mirror of
https://github.com/holub/mame
synced 2025-04-30 03:47:13 +03:00
383 lines
30 KiB
HTML
383 lines
30 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
|
|
<title>WinPcap: wpcap_remote.htm Source File</title>
|
|
<link href="tabs.css" rel="stylesheet" type="text/css"/>
|
|
<link href="style.css" rel="stylesheet" type="text/css"/>
|
|
</head>
|
|
<body>
|
|
<!-- Generated by Doxygen 1.6.1 -->
|
|
<div class="navigation" id="top">
|
|
<div class="tabs">
|
|
<ul>
|
|
<li><a href="main.html"><span>Main Page</span></a></li>
|
|
<li><a href="pages.html"><span>Related Pages</span></a></li>
|
|
<li><a href="modules.html"><span>Modules</span></a></li>
|
|
<li><a href="annotated.html"><span>Data Structures</span></a></li>
|
|
<li class="current"><a href="files.html"><span>Files</span></a></li>
|
|
</ul>
|
|
</div>
|
|
<div class="tabs">
|
|
<ul>
|
|
<li><a href="files.html"><span>File List</span></a></li>
|
|
<li><a href="globals.html"><span>Globals</span></a></li>
|
|
</ul>
|
|
</div>
|
|
<h1>wpcap_remote.htm</h1><a href="wpcap__remote_8htm.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <html>
|
|
<a name="l00002"></a>00002
|
|
<a name="l00003"></a>00003 <head>
|
|
<a name="l00004"></a>00004 <meta http-equiv=<span class="stringliteral">"Content-Type"</span> content=<span class="stringliteral">"text/html; charset=windows-1252"</span>>
|
|
<a name="l00005"></a>00005 <meta name=<span class="stringliteral">"GENERATOR"</span> content=<span class="stringliteral">"Microsoft FrontPage 4.0"</span>>
|
|
<a name="l00006"></a>00006 <meta name=<span class="stringliteral">"ProgId"</span> content=<span class="stringliteral">"FrontPage.Editor.Document"</span>>
|
|
<a name="l00007"></a>00007 <title>Using WinPcap Remote Capture</title>
|
|
<a name="l00008"></a>00008 </head>
|
|
<a name="l00009"></a>00009
|
|
<a name="l00010"></a>00010 <body>
|
|
<a name="l00011"></a>00011
|
|
<a name="l00012"></a>00012 <hr>
|
|
<a name="l00013"></a>00013 <ul>
|
|
<a name="l00014"></a>00014 <li><a href=<span class="stringliteral">"#RunningModes"</span>>Remote Capture Running Modes</a></li>
|
|
<a name="l00015"></a>00015 <li><a href=<span class="stringliteral">"#Config"</span>>Configuring the Remote <a class="code" href="wpcap__remote_8htm.html#a258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> (rpcapd)</a></li>
|
|
<a name="l00016"></a>00016 <li><a href=<span class="stringliteral">"#StartCap"</span>>Starting a capture on a remote machine</a></li>
|
|
<a name="l00017"></a>00017 <li><a href=<span class="stringliteral">"#UNIX"</span>>Installing the Remote Capture <a class="code" href="wpcap__remote_8htm.html#a258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> in UNIX</a></li>
|
|
<a name="l00018"></a>00018 </ul>
|
|
<a name="l00019"></a>00019 <hr>
|
|
<a name="l00020"></a>00020 <p>WinPcap comes with Remote Capture capabilities. This is an highly
|
|
<a name="l00021"></a>00021 experimental feature that allows to interact to a remote machine and capture
|
|
<a name="l00022"></a>00022 packets that are being transmitted on the remote network.</p>
|
|
<a name="l00023"></a>00023 <p>This requires a <b>remote daemon </b>(called <code>rpcapd</code>) which
|
|
<a name="l00024"></a>00024 performs the capture and sends data back and a <b>local client </b>that sends
|
|
<a name="l00025"></a>00025 the appropriate commands and receives the captured data.</p>
|
|
<a name="l00026"></a>00026 <p>WinPcap extends the standard WinPcap code in such a way that all
|
|
<a name="l00027"></a>00027 WinPcap-based tools can expoit remote capture capabilities. For instance, the
|
|
<a name="l00028"></a>00028 capabillity to interact with a remote daemon are added to the client software
|
|
<a name="l00029"></a>00029 without any <span class="keyword">explicit</span> modification to it. Vice versa, the remote daemon must be
|
|
<a name="l00030"></a>00030 explicitely installed (and configured) on the remote machine.</p>
|
|
<a name="l00031"></a>00031 <h2><a name=<span class="stringliteral">"RunningModes"</span>></a>Remote Capture Running Modes</h2>
|
|
<a name="l00032"></a>00032 <p>The Remote Capture Protocol (RPCAP) can work in two modes:</p>
|
|
<a name="l00033"></a>00033 <ul>
|
|
<a name="l00034"></a>00034 <li><b>Passive Mode</b> (default): the client (e.g. a network sniffer)
|
|
<a name="l00035"></a>00035 connects to the remote daemon, it sends them the appropriate commands, and
|
|
<a name="l00036"></a>00036 it starts the capture.</li>
|
|
<a name="l00037"></a>00037 <li><b>Active Mode</b>: the remote daemon try to establish a <a class="code" href="wpcap__remote_8htm.html#a9626e8afe69dfeee0e9d7a2477dedf52">connection</a> toward
|
|
<a name="l00038"></a><a class="code" href="wpcap__remote_8htm.html#a751ff7ed91d2e43008930137c9fa6925">00038</a> the client (e.g. the network sniffer); <a class="code" href="wpcap__remote_8htm.html#a751ff7ed91d2e43008930137c9fa6925">then</a>, the client sends the
|
|
<a name="l00039"></a>00039 appropriate commands to the daemon and it starts the capture. This name is
|
|
<a name="l00040"></a>00040 due to the fact thet the daemon becomes <i>active</i> instead of <i>waiting</i>
|
|
<a name="l00041"></a>00041 for new connections.</li>
|
|
<a name="l00042"></a>00042 </ul>
|
|
<a name="l00043"></a>00043 <p>The Active Mode is useful in <a class="code" href="wpcap__remote_8htm.html#a0b27a0048ba88eaf6d523bcc6c6ef00e">case</a> the remote daemon is behind a firewall and
|
|
<a name="l00044"></a>00044 it cannot receive connections from the external world. In this <a class="code" href="wpcap__remote_8htm.html#a0b27a0048ba88eaf6d523bcc6c6ef00e">case</a>, the daemon
|
|
<a name="l00045"></a>00045 can be configured to establish the <a class="code" href="wpcap__remote_8htm.html#a9626e8afe69dfeee0e9d7a2477dedf52">connection</a> to a given <a class="code" href="wpcap__remote_8htm.html#a3c46d79c790748a5942fb43baa6b3073">host</a>, which will have
|
|
<a name="l00046"></a>00046 been configured in order to <i>wait</i> for that <a class="code" href="wpcap__remote_8htm.html#a9626e8afe69dfeee0e9d7a2477dedf52">connection</a>. After establishing
|
|
<a name="l00047"></a>00047 the <a class="code" href="wpcap__remote_8htm.html#a9626e8afe69dfeee0e9d7a2477dedf52">connection</a>, the protocol continues its job in almost the same way in both
|
|
<a name="l00048"></a>00048 Active and Passive Mode.</p>
|
|
<a name="l00049"></a>00049 <p>Analyzer (<a href="http:<span class="comment">//analyzer.polito.it/30alpha/">http://analyzer.polito.it/30alpha/</a>)</span>
|
|
<a name="l00050"></a>00050 has a set of commands (in the <b>Capture</b> menu) that allows you to accept a
|
|
<a name="l00051"></a>00051 remote connection and <a class="code" href="wpcap__remote_8htm.html#a751ff7ed91d2e43008930137c9fa6925">then</a> start the capture on the remote device. Currently,
|
|
<a name="l00052"></a>00052 Analyzer is the only tool that is able to work in active mode, since it requires
|
|
<a name="l00053"></a>00053 some modifications to the application code.</p>
|
|
<a name="l00054"></a>00054 <h2><a name="Config"></a>Configuring the Remote <a class="code" href="wpcap__remote_8htm.html#a258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> (rpcapd)</h2>
|
|
<a name="l00055"></a>00055 <p>The Remote <a class="code" href="wpcap__remote_8htm.html#a258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> is a standard Win32 executable running either in console
|
|
<a name="l00056"></a>00056 mode or as a service. The executable can be found in the <code>WinPcap</code>
|
|
<a name="l00057"></a>00057 folder and it has the following syntax:</p>
|
|
<a name="l00058"></a>00058 <pre> rpcapd [-b &lt;address&gt;] [-p &lt;port&gt;] [-6] [-l &lt;host_list&gt;] [-a &lt;host,port&gt;]
|
|
<a name="l00059"></a>00059 [-n] [-v] [-d] [-s &lt;file&gt;] [-f &lt;file&gt;]</pre>
|
|
<a name="l00060"></a>00060 <p>The daemon can be compiled and it is actually working on Linux as well.</p>
|
|
<a name="l00061"></a>00061 <p>Here there is a brief description of the allowed commands:</p>
|
|
<a name="l00062"></a>00062 <div align="left">
|
|
<a name="l00063"></a>00063 <table border="1">
|
|
<a name="l00064"></a>00064 <tr>
|
|
<a name="l00065"></a>00065 <th>Switch</th>
|
|
<a name="l00066"></a>00066 <th>Description</th>
|
|
<a name="l00067"></a>00067 </tr>
|
|
<a name="l00068"></a>00068 <tr>
|
|
<a name="l00069"></a>00069 <td>
|
|
<a name="l00070"></a>00070 <pre>-b &lt;address&gt;</pre>
|
|
<a name="l00071"></a>00071 </td>
|
|
<a name="l00072"></a>00072 <td>It sets the address the daemon has to bind to (either numeric or
|
|
<a name="l00073"></a>00073 literal). Default: it binds to all local IPv4 and IPv6 addresses.</td>
|
|
<a name="l00074"></a>00074 </tr>
|
|
<a name="l00075"></a>00075 <tr>
|
|
<a name="l00076"></a>00076 <td>
|
|
<a name="l00077"></a>00077 <pre>-p &lt;port&gt;</pre>
|
|
<a name="l00078"></a>00078 </td>
|
|
<a name="l00079"></a>00079 <td>It sets the port the daemon has to bind to. Default: it binds to port
|
|
<a name="l00080"></a>00080 2002.</td>
|
|
<a name="l00081"></a>00081 </tr>
|
|
<a name="l00082"></a>00082 <tr>
|
|
<a name="l00083"></a>00083 <td>
|
|
<a name="l00084"></a>00084 <pre>-4</pre>
|
|
<a name="l00085"></a>00085 </td>
|
|
<a name="l00086"></a>00086 <td>It binds only to IPv4 addresses. Default: both IPv4 and IPv6 waiting
|
|
<a name="l00087"></a>00087 sockets are used.</td>
|
|
<a name="l00088"></a>00088 </tr>
|
|
<a name="l00089"></a>00089 <tr>
|
|
<a name="l00090"></a>00090 <td>
|
|
<a name="l00091"></a>00091 <pre>-l &lt;host_list_file&gt;</pre>
|
|
<a name="l00092"></a>00092 </td>
|
|
<a name="l00093"></a>00093 <td>It specifies a file that keeps the list of the hosts which are allowed
|
|
<a name="l00094"></a>00094 to connect to this daemon (if more than one, the file keeps them one per
|
|
<a name="l00095"></a>00095 line). We suggest to use literal names (instead of numeric ones) in
|
|
<a name="l00096"></a>00096 order to avoid problems with different address families (IPv4 and IPv6).</td>
|
|
<a name="l00097"></a>00097 </tr>
|
|
<a name="l00098"></a>00098 <tr>
|
|
<a name="l00099"></a>00099 <td>
|
|
<a name="l00100"></a>00100 <pre>-n</pre>
|
|
<a name="l00101"></a>00101 </td>
|
|
<a name="l00102"></a>00102 <td>It permits NULL authentication (usually used with '-l', that
|
|
<a name="l00103"></a>00103 guarantees that only the allowed hosts can connect to the daemon).
|
|
<a name="l00104"></a>00104 Default: the username/password authentication mechanism is required.</td>
|
|
<a name="l00105"></a>00105 </tr>
|
|
<a name="l00106"></a>00106 <tr>
|
|
<a name="l00107"></a>00107 <td>
|
|
<a name="l00108"></a>00108 <pre>-a &lt;host, port&gt;</pre>
|
|
<a name="l00109"></a>00109 </td>
|
|
<a name="l00110"></a>00110 <td>It forces the daemon to run in active mode and to connect to 'host' on
|
|
<a name="l00111"></a>00111 port 'port'. This does not exclude that the daemon is still able to
|
|
<a name="l00112"></a>00112 accept passive connections.</td>
|
|
<a name="l00113"></a>00113 </tr>
|
|
<a name="l00114"></a>00114 <tr>
|
|
<a name="l00115"></a>00115 <td>
|
|
<a name="l00116"></a>00116 <pre>-v</pre>
|
|
<a name="l00117"></a>00117 </td>
|
|
<a name="l00118"></a>00118 <td>It forces the daemon to run in active mode only (default: the daemon
|
|
<a name="l00119"></a>00119 always accepts active connections, even if the '-a' switch is
|
|
<a name="l00120"></a>00120 specified).</td>
|
|
<a name="l00121"></a>00121 </tr>
|
|
<a name="l00122"></a>00122 <tr>
|
|
<a name="l00123"></a>00123 <td>
|
|
<a name="l00124"></a>00124 <pre>-d</pre>
|
|
<a name="l00125"></a>00125 </td>
|
|
<a name="l00126"></a>00126 <td>Forces the daemon to run in background, i.e. as a daemon (UNIX only)
|
|
<a name="l00127"></a>00127 or as a service (Win32 only). <b>Warning</b> (Win32): this switch is
|
|
<a name="l00128"></a>00128 provided automatically when WinPcap installs this daemon into the Win32
|
|
<a name="l00129"></a>00129 services (control panel - administrative tools - services).</td>
|
|
<a name="l00130"></a>00130 </tr>
|
|
<a name="l00131"></a>00131 <tr>
|
|
<a name="l00132"></a>00132 <td>
|
|
<a name="l00133"></a>00133 <pre>-s &lt;file&gt;</pre>
|
|
<a name="l00134"></a>00134 </td>
|
|
<a name="l00135"></a>00135 <td>It saves the current configuration to file.</td>
|
|
<a name="l00136"></a>00136 </tr>
|
|
<a name="l00137"></a>00137 <tr>
|
|
<a name="l00138"></a>00138 <td>
|
|
<a name="l00139"></a>00139 <pre>-f &lt;file&gt;</pre>
|
|
<a name="l00140"></a>00140 </td>
|
|
<a name="l00141"></a>00141 <td>It loads the current configuration from file; all the switches
|
|
<a name="l00142"></a>00142 specified from the command line are ignored and the file settings are
|
|
<a name="l00143"></a>00143 used instead.</td>
|
|
<a name="l00144"></a>00144 </tr>
|
|
<a name="l00145"></a>00145 <tr>
|
|
<a name="l00146"></a>00146 <td>
|
|
<a name="l00147"></a>00147 <pre>-h</pre>
|
|
<a name="l00148"></a>00148 </td>
|
|
<a name="l00149"></a>00149 <td>It prints an help screen.</td>
|
|
<a name="l00150"></a>00150 </tr>
|
|
<a name="l00151"></a>00151 </table>
|
|
<a name="l00152"></a>00152 </div>
|
|
<a name="l00153"></a>00153 <h3>Installing the remote daemon</h3>
|
|
<a name="l00154"></a>00154 <p>The remote daemon is installed automatically when installing WinPcap. The
|
|
<a name="l00155"></a>00155 installation process places the <code>rpcapd</code> file into the <code>WinPcap</code>
|
|
<a name="l00156"></a>00156 folder. This file can be executed either from the command line, or as a service.
|
|
<a name="l00157"></a>00157 For instance, the installation process updates the list of available services
|
|
<a name="l00158"></a>00158 list and it creates a new item (<b>Remote Packet Capture Protocol v.0
|
|
<a name="l00159"></a>00159 (experimental)</b> ). To avoid security problems, the service is inactive and it
|
|
<a name="l00160"></a>00160 has to be started manually (control panel - administrative tools - services -
|
|
<a name="l00161"></a>00161 start).</p>
|
|
<a name="l00162"></a>00162 <p>The service has a set of &quot;standard&quot; parameters, i.e. it it launched
|
|
<a name="l00163"></a>00163 with the &quot;<code>-d</code>&quot; flag (in orde to make it running as a
|
|
<a name="l00164"></a>00164 service) and the &quot;<code>-f rpcapd.ini</code>&quot; flag. The user can
|
|
<a name="l00165"></a>00165 create a file called <code>rpcapd.ini</code> in the same folder of the
|
|
<a name="l00166"></a>00166 executable, and put the configuration commands in there. In order for the
|
|
<a name="l00167"></a>00167 service to execute the commands, you have to stop and restart it again (i.e. the
|
|
<a name="l00168"></a>00168 initialization file is parsed only at the beginning). Viceversa, the UNIX
|
|
<a name="l00169"></a>00169 version of <code>rpcapd</code> is able to read the configuration file when
|
|
<a name="l00170"></a>00170 sending a kill -HUP signal to it. In that case, all the existing connections
|
|
<a name="l00171"></a>00171 remain in place, while the new connections will be created according to the new
|
|
<a name="l00172"></a>00172 parameters.</p>
|
|
<a name="l00173"></a>00173 <p>In case the user does not want to create the configuration file manually, it
|
|
<a name="l00174"></a>00174 can launch <code>rpcapd</code> with the requested parameters plus the &quot;<code>-s
|
|
<a name="l00175"></a>00175 filename</code>&quot; one. The daemon will parse all the parameters and save
|
|
<a name="l00176"></a>00176 them into the specified configuration file.</p>
|
|
<a name="l00177"></a>00177 <h3>Starting the remote daemon as a standard executable</h3>
|
|
<a name="l00178"></a>00178 <p>The <code>rpcapd</code> executable can be launched directly, i.e. it can run
|
|
<a name="l00179"></a>00179 in the foreground as well (not as a daemon/service). The procedure is quite
|
|
<a name="l00180"></a>00180 simple: you have to invoke the executable from the command line with all the
|
|
<a name="l00181"></a>00181 requested parameters but the &quot;<code>-d</code>&quot; flag. The capture
|
|
<a name="l00182"></a>00182 server will start in the foreground.</p>
|
|
<a name="l00183"></a>00183 <h2><a name="StartCap"></a>Starting a capture on a remote machine</h2>
|
|
<a name="l00184"></a>00184 <p>If you are using a tool that is already aware of the remote capture (like
|
|
<a name="l00185"></a>00185 Analyzer), everything is simple. The capture wizard will help you to locate the
|
|
<a name="l00186"></a>00186 appropriate interface on the remote machine.</p>
|
|
<a name="l00187"></a>00187 <p>If your preferred tool is not aware of the remote capture, you can still use
|
|
<a name="l00188"></a>00188 the remote capture. In this case you have to read the next Section.</p>
|
|
<a name="l00189"></a>00189 <p><b>Be carefully</b>: the capture server (<code>rpcapd</code>) must be up and
|
|
<a name="l00190"></a>00190 running on the remote machine.</p>
|
|
<a name="l00191"></a>00191 <h3>New <span class="keywordtype">string</span> specifiers for interface selection</h3>
|
|
<a name="l00192"></a>00192 <p>If your preferred tool is not aware of the remote capture, the only thing you
|
|
<a name="l00193"></a>00193 must do is to insert, as interface specifier, the indication of the remote
|
|
<a name="l00194"></a>00194 machine you want to contact. The following forms are allowed:</p>
|
|
<a name="l00195"></a>00195 <div align="left">
|
|
<a name="l00196"></a>00196 <table border="1">
|
|
<a name="l00197"></a>00197 <tr>
|
|
<a name="l00198"></a>00198 <th>Adapter String</th>
|
|
<a name="l00199"></a>00199 <th>Description</th>
|
|
<a name="l00200"></a>00200 </tr>
|
|
<a name="l00201"></a>00201 <tr>
|
|
<a name="l00202"></a>00202 <td>
|
|
<a name="l00203"></a>00203 <pre>file:<span class="comment">//filename</pre></span>
|
|
<a name="l00204"></a>00204 </td>
|
|
<a name="l00205"></a>00205 <td>It opens a local file.</td>
|
|
<a name="l00206"></a>00206 </tr>
|
|
<a name="l00207"></a>00207 <tr>
|
|
<a name="l00208"></a>00208 <td>
|
|
<a name="l00209"></a>00209 <pre>rpcap:<span class="comment">//host.foo.bar/adaptername</pre></span>
|
|
<a name="l00210"></a>00210 </td>
|
|
<a name="l00211"></a>00211 <td>It opens a remote adapter; the host is specified by means of the
|
|
<a name="l00212"></a>00212 literal name, without port number (i.e. it uses the RPCAP default port).</td>
|
|
<a name="l00213"></a>00213 </tr>
|
|
<a name="l00214"></a>00214 <tr>
|
|
<a name="l00215"></a>00215 <td>
|
|
<a name="l00216"></a>00216 <pre>rpcap:<span class="comment">//host.foo.bar:1234/adaptername</pre></span>
|
|
<a name="l00217"></a>00217 </td>
|
|
<a name="l00218"></a>00218 <td>It is the same as before, but it uses a different port number.</td>
|
|
<a name="l00219"></a>00219 </tr>
|
|
<a name="l00220"></a>00220 <tr>
|
|
<a name="l00221"></a>00221 <td>
|
|
<a name="l00222"></a>00222 <pre>rpcap:<span class="comment">//10.11.12.13/adaptername</pre></span>
|
|
<a name="l00223"></a>00223 </td>
|
|
<a name="l00224"></a>00224 <td>It opens a remote adapter, but the host is specified by means of an
|
|
<a name="l00225"></a>00225 IPv4 numeric address, without port number (i.e. it uses the RPCAP
|
|
<a name="l00226"></a>00226 default port).</td>
|
|
<a name="l00227"></a>00227 </tr>
|
|
<a name="l00228"></a>00228 <tr>
|
|
<a name="l00229"></a>00229 <td>
|
|
<a name="l00230"></a>00230 <pre>rpcap:<span class="comment">//10.11.12.13:1234/adaptername</pre></span>
|
|
<a name="l00231"></a>00231 </td>
|
|
<a name="l00232"></a>00232 <td>It is the same as before, but it uses a different port number.</td>
|
|
<a name="l00233"></a>00233 </tr>
|
|
<a name="l00234"></a>00234 <tr>
|
|
<a name="l00235"></a>00235 <td>
|
|
<a name="l00236"></a>00236 <pre>rpcap:<span class="comment">//[10.11.12.13]:1234/adaptername</pre></span>
|
|
<a name="l00237"></a>00237 </td>
|
|
<a name="l00238"></a>00238 <td>It is the same as before, but the numeric address is specified within
|
|
<a name="l00239"></a>00239 square brackets (like IPv6 addresses).</td>
|
|
<a name="l00240"></a>00240 </tr>
|
|
<a name="l00241"></a>00241 <tr>
|
|
<a name="l00242"></a>00242 <td>
|
|
<a name="l00243"></a>00243 <pre>rpcap:<span class="comment">//[1:2:3::4]/adaptername</pre></span>
|
|
<a name="l00244"></a>00244 </td>
|
|
<a name="l00245"></a>00245 <td>It opens a remote adapter, but the host is specified by means of an
|
|
<a name="l00246"></a>00246 IPv6 numeric address, without port number (i.e. it uses the RPCAP
|
|
<a name="l00247"></a>00247 default port). In case of IPv6 addresses you MUST use the square
|
|
<a name="l00248"></a>00248 brackets.</td>
|
|
<a name="l00249"></a>00249 </tr>
|
|
<a name="l00250"></a>00250 <tr>
|
|
<a name="l00251"></a>00251 <td>
|
|
<a name="l00252"></a>00252 <pre>rpcap:<span class="comment">//[1:2:3::4]:1234/adaptername</pre></span>
|
|
<a name="l00253"></a>00253 </td>
|
|
<a name="l00254"></a>00254 <td>It is the same as before, but it uses a different port number.</td>
|
|
<a name="l00255"></a>00255 </tr>
|
|
<a name="l00256"></a>00256 <tr>
|
|
<a name="l00257"></a>00257 <td>
|
|
<a name="l00258"></a>00258 <pre>rpcap:<span class="comment">//adaptername</pre></span>
|
|
<a name="l00259"></a>00259 </td>
|
|
<a name="l00260"></a>00260 <td>It opens a local adapter, without using the RPCAP protocol.</td>
|
|
<a name="l00261"></a>00261 </tr>
|
|
<a name="l00262"></a>00262 <tr>
|
|
<a name="l00263"></a>00263 <td>
|
|
<a name="l00264"></a>00264 <pre>adaptername</pre>
|
|
<a name="l00265"></a>00265 </td>
|
|
<a name="l00266"></a>00266 <td>It opens a local adapter; it is kept for compability, but it is
|
|
<a name="l00267"></a>00267 strongly discouraged.</td>
|
|
<a name="l00268"></a>00268 </tr>
|
|
<a name="l00269"></a>00269 <tr>
|
|
<a name="l00270"></a>00270 <td>
|
|
<a name="l00271"></a>00271 <pre>(NULL)</pre>
|
|
<a name="l00272"></a>00272 </td>
|
|
<a name="l00273"></a>00273 <td>It opens the first local adapter; it is kept for compability, but it
|
|
<a name="l00274"></a>00274 is strongly discouraged.</td>
|
|
<a name="l00275"></a>00275 </tr>
|
|
<a name="l00276"></a>00276 </table>
|
|
<a name="l00277"></a>00277 </div>
|
|
<a name="l00278"></a>00278 <p>The following formats are not allowed:</p>
|
|
<a name="l00279"></a>00279 <table border="1">
|
|
<a name="l00280"></a>00280 <tr>
|
|
<a name="l00281"></a>00281 <th>Adapter String</th>
|
|
<a name="l00282"></a>00282 <th>Description</th>
|
|
<a name="l00283"></a>00283 </tr>
|
|
<a name="l00284"></a>00284 <tr>
|
|
<a name="l00285"></a>00285 <td>
|
|
<a name="l00286"></a>00286 <pre>rpcap:<span class="comment">//</pre></span>
|
|
<a name="l00287"></a>00287 </td>
|
|
<a name="l00288"></a>00288 <td>It cannot be used to open the first local adapter.</td>
|
|
<a name="l00289"></a>00289 </tr>
|
|
<a name="l00290"></a>00290 <tr>
|
|
<a name="l00291"></a>00291 <td>
|
|
<a name="l00292"></a>00292 <pre>rpcap:<span class="comment">//hostname/</pre></span>
|
|
<a name="l00293"></a>00293 </td>
|
|
<a name="l00294"></a>00294 <td>It cannot be used to open the first remote adapter.</td>
|
|
<a name="l00295"></a>00295 </tr>
|
|
<a name="l00296"></a>00296 </table>
|
|
<a name="l00297"></a>00297 <h2><a name="UNIX"></a>Installing the Remote Capture <a class="code" href="wpcap__remote_8htm.html#a258f021c7879aa3b45bdf4d6e922d4f1">Daemon</a> in UNIX</h2>
|
|
<a name="l00298"></a>00298 <p>The WinPcap source archive can be compiled in UNIX as well. Currently, remote
|
|
<a name="l00299"></a>00299 capture has been tested on Linux and BSD. What you have to do is:</p>
|
|
<a name="l00300"></a>00300 <ul>
|
|
<a name="l00301"></a>00301 <li>download the WinPcap sources</li>
|
|
<a name="l00302"></a>00302 <li>unpack the sources
|
|
<a name="l00303"></a>00303 <ul>
|
|
<a name="l00304"></a>00304 <li>we suggest to use the <code>unzip -a</code> command in order to
|
|
<a name="l00305"></a>00305 convert DOS files to UNIX ones</li>
|
|
<a name="l00306"></a>00306 </ul>
|
|
<a name="l00307"></a>00307 </li>
|
|
<a name="l00308"></a>00308 <li>move to the <code>libpcap</code> folder</li>
|
|
<a name="l00309"></a>00309 <li>type:
|
|
<a name="l00310"></a>00310 <ul>
|
|
<a name="l00311"></a>00311 <li><code>./configure</code></li>
|
|
<a name="l00312"></a>00312 <li><b>Warning</b>: in case the previous step reports an error, please
|
|
<a name="l00313"></a>00313 regenerate the <code>configure</code> file using <code>automake</code>
|
|
<a name="l00314"></a>00314 (version 2.50 or higher required)</li>
|
|
<a name="l00315"></a>00315 <li><code>make</code></li>
|
|
<a name="l00316"></a>00316 </ul>
|
|
<a name="l00317"></a>00317 </li>
|
|
<a name="l00318"></a>00318 <li>move to the <code>rpcapd</code> folder</li>
|
|
<a name="l00319"></a>00319 <li>type <code>make</code></li>
|
|
<a name="l00320"></a>00320 </ul>
|
|
<a name="l00321"></a>00321 <p>The remote capture capabilities are turned on by default on Linux and
|
|
<a name="l00322"></a>00322 FreeBSD. In case you do not want remote capture capabilities in libpcap, you can
|
|
<a name="l00323"></a>00323 type</p>
|
|
<a name="l00324"></a>00324 <pre> ./configure --disable-remote</pre>
|
|
<a name="l00325"></a>00325 <p>at the &quot;<code>configure</code>&quot; step. All the possible flags are
|
|
<a name="l00326"></a>00326 listed when typing <code>./configure --help</code>.</p>
|
|
<a name="l00327"></a>00327 <p>What you obtained right now, is:</p>
|
|
<a name="l00328"></a>00328 <ul>
|
|
<a name="l00329"></a>00329 <li>a library file (<code>libpcap.a</code>), which can be linked to other
|
|
<a name="l00330"></a>00330 applications (like <code>tcpdump</code>) in order to enable the remote
|
|
<a name="l00331"></a>00331 capture for them.</li>
|
|
<a name="l00332"></a>00332 <li>an executable (<code>rpcapd</code>) that is the remote daemon</li>
|
|
<a name="l00333"></a>00333 </ul>
|
|
<a name="l00334"></a>00334 <p><b>Warning</b>: in order to run the <code>rpcapd</code> daemon, the program
|
|
<a name="l00335"></a>00335 must either</p>
|
|
<a name="l00336"></a>00336 <ul>
|
|
<a name="l00337"></a>00337 <li>run as root (or)</li>
|
|
<a name="l00338"></a>00338 <li>run as user, but it must be owned by root and must be SUID root (<code>chmod
|
|
<a name="l00339"></a>00339 u+s rpcapd</code>)</li>
|
|
<a name="l00340"></a>00340 </ul>
|
|
<a name="l00341"></a>00341 <h3>Known bugs</h3>
|
|
<a name="l00342"></a>00342 <p><b>FreeBSD</b>: the first time you call the <code><a class="code" href="structpcap__stat.html" title="Structure that keeps statistical values on an interface.">pcap_stat</a>()</code>, the
|
|
<a name="l00343"></a>00343 function takes several seconds to return. Therefore, programs like Analyzer seem
|
|
<a name="l00344"></a>00344 to hang up for 20-30 seconds at the beginning of the capture (if this is done
|
|
<a name="l00345"></a>00345 with BSD as a remote probe). We're investigating to solve this issue.</p>
|
|
<a name="l00346"></a>00346 <p><i>For any question, please refer to the WinPcap help page.</i></p>
|
|
<a name="l00347"></a>00347
|
|
<a name="l00348"></a>00348 </body>
|
|
<a name="l00349"></a>00349
|
|
<a name="l00350"></a>00350 </html>
|
|
</pre></div></div>
|
|
|
|
<hr>
|
|
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
|
|
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
|
|
CACE Technologies. All rights reserved.</p>
|