# rpcapd-linux **Repository Path**: whilewon/rpcapd-linux ## Basic Information - **Project Name**: rpcapd-linux - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2022-03-29 - **Last Updated**: 2022-03-29 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # rpcapd utility for Linux rpcapd is a daemon that provides remote traffic capture for Windows version of [Wireshark](http://www.wireshark.org) protocol analyzer. It is shipped with [WinPcap](http://www.winpcap.org/) network capture library for Windows but is absent from libpcap in Linux. This is a fork of rpcapd modified to compile and work in Linux. It is still quite messy and may not compile or work. ## Building This fork ships with a patched libpcap version found in WinPcap library. Installation under Ubuntu Linux: sudo apt-get build-dep libpcap cd rpcapd/libpcap ./configure && make cd ../ make Installation under Centos/Fedora/Redhat Linux: libcrypt.a in glibc-static is broken in ,remove `-static` in Makefile yum install -y byacc glibc-static libgcrypt-devel cd rpcapd/libpcap ./configure && make cd ../ make ## Using This tool is to be used with Windows clients connecting to the linux box. Launch this tool using sudo ./rpcapd -4 -n -p You can specify a data transfer port rather than a random port by default. sudo ./rpcapd -4 -n -t -p Root privileges are needed to capture the interfaces. There are two ways to connect from a Windows box: 1. Use GUI in Wireshark *Capture Options* dialog. Tested on Wireshark 1.7.1. 2. Invoke wireshark from commnd line specifying capture interface directly: wireshark -k -i rpcapd://:/ `-k` means *start capture immedietly* and `-i` stands for *interface*. You can create a Windows shortcut or something afterwards.