The Tcpdump Group git mirrors - libpcap/blob - rpcapd/rpcapd.manadmin.in

   1 .\"  rpcapd.8
   2 .\"
   3 .\"  Copyright (c) 2002-2005 NetGroup, Politecnico di Torino (Italy)
   4 .\"  Copyright (c) 2005-2009 CACE Technologies
   5 .\"  Copyright (c) 2018-     The TCPdump Group
   6 .\"  All rights reserved.
   7 .\"
   8 .\"  Redistribution and use in source and binary forms, with or without
   9 .\"  modification, are permitted provided that the following conditions
  10 .\"  are met:
  11 .\"
  12 .\"  1. Redistributions of source code must retain the above copyright
  13 .\"  notice, this list of conditions and the following disclaimer.
  14 .\"  2. Redistributions in binary form must reproduce the above copyright
  15 .\"  notice, this list of conditions and the following disclaimer in the
  16 .\"  documentation and/or other materials provided with the distribution.
  17 .\"  3. Neither the name of the Politecnico di Torino nor the names of its
  18 .\"  contributors may be used to endorse or promote products derived from
  19 .\"  this software without specific prior written permission.
  20 .\"
  21 .\"  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  22 .\"  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  23 .\"  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  24 .\"  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  25 .\"  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  26 .\"  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  27 .\"  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  28 .\"  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  29 .\"  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  30 .\"  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  31 .\"  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  32 .\"
  33 .TH RPCAPD @MAN_ADMIN_COMMANDS@ "April 20, 2018"
  34 .SH NAME
  35 rpcapd \- capture daemon to be controlled by a remote libpcap application
  36 .SH SYNOPSIS
  37 .na
  38 rpcapd
  39 [
  40 .B \-b
  41 .I address
  42 ] [
  43 .B \-p
  44 .I port
  45 ] [
  46 .B \-4
  47 ] [
  48 .B \-l
  49 .I host_list
  50 ]
  51 .br
  52 .ti +8
  53 [
  54 .B \-a
  55 .IR host , port
  56 ] [
  57 .B \-n
  58 ] [
  59 .B \-v
  60 ] [
  61 .B \-d
  62 ] [
  63 .B \-i
  64 ] [
  65 .B \-s
  66 .I config_file
  67 ]
  68 .br
  69 .ti +8
  70 [
  71 .B \-f
  72 .I config_file
  73 ]
  74 .br
  75 .ad
  76 .SH DESCRIPTION
  77 .LP
  78 \fIRpcapd\fP is a daemon (Unix) or service (Win32) that allows the capture
  79 and filter part of libpcap to be run on a remote system.
  80 .LP
  81 Rpcapd can run in two modes: passive mode (default) and active mode.
  82 .LP
  83 In passive mode, the client (e.g., a network sniffer) connects to
  84 .BR rpcapd .
  85 It then sends hem the appropriate commands to start the capture.
  86 .LP
  87 In active mode,
  88 .B rpcapd
  89 tries to establish a connection toward the client
  90 (e.g., a network sniffer). The client then sends the appropriate commands
  91 to rpcapd to start the capture.
  92 .LP
  93 Active mode is useful in case
  94 .B rpcapd
  95 is run behind a firewall and
  96 cannot receive connections from the external world. In this case,
  97 .B rpcapd
  98 can be configured to establish the connection to a given host,
  99 which has to be configured in order to wait for that connection. After
 100 establishing the connection, the protocol continues its job in almost
 101 the same way in both active and passive mode.
 102 .SH Configuration file
 103 .LP
 104 The user can create a configuration file in the same folder of the
 105 executable, and put the configuration commands in there. In order for
 106 rpcapd to execute the commands, you have to restart it on Win32, i.e.
 107 the initialization file is parsed only at the beginning). The UNIX
 108 version of rpcapd will reread the configuration file when receiving a
 109 HUP signel. In that case, all the existing connections remain in place,
 110 while the new connections will be created according to the new parameters.
 111 .LP
 112 In case a user does not want to create the configuration file manually,
 113 they can launch rpcapd with the requested parameters plus "-s filename".
 114 Rpcapd will parse all the parameters and save them into the specified
 115 configuration file.
 116 .SH Installing rpcapd on Win32
 117 .LP
 118 The remote daemon is installed automatically when installing WinPcap.
 119 The installation process places the rpcapd file into the WinPcap folder.
 120 This file can be executed either from the command line, or as a service.
 121 For instance, the installation process updates the list of available
 122 services list and it creates a new item (Remote Packet Capture Protocol
 123 v.0 (experimental) ).  To avoid security problems, the service is
 124 inactive and it has to be started manually (control panel -
 125 administrative tools - services - start).
 126 .LP
 127 The service has a set of "standard" parameters, i.e. it is launched
 128 with the
 129 .B \-d
 130 flag (in order to make it run as a service) and the
 131 .B "-f rpcapd.ini"
 132 flag.
 133 .SH Starting rpcapd on Win32
 134 .LP
 135 The rpcapd executable can be launched directly, i.e.  it can run in the
 136 foreground as well (not as a daemon/service).  The procedure is quite
 137 simple: you have to invoke the executable from the command line with all
 138 the requested parameters except for the
 139 .B \-d
 140 flag.  The capture server will
 141 start in the foreground.
 142 .SH Installing rpcapd on Unix-like systems
 143 TBD
 144 .SH Starting rpcapd on Unix-like systems
 145 .B rpcapd
 146 needs sufficient privileges to perform packet capture, e.g.
 147 run as root or be owned by root and have suid set. Most operating
 148 systems provide more elegant solutions when run as user than the
 149 above solutions, all of them different.
 150 .SH OPTIONS
 151 .TP
 152 .BI \-b " address"
 153 Bind to the IP address specified by
 154 .I address
 155 (either numeric or literal).
 156 By default,
 157 .B rpcapd
 158 binds to all local IPv4 and IPv6 addresses.
 159 .TP
 160 .BI \-p " port"
 161 Bind to the port specified by
 162 .IR port .
 163 By default,
 164 .B rpcapd
 165 binds to port 2002.
 166 .TP
 167 .B \-4
 168 Listen only on IPv4 addresses.
 169 By default,
 170 .B rpcapd
 171 listens on both IPv4 and IPv6 addresses.
 172 .TP
 173 .BI -l " host_list"
 174 Only allow hosts specified in the
 175 .I host_list
 176 file to connect to this server.
 177 Hosts are listed one per line.
 178 We suggest that you use use host names rather than literal IP addresses
 179 in order to avoid problems with different address families.
 180 .TP
 181 .B \-n
 182 Permit NULL authentication (usually used with
 183 .BR \-l ).
 184 .TP
 185 .BI \-a " host" , "port"
 186 Run in active mode, connecting to host
 187 .I host
 188 on port
 189 .IR port .
 190 In case
 191 .I port
 192 is omitted, the default port (2003) is used.
 193 .TP
 194 .B -v
 195 Run in active mode only; by default, if
 196 .B \-a
 197 is specified,
 198 .B rpcapd
 199 it accepts passive connections as well.
 200 .TP
 201 .B \-d
 202 Run in daemon mode (UNIX only) or as a service (Win32 only)
 203 Warning (Win32): this switch is provided automatically when
 204 the service is started from the control panel.
 205 .TP
 206 .B \-i
 207 Run in inetd mode (UNIX only).
 208 .TP
 209 .BI \-s " config_file"
 210 Save the current configuration to
 211 .IR config_file .
 212 .TP
 213 .BI \-f " config_file"
 214 Load the current configuration from
 215 .IR config_file ;
 216 all switches specified from the command line are ignored.
 217 .TP
 218 .B \-h
 219 Print this help screen.
 220 .br
 221 .ad
 222 .SH "SEE ALSO"
 223 pcap(3PCAP)