENERATOR"</span> content=<span class="stringliteral">"Microsoft FrontPage 4.0"</span>><a name="l00006"></a>00006 <meta name=<span class="stringliteral">"ProgId"</span> content=<span class="stringliteral">"FrontPage.Editor.Document"</span>><a name="l00007"></a>00007 <title>Using WinPcap Remote Capture</title><a name="l00008"></a>00008 </head><a name="l00009"></a>00009 <a name="l00010"></a>00010 <body><a name="l00011"></a>00011 <a name="l00012"></a>00012 <hr><a name="l00013"></a>00013 <ul><a name="l00014"></a>00014 <li><a href=<span class="stringliteral">"#RunningModes"</span>>Remote Capture Running Modes</a></li><a name="l00015"></a>00015 <li><a href=<span class="stringliteral">"#Config"</span>>Configuring the Remote <a class="code" href="wpcap__remote_8htm.html#258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> (rpcapd)</a></li><a name="l00016"></a>00016 <li><a href=<span class="stringliteral">"#StartCap"</span>>Starting a capture on a remote machine</a></li><a name="l00017"></a>00017 <li><a href=<span class="stringliteral">"#UNIX"</span>>Installing the Remote Capture <a class="code" href="wpcap__remote_8htm.html#258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> in UNIX</a></li><a name="l00018"></a>00018 </ul><a name="l00019"></a>00019 <hr><a name="l00020"></a>00020 <p>WinPcap comes with Remote Capture capabilities. This is an highly<a name="l00021"></a>00021 experimental feature that allows to interact to a remote machine and capture<a name="l00022"></a>00022 packets that are being transmitted on the remote network.</p><a name="l00023"></a>00023 <p>This requires a <b>remote daemon </b>(called <code>rpcapd</code>) which<a name="l00024"></a>00024 performs the capture and sends data back and a <b>local client </b>that sends<a name="l00025"></a>00025 the appropriate commands and receives the captured data.</p><a name="l00026"></a>00026 <p>WinPcap extends the standard WinPcap code in such a way that all<a name="l00027"></a>00027 WinPcap-based tools can expoit remote capture capabilities. For instance, the<a name="l00028"></a>00028 capabillity to interact with a remote daemon are added to the client software<a name="l00029"></a>00029 without any <span class="keyword">explicit</span> modification to it. Vice versa, the remote daemon must be<a name="l00030"></a>00030 explicitely installed (and configured) on the remote machine.</p><a name="l00031"></a>00031 <h2><a name=<span class="stringliteral">"RunningModes"</span>></a>Remote Capture Running Modes</h2><a name="l00032"></a>00032 <p>The Remote Capture Protocol (RPCAP) can work in two modes:</p><a name="l00033"></a>00033 <ul><a name="l00034"></a>00034 <li><b>Passive Mode</b> (default): the client (e.g. a network sniffer)<a name="l00035"></a>00035 connects to the remote daemon, it sends them the appropriate commands, and<a name="l00036"></a>00036 it starts the capture.</li><a name="l00037"></a>00037 <li><b>Active Mode</b>: the remote daemon try to establish a <a class="code" href="wpcap__remote_8htm.html#9626e8afe69dfeee0e9d7a2477dedf52">connection</a> toward<a name="l00038"></a><a class="code" href="wpcap__remote_8htm.html#751ff7ed91d2e43008930137c9fa6925">00038</a> the client (e.g. the network sniffer); <a class="code" href="wpcap__remote_8htm.html#751ff7ed91d2e43008930137c9fa6925">then</a>, the client sends the<a name="l00039"></a>00039 appropriate commands to the daemon and it starts the capture. This name is<a name="l00040"></a>00040 due to the fact thet the daemon becomes <i>active</i> instead of <i>waiting</i><a name="l00041"></a>00041 for new connections.</li><a name="l00042"></a>00042 </ul><a name="l00043"></a>00043 <p>The Active Mode is useful in <a class="code" href="wpcap__remote_8htm.html#0b27a0048ba88eaf6d523bcc6c6ef00e">case</a> the remote daemon is behind a firewall and<a name="l00044"></a>00044 it cannot receive connections from the external world. In this <a class="code" href="wpcap__remote_8htm.html#0b27a0048ba88eaf6d523bcc6c6ef00e">case</a>, the daemon<a name="l00045"></a>00045 can be configured to establish the <a class="code" href="wpcap__remote_8htm.html#9626e8afe69dfeee0e9d7a2477dedf52">connection</a> to a given <a class="code" href="wpcap__remote_8htm.html#3c46d79c790748a5942fb43baa6b3073">host</a>, which will have<a name="l00046"></a>00046 been configured in order to <i>wait</i> for that <a class="code" href="wpcap__remote_8htm.html#9626e8afe69dfeee0e9d7a2477dedf52">connection</a>. After establishing<a name="l00047"></a>00047 the <a class="code" href="wpcap__remote_8htm.html#9626e8afe69dfeee0e9d7a2477dedf52">connection</a>, the protocol continues its job in almost the same way in both<a name="l00048"></a>00048 Active and Passive Mode.</p><a name="l00049"></a>00049 <p>Analyzer (<a href="http:<span class="comment">//analyzer.polito.it/30alpha/">http://analyzer.polito.it/30alpha/</a>)</span><a name="l00050"></a>00050 has a set of commands (in the <b>Capture</b> menu) that allows you to accept a<a name="l00051"></a>00051 remote connection and <a class="code" href="wpcap__remote_8htm.html#751ff7ed91d2e43008930137c9fa6925">then</a> start the capture on the remote device. Currently,<a name="l00052"></a>00052 Analyzer is the only tool that is able to work in active mode, since it requires<a name="l00053"></a>00053 some modifications to the application code.</p><a name="l00054"></a>00054 <h2><a name="Config"></a>Configuring the Remote <a class="code" href="wpcap__remote_8htm.html#258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> (rpcapd)</h2><a name="l00055"></a>00055 <p>The Remote <a class="code" href="wpcap__remote_8htm.html#258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> is a standard Win32 executable running either in console<a name="l00056"></a>00056 mode or as a service. The executable can be found in the <code>WinPcap</code><a name="l00057"></a>00057 folder and it has the following syntax:</p><a name="l00058"></a>00058 <pre> rpcapd [-b &lt;address&gt;] [-p &lt;port&gt;] [-6] [-l &lt;host_list&gt;] [-a &lt;host,port&gt;] <a name="l00059"></a>00059 [-n] [-v] [-d] [-s &lt;file&gt;] [-f &lt;file&gt;]</pre><a name="l00060"></a>00060 <p>The daemon can be compiled and it is actually working on Linux as well.</p><a name="l00061"></a>00061 <p>Here there is a brief description of the allowed commands:</p><a name="l00062"></a>00062 <div align="left"><a name="l00063"></a>00063 <table border="1"><a name="l00064"></a>00064 <tr><a name="l00065"></a>00065 <th>Switch</th><a name="l00066"></a>00066 <th>Description</th><a name="l00067"></a>00067 </tr><a name="l00068"></a>00068 <tr><a name="l00069"></a>00069 <td><a name="l00070"></a>00070 <pre>-b &lt;address&gt;</pre><a name="l00071"></a>00071 </td><a name="l00072"></a>00072 <td>It sets the address the daemon has to bind to (either numeric or<a name="l00073"></a>00073 literal). Default: it binds to all local IPv4 and IPv6 addresses.</td><a name="l00074"></a>00074 </tr><a name="l00075"></a>00075 <tr><a name="l00076"></a>00076 <td><a name="l00077"></a>00077 <pre>-p &lt;port&gt;</pre><a name="l00078"></a>00078 </td><a name="l00079"></a>00079 <td>It sets the port the daemon has to bind to. Default: it binds to port<a name="l00080"></a>00080 2002.</td><a name="l00081"></a>00081 </tr><a name="l00082"></a>00082 <tr><a name="l00083"></a>00083 <td><a name="l00084"></a>00084 <pre>-4</pre><a name="l00085"></a>00085 </td><a name="l00086"></a>00086 <td>It binds only to IPv4 addresses. Default: both IPv4 and IPv6 waiting<a name="l00087"></a>00087 sockets are used.</td><a name="l00088"></a>00088 </tr><a name="l00089"></a>00089 <tr><a name="l00090"></a>00090 <td><a name="l00091"></a>00091 <pre>-l &lt;host_list_file&gt;</pre><a name="l00092"></a>00092 </td><a name="l00093"></a>00093 <td>It specifies a file that keeps the list of the hosts which are allowed<a name="l00094"></a>00094 to connect to this daemon (if more than one, the file keeps them one per<a name="l00095"></a>00095 line). We suggest to use literal names (instead of numeric ones) in<a name="l00096"></a>00096 order to avoid problems with different address families (IPv4 and IPv6).</td><a name="l00097"></a>00097 </tr><a name="l00098"></a>00098 <tr><a name="l00099"></a>00099 <td><a name="l00100"></a>00100 <pre>-n</pre><a name="l00101"></a>00101 </td><a name="l00102"></a>00102 <td>It permits NULL authentication (usually used with '-l', that<a name="l00103"></a>00103 guarantees that only the allowed hosts can connect to the daemon).<a name="l00104"></a>00104 Default: the username/password authentication mechanism is required.</td><a name="l00105"></a>00105 </tr><a name="l00106"></a>00106 <tr><a name="l00107"></a>00107 <td><a name="l00108"></a>00108 <pre>-a &lt;host, port&gt;</pre><a name="l00109"></a>00109 </td><a name="l00110"></a>00110 <td>It forces the daemon to run in active mode and to connect to 'host' on<a name="l00111"></a>00111 port 'port'. This does not exclude that the daemon is still able to<a name="l00112"></a>00112 accept passive connections.</td><a name="l00113"></a>00113 </tr><a name="l00114"></a>00114 <tr><a name="l00115"></a>00115 <td><a name="l00116"></a>00116 <pre>-v</pre><a name="l00117"></a>00117 </td><a name="l00118"></a>00118 <td>It forces the daemon to run in active mode only (default: the daemon<a name="l00119"></a>00119 always accepts active connections, even if the '-a' switch is<a name="l00120"></a>00120 specified).</td><a name="l00121"></a>00121 </tr><a name="l00122"></a>00122 <tr><a name="l00123"></a>00123 <td><a name="l00124"></a>00124 <pre>-d</pre><a name="l00125"></a>00125 </td><a name="l00126"></a>00126 <td>Forces the daemon to run in background, i.e. as a daemon (UNIX only)<a name="l00127"></a>00127 or as a service (Win32 only). <b>Warning</b> (Win32): this switch is<a name="l00128"></a>00128 provided automatically when WinPcap installs this daemon into the Win32<a name="l00129"></a>00129 services (control panel - administrative tools - services).</td><a name="l00130"></a>00130 </tr><a name="l00131"></a>00131 <tr><a name="l00132"></a>00132 <td><a name="l00133"></a>00133 <pre>-s &lt;file&gt;</pre><a name="l00134"></a>00134 </td><a name="l00135"></a>00135 <td>It saves the current configuration to file.</td><a name="l00136"></a>00136 </tr><a name="l00137"></a>00137 <tr><a name="l00138"></a>00138 <td><a name="l00139"></a>00139 <pre>-f &lt;file&gt;</pre><a name="l00140"></a>00140 </td><a name="l00141"></a>00141 <td>It loads the current configuration from file; all the switches<a name="l00142"></a>00142 specified from the command line are ignored and the file settings are<a name="l00143"></a>00143 used instead.</td><a name="l00144"></a>00144 </tr><a name="l00145"></a>00145 <tr><a name="l00146"></a>00146 <td><a name="l00147"></a>00147 <pre>-h</pre><a name="l00148"></a>00148 </td><a name="l00149"></a>00149 <td>It prints an help screen.</td><a name="l00150"></a>00150 </tr><a name="l00151"></a>00151 </table><a name="l00152"></a>00152 </div><a name="l00153"></a>00153 <h3>Installing the remote daemon</h3><a name="l00154"></a>00154 <p>The remote daemon is installed automatically when installing WinPcap. The<a name="l00155"></a>00155 installation process places the <code>rpcapd</code> file into the <code>WinPcap</code><a name="l00156"></a>00156 folder. This file can be executed either from the command line, or as a service.<a name="l00157"></a>00157 For instance, the installation process updates the list of available services<a name="l00158"></a>00158 list and it creates a new item (<b>Remote Packet Capture Protocol v.0<a name="l00159"></a>00159 (experimental)</b> ). To avoid security problems, the service is inactive and it<a name="l00160"></a>00160 has to be started manually (control panel - administrative tools - services -<a name="l00161"></a>00161 start).</p><a name="l00162"></a>00162 <p>The service has a set of &quot;standard&quot; parameters, i.e. it it launched<a name="l00163"></a>00163 with the &quot;<code>-d</code>&quot; flag (in orde to make it running as a<a name="l00164"></a>00164 service) and the &quot;<code>-f rpcapd.ini</code>&quot; flag. The user can<a name="l00165"></a>00165 create a file called <code>rpcapd.ini</code> in the same folder of the<a name="l00166"></a>00166 executable, and put the configuration commands in there. In order for the<a name="l00167"></a>00167 service to execute the commands, you have to stop and restart it again (i.e. the<a name="l00168"></a>00168 initialization file is parsed only at the beginning). Viceversa, the UNIX⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -