rpcapd utility modified to compile under linux
Clone or download
frgtn Merge pull request #4 from liuyangc3/master
Add an option that user can choose the data transfer port
Latest commit 924fc55 Jan 21, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
libpcap Initial commit including rpcapd and patched libpcap library. Mar 8, 2012
.gitignore Interface discovery now works, updated README. Apr 10, 2012
Makefile Initial commit including rpcapd and patched libpcap library. Mar 8, 2012
README.md add build on redhat/centOS doc. Jan 19, 2017
daemon.c add data transfer port Jan 19, 2017
daemon.h add data transfer port Jan 19, 2017
fileconf.c Initial commit including rpcapd and patched libpcap library. Mar 8, 2012
fileconf.h
resource.h Initial commit including rpcapd and patched libpcap library. Mar 8, 2012
rpcapd.c fix duplicate case Jan 19, 2017
rpcapd.h
utils.c Initial commit including rpcapd and patched libpcap library. Mar 8, 2012
utils.h

README.md

rpcapd utility for Linux

rpcapd is a daemon that provides remote traffic capture for Windows version of Wireshark protocol analyzer. It is shipped with WinPcap network capture library for Windows but is absent from libpcap in Linux.

This is a fork of rpcapd modified to compile and work in Linux.

It is still quite messy and may not compile or work.

Building

This fork ships with a patched libpcap version found in WinPcap library.

Installation under Ubuntu Linux:

sudo apt-get build-dep libpcap
cd rpcapd/libpcap
./configure && make
cd ../
make

Installation under Centos/Fedora/Redhat Linux:

libcrypt.a in glibc-static is broken in ,remove -static in Makefile

 yum install -y byacc glibc-static libgcrypt-devel
 cd rpcapd/libpcap
 ./configure && make
 cd ../
 make

Using

This tool is to be used with Windows clients connecting to the linux box. Launch this tool using

sudo ./rpcapd -4 -n -p <chosen_port>

You can specify a data transfer port rather than a random port by default.

sudo ./rpcapd -4 -n -t <data_transfer_port> -p <chosen_port>

Root privileges are needed to capture the interfaces.

There are two ways to connect from a Windows box:

  1. Use GUI in Wireshark Capture Options dialog. Tested on Wireshark 1.7.1.
  2. Invoke wireshark from commnd line specifying capture interface directly:
wireshark -k -i rpcapd://<capture_box_ip>:<rpcapd_port>/<interface_to_capture>

-k means start capture immedietly and -i stands for interface. You can create a Windows shortcut or something afterwards.