This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Rpcapd for Fedora 13-64 bit

0

Hello Everyone,

I want to know that, is there any package of rpcapd ( for Remote capturing ) for Fedora 13-64 bit? Or any rpcapd package for 64-bit Linux will work on that?

Please reply!!

asked 25 Sep '12, 21:28

baila's gravatar image

baila
21101115
accept rate: 0%

One Answer:

0

To the best of my knowledge rpcapd.exe is part of WinPACP and doesn't exist for linux, so you won't find it in any repositories.

There are how-to blogs out there that take you through recompiling the daemon for linux (Like Here), but these are not guaranteed to work:

However, linux does not need rpcapd, from the remote capture section of the wireshark docs:

Microsoft Windows only

This dialog and capability is only available on Microsoft Windows. On Linux/Unix you can achieve the same effect (securely) through an SSH tunnel.

I suggest you google a bit and learn about SSH tunnels, this might be a quick starter for you (Linux Tunnels for Wireshark).

Cheers,

Craig.

answered 26 Sep '12, 05:32

CTNOBLE's gravatar image

CTNOBLE
11236
accept rate: 0%

I am actually working from Local Windows machine!!

(26 Sep '12, 07:39) baila

Have a look at plink.

Or search around this forum for details on how to run cross-platform captures, I'm sure there was a similar question recently, they pointed to this:

http://www.winpcap.org/docs/docs_40_2/html/group__remote.html

(26 Sep '12, 07:44) CTNOBLE

Hi all,

I have tried with Fedora 13-32 bit. I have followed the steps mentioned at http://www.pawelko.net/linux/38-Here . The rpcapd is started successfully. But when I am trying to get the interface list from my local machine,it shows "Can't get list of interfaces: The other host terminated the connection."

On another wireshark terminal I found that the authentication is successful with the remote machine. But when the local machine request for the interface list, the remote sends "FIN,ACK" packet.

Please Help me [email protected]!

(30 Sep '12, 23:27) baila

@baila: Did you provide enough capabilities to rpcapd to see any interface?

(30 Sep '12, 23:52) Jaap ♦

"enough capabilities" means? I am running by simply "./rpcapd" on remote machine!

(30 Sep '12, 23:59) baila

it gives the same result while I am running rpcapd on remote machine with NULL authentication!!

(01 Oct '12, 00:25) baila

To capture on a linux machine you need to be root.

$ sudo rpcapd

(01 Oct '12, 01:43) CTNOBLE

I'm refering to http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

(01 Oct '12, 08:13) Jaap ♦
showing 5 of 8 show 3 more comments