3 .\" Copyright (c) 2002-2005 NetGroup, Politecnico di Torino (Italy)
4 .\" Copyright (c) 2005-2009 CACE Technologies
5 .\" Copyright (c) 2018- The TCPdump Group
6 .\" All rights reserved.
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
17 .\" 3. Neither the name of the Politecnico di Torino nor the names of its
18 .\" contributors may be used to endorse or promote products derived from
19 .\" this software without specific prior written permission.
21 .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 .\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 .\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 .\" OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 .\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 .\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 .TH RPCAPD @MAN_ADMIN_COMMANDS@ "21 August 2024"
35 rpcapd \- capture daemon to be controlled by a remote libpcap application
95 \fIRpcapd\fP is a daemon (Unix) or service (Win32) that allows the capture
96 and filter part of libpcap to be run on a remote system.
98 Rpcapd can run in two modes: passive mode (default) and active mode.
100 In passive mode, the client (e.g., a network sniffer) connects to
102 The client then sends the appropriate commands to
104 to start the capture.
108 tries to establish a connection toward the client
109 (e.g., a network sniffer). The client then sends the appropriate commands
110 to rpcapd to start the capture.
112 Active mode is useful in case
114 is run behind a firewall and
115 cannot receive connections from the external world. In this case,
117 can be configured to establish the connection to a given host,
118 which has to be configured in order to wait for that connection. After
119 establishing the connection, the protocol continues its job in almost
120 the same way in both active and passive mode.
121 .SH Configuration file
123 The user can create a configuration file in the same directory as the
124 executable, and put the configuration commands in there. In order for
126 to execute the commands, it needs to be restarted on Win32, i.e.
127 the configuration file is parsed only at the beginning. The UNIX
130 will reread the configuration file upon receiving a
132 signal. In that case, all the existing connections remain in place,
133 while the new connections will be created according to the new parameters.
135 In case a user does not want to create the configuration file manually,
138 with the desired flags plus
140 Rpcapd will parse all the parameters and save them into the specified
142 .SH Installing rpcapd on Win32
144 The remote daemon is installed automatically when installing WinPcap.
145 The installation process places the
147 executable file into the WinPcap folder.
148 This file can be executed either from the command line, or as a service.
149 For instance, the installation process updates the list of available
150 services list and it creates a new item (Remote Packet Capture Protocol
151 v.0 (experimental)). To avoid security problems, the service is
152 inactive and it has to be started manually (control panel -
153 administrative tools - services - start).
155 The service has a set of "standard" parameters, i.e. it is launched
158 flag (in order to make it run as a service) and the
161 .SH Starting rpcapd on Win32
165 executable can be launched directly, i.e. it can run in the
166 foreground as well (not as a daemon/service). The procedure is quite
167 simple: you have to invoke the executable from the command line with all
168 the requested parameters except for the
170 flag. The capture server will
171 start in the foreground.
172 .SH Installing rpcapd on Unix-like systems
174 .SH Starting rpcapd on Unix-like systems
176 needs sufficient privileges to perform packet capture, e.g.
177 run as root or be owned by root and have suid set. Most operating
178 systems provide more elegant solutions when run as user than the
179 above solutions, all of them different.
181 If your system supports
183 and the corresponding
187 service files have been
188 installed, the rpcapd service can be enabled by enabling the
192 If your system supports
193 .BR launchd (@MAN_ADMIN_COMMANDS@)
195 .B org.tcpdump.rpcapd.plist
196 file has been installed, the rpcapd service can be enabled by loading
198 .B org.tcpdump.rpcapd
201 If your system supports
202 .BR inetd (@MAN_ADMIN_COMMANDS@)
205 entry has been added to
206 .BR inetd.conf (@MAN_FILE_FORMATS@),
207 the rpcapd service can be enabled by telling inetd
208 to reread its configuration file.
210 If your system supports
211 .BR xinetd (@MAN_ADMIN_COMMANDS@)
213 .B rpcapd.xinetd.conf
214 entry has been added to
215 .BR xinetd.conf (@MAN_FILE_FORMATS@),
216 the rpcapd service can be enabled by telling xinetd
217 to reread its configuration file.
221 Bind to the IP address specified by
223 (either numeric or literal).
226 binds to all local IPv4 and IPv6 addresses.
229 Bind to the port specified by
236 Use the port specified by
238 as the port for data transfer.
241 uses a port chosen by the operating system.
244 Listen only on IPv4 addresses.
247 listens on both IPv4 and IPv6 addresses.
250 Only allow hosts specified in the
252 argument to connect to this server.
254 is a list of host names or IP addresses, separated by commas.
255 We suggest that you use host names rather than literal IP addresses
256 in order to avoid problems with different address families.
259 Permit NULL authentication (usually used with the
263 .BI \-a " host" , "port"
264 Run in active mode, connecting to host
270 is omitted, the default port (2003) is used.
273 Run in active mode only; by default, if
277 accepts passive connections as well.
280 Run in daemon mode (UNIX only) or as a service (Win32 only).
281 Warning (Win32): this flag is specified automatically when
282 the service is started from the control panel.
285 Run in inetd mode (UNIX only).
288 Log debugging messages.
290 .BI \-s " config_file"
291 Save the current configuration to
293 in the format specified by
294 .BR rpcapd-config (@MAN_FILE_FORMATS@).
296 .BI \-f " config_file"
297 Load the current configuration from
299 in the format specified by
300 .BR rpcapd-config (@MAN_FILE_FORMATS@)
301 and ignore all flags specified on the command line.
304 Print this help screen.
308 was compiled with SSL support, the following options are also
312 Require that SSL be used on connections.
315 With SSL enabled, XXX - I'm not sure how *fetching* the list of
316 compression mechanisms does anything to compression.
318 .BI \-K " ssl_keyfile"
319 With SSL enabled, use
323 .BI \-X " ssl_certfile"
324 With SSL enabled, use
326 as the SSL certificate file.
331 .BR rpcapd-config (@MAN_FILE_FORMATS@)
projects / libpcap / blob