rpcapd.manadmin 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. .\" rpcapd.8
  2. .\"
  3. .\" Copyright (c) 2002-2005 NetGroup, Politecnico di Torino (Italy)
  4. .\" Copyright (c) 2005-2009 CACE Technologies
  5. .\" Copyright (c) 2018- The TCPdump Group
  6. .\" All rights reserved.
  7. .\"
  8. .\" Redistribution and use in source and binary forms, with or without
  9. .\" modification, are permitted provided that the following conditions
  10. .\" are met:
  11. .\"
  12. .\" 1. Redistributions of source code must retain the above copyright
  13. .\" notice, this list of conditions and the following disclaimer.
  14. .\" 2. Redistributions in binary form must reproduce the above copyright
  15. .\" notice, this list of conditions and the following disclaimer in the
  16. .\" documentation and/or other materials provided with the distribution.
  17. .\" 3. Neither the name of the Politecnico di Torino nor the names of its
  18. .\" contributors may be used to endorse or promote products derived from
  19. .\" this software without specific prior written permission.
  20. .\"
  21. .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  22. .\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  23. .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  24. .\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  25. .\" OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  26. .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  27. .\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  28. .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  29. .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  30. .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  31. .\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  32. .\"
  33. .TH RPCAPD 8 "April 20, 2018"
  34. .SH NAME
  35. rpcapd \- capture daemon to be controlled by a remote libpcap application
  36. .SH SYNOPSIS
  37. .na
  38. rpcapd
  39. [
  40. .B \-b
  41. .I address
  42. ] [
  43. .B \-p
  44. .I port
  45. ] [
  46. .B \-4
  47. ] [
  48. .B \-l
  49. .I host_list
  50. ]
  51. .br
  52. .ti +8
  53. [
  54. .B \-a
  55. .IR host , port
  56. ] [
  57. .B \-n
  58. ] [
  59. .B \-v
  60. ] [
  61. .B \-d
  62. ] [
  63. .B \-i
  64. ] [
  65. .B \-s
  66. .I config_file
  67. ]
  68. .br
  69. .ti +8
  70. [
  71. .B \-f
  72. .I config_file
  73. ]
  74. .br
  75. .ad
  76. .SH DESCRIPTION
  77. .LP
  78. \fIRpcapd\fP is a daemon (Unix) or service (Win32) that allows the capture
  79. and filter part of libpcap to be run on a remote system.
  80. .LP
  81. Rpcapd can run in two modes: passive mode (default) and active mode.
  82. .LP
  83. In passive mode, the client (e.g., a network sniffer) connects to
  84. .BR rpcapd .
  85. It then sends hem the appropriate commands to start the capture.
  86. .LP
  87. In active mode,
  88. .B rpcapd
  89. tries to establish a connection toward the client
  90. (e.g., a network sniffer). The client then sends the appropriate commands
  91. to rpcapd to start the capture.
  92. .LP
  93. Active mode is useful in case
  94. .B rpcapd
  95. is run behind a firewall and
  96. cannot receive connections from the external world. In this case,
  97. .B rpcapd
  98. can be configured to establish the connection to a given host,
  99. which has to be configured in order to wait for that connection. After
  100. establishing the connection, the protocol continues its job in almost
  101. the same way in both active and passive mode.
  102. .SH Configuration file
  103. .LP
  104. The user can create a configuration file in the same folder of the
  105. executable, and put the configuration commands in there. In order for
  106. rpcapd to execute the commands, you have to restart it on Win32, i.e.
  107. the initialization file is parsed only at the beginning). The UNIX
  108. version of rpcapd will reread the configuration file when receiving a
  109. HUP signel. In that case, all the existing connections remain in place,
  110. while the new connections will be created according to the new parameters.
  111. .LP
  112. In case a user does not want to create the configuration file manually,
  113. they can launch rpcapd with the requested parameters plus "-s filename".
  114. Rpcapd will parse all the parameters and save them into the specified
  115. configuration file.
  116. .SH Installing rpcapd on Win32
  117. .LP
  118. The remote daemon is installed automatically when installing WinPcap.
  119. The installation process places the rpcapd file into the WinPcap folder.
  120. This file can be executed either from the command line, or as a service.
  121. For instance, the installation process updates the list of available
  122. services list and it creates a new item (Remote Packet Capture Protocol
  123. v.0 (experimental) ). To avoid security problems, the service is
  124. inactive and it has to be started manually (control panel -
  125. administrative tools - services - start).
  126. .LP
  127. The service has a set of "standard" parameters, i.e. it is launched
  128. with the
  129. .B \-d
  130. flag (in order to make it run as a service) and the
  131. .B "-f rpcapd.ini"
  132. flag.
  133. .SH Starting rpcapd on Win32
  134. .LP
  135. The rpcapd executable can be launched directly, i.e. it can run in the
  136. foreground as well (not as a daemon/service). The procedure is quite
  137. simple: you have to invoke the executable from the command line with all
  138. the requested parameters except for the
  139. .B \-d
  140. flag. The capture server will
  141. start in the foreground.
  142. .SH Installing rpcapd on Unix-like systems
  143. TBD
  144. .SH Starting rpcapd on Unix-like systems
  145. .B rpcapd
  146. needs sufficient privileges to perform packet capture, e.g.
  147. run as root or be owned by root and have suid set. Most operating
  148. systems provide more elegant solutions when run as user than the
  149. above solutions, all of them different.
  150. .SH OPTIONS
  151. .TP
  152. .BI \-b " address"
  153. Bind to the IP address specified by
  154. .I address
  155. (either numeric or literal).
  156. By default,
  157. .B rpcapd
  158. binds to all local IPv4 and IPv6 addresses.
  159. .TP
  160. .BI \-p " port"
  161. Bind to the port specified by
  162. .IR port .
  163. By default,
  164. .B rpcapd
  165. binds to port 2002.
  166. .TP
  167. .B \-4
  168. Listen only on IPv4 addresses.
  169. By default,
  170. .B rpcapd
  171. listens on both IPv4 and IPv6 addresses.
  172. .TP
  173. .BI -l " host_list"
  174. Only allow hosts specified in the
  175. .I host_list
  176. file to connect to this server.
  177. Hosts are listed one per line.
  178. We suggest that you use use host names rather than literal IP addresses
  179. in order to avoid problems with different address families.
  180. .TP
  181. .B \-n
  182. Permit NULL authentication (usually used with
  183. .BR \-l ).
  184. .TP
  185. .BI \-a " host" , "port"
  186. Run in active mode, connecting to host
  187. .I host
  188. on port
  189. .IR port .
  190. In case
  191. .I port
  192. is omitted, the default port (2003) is used.
  193. .TP
  194. .B -v
  195. Run in active mode only; by default, if
  196. .B \-a
  197. is specified,
  198. .B rpcapd
  199. it accepts passive connections as well.
  200. .TP
  201. .B \-d
  202. Run in daemon mode (UNIX only) or as a service (Win32 only)
  203. Warning (Win32): this switch is provided automatically when
  204. the service is started from the control panel.
  205. .TP
  206. .B \-i
  207. Run in inetd mode (UNIX only).
  208. .TP
  209. .BI \-s " config_file"
  210. Save the current configuration to
  211. .IR config_file .
  212. .TP
  213. .BI \-f " config_file"
  214. Load the current configuration from
  215. .IR config_file ;
  216. all switches specified from the command line are ignored.
  217. .TP
  218. .B \-h
  219. Print this help screen.
  220. .br
  221. .ad
  222. .SH "SEE ALSO"
  223. pcap(3PCAP)