rpcapd utility for Linux

rpcapd is a daemon that provides remote traffic capture for Windows version of Wireshark protocol analyzer. It is shipped with WinPcap network capture library for Windows but is absent from libpcap in Linux.

This is a fork of rpcapd modified to compile and work in Linux.

It is still quite messy and may not compile or work.

Building

This fork ships with a patched libpcap version found in WinPcap library.

Installation under Ubuntu Linux:

sudo apt-get build-dep libpcap
cd rpcapd/libpcap
./configure && make
cd ../
make

Using

This tool is to be used with Windows clients connecting to the linux box. Launch this tool using

sudo ./rpcapd -4 -n -p <chosen_port>

Root privileges are needed to capture the interfaces.

There are two ways to connect from a Windows box:

Use GUI in Wireshark Capture Options dialog. Tested on Wireshark 1.7.1.
Invoke wireshark from commnd line specifying capture interface directly:

wireshark -k -i rpcapd://<capture_box_ip>:<rpcapd_port>/<interface_to_capture>

-k means start capture immedietly and -i stands for interface. You can create a Windows shortcut or something afterwards.

About

rpcapd utility modified to compile under linux

Languages

Language:C 91.8%Language:HTML 2.1%Language:Makefile 1.3%Language:Yacc 1.1%Language:C++ 1.0%Language:Assembly 0.9%Language:Shell 0.8%Language:Lex 0.6%Language:Objective-C 0.3%Language:Groff 0.1%