📄 wpcap__remote_8htm-source.html
字号:
<a name="l00169"></a>00169 version of <code>rpcapd</code> is able to read the configuration file when<a name="l00170"></a>00170 sending a kill -HUP signal to it. In that case, all the existing connections<a name="l00171"></a>00171 remain in place, while the new connections will be created according to the new<a name="l00172"></a>00172 parameters.</p><a name="l00173"></a>00173 <p>In case the user does not want to create the configuration file manually, it<a name="l00174"></a>00174 can launch <code>rpcapd</code> with the requested parameters plus the &quot;<code>-s<a name="l00175"></a>00175 filename</code>&quot; one. The daemon will parse all the parameters and save<a name="l00176"></a>00176 them into the specified configuration file.</p><a name="l00177"></a>00177 <h3>Starting the remote daemon as a standard executable</h3><a name="l00178"></a>00178 <p>The <code>rpcapd</code> executable can be launched directly, i.e. it can run<a name="l00179"></a>00179 in the foreground as well (not as a daemon/service). The procedure is quite<a name="l00180"></a>00180 simple: you have to invoke the executable from the command line with all the<a name="l00181"></a>00181 requested parameters but the &quot;<code>-d</code>&quot; flag. The capture<a name="l00182"></a>00182 server will start in the foreground.</p><a name="l00183"></a>00183 <h2><a name="StartCap"></a>Starting a capture on a remote machine</h2><a name="l00184"></a>00184 <p>If you are using a tool that is already aware of the remote capture (like<a name="l00185"></a>00185 Analyzer), everything is simple. The capture wizard will help you to locate the<a name="l00186"></a>00186 appropriate interface on the remote machine.</p><a name="l00187"></a>00187 <p>If your preferred tool is not aware of the remote capture, you can still use<a name="l00188"></a>00188 the remote capture. In this case you have to read the next Section.</p><a name="l00189"></a>00189 <p><b>Be carefully</b>: the capture server (<code>rpcapd</code>) must be up and<a name="l00190"></a>00190 running on the remote machine.</p><a name="l00191"></a>00191 <h3>New string specifiers for interface selection</h3><a name="l00192"></a>00192 <p>If your preferred tool is not aware of the remote capture, the only thing you<a name="l00193"></a>00193 must do is to insert, as interface specifier, the indication of the remote<a name="l00194"></a>00194 machine you want to contact. The following forms are allowed:</p><a name="l00195"></a>00195 <div align="left"><a name="l00196"></a>00196 <table border="1"><a name="l00197"></a>00197 <tr><a name="l00198"></a>00198 <th>Adapter String</th><a name="l00199"></a>00199 <th>Description</th><a name="l00200"></a>00200 </tr><a name="l00201"></a>00201 <tr><a name="l00202"></a>00202 <td><a name="l00203"></a>00203 <pre>file:<span class="comment">//filename</pre></span><a name="l00204"></a>00204 </td><a name="l00205"></a>00205 <td>It opens a local file.</td><a name="l00206"></a>00206 </tr><a name="l00207"></a>00207 <tr><a name="l00208"></a>00208 <td><a name="l00209"></a>00209 <pre>rpcap:<span class="comment">//host.foo.bar/adaptername</pre></span><a name="l00210"></a>00210 </td><a name="l00211"></a>00211 <td>It opens a remote adapter; the host is specified by means of the<a name="l00212"></a>00212 literal name, without port number (i.e. it uses the RPCAP default port).</td><a name="l00213"></a>00213 </tr><a name="l00214"></a>00214 <tr><a name="l00215"></a>00215 <td><a name="l00216"></a>00216 <pre>rpcap:<span class="comment">//host.foo.bar:1234/adaptername</pre></span><a name="l00217"></a>00217 </td><a name="l00218"></a>00218 <td>It is the same as before, but it uses a different port number.</td><a name="l00219"></a>00219 </tr><a name="l00220"></a>00220 <tr><a name="l00221"></a>00221 <td><a name="l00222"></a>00222 <pre>rpcap:<span class="comment">//10.11.12.13/adaptername</pre></span><a name="l00223"></a>00223 </td><a name="l00224"></a>00224 <td>It opens a remote adapter, but the host is specified by means of an<a name="l00225"></a>00225 IPv4 numeric address, without port number (i.e. it uses the RPCAP<a name="l00226"></a>00226 default port).</td><a name="l00227"></a>00227 </tr><a name="l00228"></a>00228 <tr><a name="l00229"></a>00229 <td><a name="l00230"></a>00230 <pre>rpcap:<span class="comment">//10.11.12.13:1234/adaptername</pre></span><a name="l00231"></a>00231 </td><a name="l00232"></a>00232 <td>It is the same as before, but it uses a different port number.</td><a name="l00233"></a>00233 </tr><a name="l00234"></a>00234 <tr><a name="l00235"></a>00235 <td><a name="l00236"></a>00236 <pre>rpcap:<span class="comment">//[10.11.12.13]:1234/adaptername</pre></span><a name="l00237"></a>00237 </td><a name="l00238"></a>00238 <td>It is the same as before, but the numeric address is specified within<a name="l00239"></a>00239 square brackets (like IPv6 addresses).</td><a name="l00240"></a>00240 </tr><a name="l00241"></a>00241 <tr><a name="l00242"></a>00242 <td><a name="l00243"></a>00243 <pre>rpcap:<span class="comment">//[1:2:3::4]/adaptername</pre></span><a name="l00244"></a>00244 </td><a name="l00245"></a>00245 <td>It opens a remote adapter, but the host is specified by means of an<a name="l00246"></a>00246 IPv6 numeric address, without port number (i.e. it uses the RPCAP<a name="l00247"></a>00247 default port). In case of IPv6 addresses you MUST use the square<a name="l00248"></a>00248 brackets.</td><a name="l00249"></a>00249 </tr><a name="l00250"></a>00250 <tr><a name="l00251"></a>00251 <td><a name="l00252"></a>00252 <pre>rpcap:<span class="comment">//[1:2:3::4]:1234/adaptername</pre></span><a name="l00253"></a>00253 </td><a name="l00254"></a>00254 <td>It is the same as before, but it uses a different port number.</td><a name="l00255"></a>00255 </tr><a name="l00256"></a>00256 <tr><a name="l00257"></a>00257 <td><a name="l00258"></a>00258 <pre>rpcap:<span class="comment">//adaptername</pre></span><a name="l00259"></a>00259 </td><a name="l00260"></a>00260 <td>It opens a local adapter, without using the RPCAP protocol.</td><a name="l00261"></a>00261 </tr><a name="l00262"></a>00262 <tr><a name="l00263"></a>00263 <td><a name="l00264"></a>00264 <pre>adaptername</pre><a name="l00265"></a>00265 </td><a name="l00266"></a>00266 <td>It opens a local adapter; it is kept for compability, but it is<a name="l00267"></a>00267 strongly discouraged.</td><a name="l00268"></a>00268 </tr><a name="l00269"></a>00269 <tr><a name="l00270"></a>00270 <td><a name="l00271"></a>00271 <pre>(NULL)</pre><a name="l00272"></a>00272 </td><a name="l00273"></a>00273 <td>It opens the first local adapter; it is kept for compability, but it<a name="l00274"></a>00274 is strongly discouraged.</td><a name="l00275"></a>00275 </tr><a name="l00276"></a>00276 </table><a name="l00277"></a>00277 </div><a name="l00278"></a>00278 <p>The following formats are not allowed:</p><a name="l00279"></a>00279 <table border="1"><a name="l00280"></a>00280 <tr><a name="l00281"></a>00281 <th>Adapter String</th><a name="l00282"></a>00282 <th>Description</th><a name="l00283"></a>00283 </tr><a name="l00284"></a>00284 <tr><a name="l00285"></a>00285 <td><a name="l00286"></a>00286 <pre>rpcap:<span class="comment">//</pre></span><a name="l00287"></a>00287 </td><a name="l00288"></a>00288 <td>It cannot be used to open the first local adapter.</td><a name="l00289"></a>00289 </tr><a name="l00290"></a>00290 <tr><a name="l00291"></a>00291 <td><a name="l00292"></a>00292 <pre>rpcap:<span class="comment">//hostname/</pre></span><a name="l00293"></a>00293 </td><a name="l00294"></a>00294 <td>It cannot be used to open the first remote adapter.</td><a name="l00295"></a>00295 </tr><a name="l00296"></a>00296 </table><a name="l00297"></a>00297 <h2><a name="UNIX"></a>Installing the Remote Capture <a class="code" href="wpcap__remote_8htm.html#258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> in UNIX</h2><a name="l00298"></a>00298 <p>The WinPcap source archive can be compiled in UNIX as well. Currently, remote<a name="l00299"></a>00299 capture has been tested on Linux and BSD. What you have to do is:</p><a name="l00300"></a>00300 <ul><a name="l00301"></a>00301 <li>download the WinPcap sources</li><a name="l00302"></a>00302 <li>unpack the sources<a name="l00303"></a>00303 <ul><a name="l00304"></a>00304 <li>we suggest to use the <code>unzip -a</code> command in order to<a name="l00305"></a>00305 convert DOS files to UNIX ones</li><a name="l00306"></a>00306 </ul><a name="l00307"></a>00307 </li><a name="l00308"></a>00308 <li>move to the <code>libpcap</code> folder</li><a name="l00309"></a>00309 <li>type:<a name="l00310"></a>00310 <ul><a name="l00311"></a>00311 <li><code>./configure</code></li><a name="l00312"></a>00312 <li><b>Warning</b>: in case the previous step reports an error, please<a name="l00313"></a>00313 regenerate the <code>configure</code> file using <code>automake</code><a name="l00314"></a>00314 (version 2.50 or higher required)</li><a name="l00315"></a>00315 <li><code>make</code></li><a name="l00316"></a>00316 </ul><a name="l00317"></a>00317 </li><a name="l00318"></a>00318 <li>move to the <code>rpcapd</code> folder</li><a name="l00319"></a>00319 <li>type <code>make</code></li><a name="l00320"></a>00320 </ul><a name="l00321"></a>00321 <p>The remote capture capabilities are turned on by default on Linux and<a name="l00322"></a>00322 FreeBSD. In case you do not want remote capture capabilities in libpcap, you can<a name="l00323"></a>00323 type</p><a name="l00324"></a>00324 <pre> ./configure --disable-remote</pre><a name="l00325"></a>00325 <p>at the &quot;<code>configure</code>&quot; step. All the possible flags are<a name="l00326"></a>00326 listed when typing <code>./configure --help</code>.</p><a name="l00327"></a>00327 <p>What you obtained right now, is:</p><a name="l00328"></a>00328 <ul><a name="l00329"></a>00329 <li>a library file (<code>libpcap.a</code>), which can be linked to other<a name="l00330"></a>00330 applications (like <code>tcpdump</code>) in order to enable the remote<a name="l00331"></a>00331 capture for them.</li><a name="l00332"></a>00332 <li>an executable (<code>rpcapd</code>) that is the remote daemon</li><a name="l00333"></a>00333 </ul><a name="l00334"></a>00334 <p><b>Warning</b>: in order to run the <code>rpcapd</code> daemon, the program<a name="l00335"></a>00335 must either</p><a name="l00336"></a>00336 <ul><a name="l00337"></a>00337 <li>run as root (or)</li><a name="l00338"></a>00338 <li>run as user, but it must be owned by root and must be SUID root (<code>chmod<a name="l00339"></a>00339 u+s rpcapd</code>)</li><a name="l00340"></a>00340 </ul><a name="l00341"></a>00341 <h3>Known bugs</h3><a name="l00342"></a>00342 <p><b>FreeBSD</b>: the first time you call the <code><a class="code" href="structpcap__stat.html">pcap_stat</a>()</code>, the<a name="l00343"></a>00343 function takes several seconds to return. Therefore, programs like Analyzer seem<a name="l00344"></a>00344 to hang up for 20-30 seconds at the beginning of the capture (if this is done<a name="l00345"></a>00345 with BSD as a remote probe). We're investigating to solve this issue.</p><a name="l00346"></a>00346 <p><i>For any question, please refer to the WinPcap help page.</i></p><a name="l00347"></a>00347 <a name="l00348"></a>00348 </body><a name="l00349"></a>00349 <a name="l00350"></a>00350 </html></pre></div><hr><p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 CACE Technologies. All rights reserved.</p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -