Remote packet capture protocol v 0 experimental что это
filecheck .ru
Вот так, вы сможете исправить ошибки, связанные с rpcapd.exe
Информация о файле rpcapd.exe
Описание: rpcapd.exe не является необходимым для Windows. Rpcapd.exe находится в подпапках «C:\Program Files». Известны следующие размеры файла для Windows 10/8/7/XP 86,016 байт (45% всех случаев), 118,520 байт, 117,264 байт или 93,048 байт. 
Это не системный файл Windows. У процесса нет видимого окна. Процесс использует порт, чтобы присоединится к сети или интернету. Сертифицировано надежной компанией. Это файл, подписанный Verisign. Поэтому технический рейтинг надежности 33% опасности.
Разработчик Riverbed поддерживает сайт с Обновлением и деинсталлятором (Панель управления ⇒ Установка и удаление программ ⇒ WinPcap или Wireless Manager).
Важно: Некоторые вредоносные программы маскируют себя как rpcapd.exe, особенно, если они расположены в каталоге c:\windows или c:\windows\system32. Таким образом, вы должны проверить файл rpcapd.exe на вашем ПК, чтобы убедиться, что это угроза. Мы рекомендуем Security Task Manager для проверки безопасности вашего компьютера.
Комментарий пользователя
Лучшие практики для исправления проблем с rpcapd
Если у вас актуальные проблемы, попробуйте вспомнить, что вы делали в последнее время, или последнюю программу, которую вы устанавливали перед тем, как появилась впервые проблема. Используйте команду resmon, чтобы определить процесс, который вызывает проблемы. Даже если у вас серьезные проблемы с компьютером, прежде чем переустанавливать Windows, лучше попробуйте восстановить целостность установки ОС или для Windows 8 и более поздних версий Windows выполнить команду DISM.exe /Online /Cleanup-image /Restorehealth. Это позволит восстановить операционную систему без потери данных.
rpcapd сканер
Security Task Manager показывает все запущенные сервисы Windows, включая внедренные скрытые приложения (например, мониторинг клавиатуры или браузера, авто вход). Уникальный рейтинг надежности указывает на вероятность того, что процесс потенциально может быть вредоносной программой-шпионом, кейлоггером или трояном.
Бесплатный aнтивирус находит и удаляет неактивные программы-шпионы, рекламу, трояны, кейлоггеры, вредоносные и следящие программы с вашего жесткого диска. Идеальное дополнение к Security Task Manager.
Reimage бесплатное сканирование, очистка, восстановление и оптимизация вашей системы.
Команда rpcapd
Содержание
Описание
Протокол RPCAP (Remote Packet Capture) предназначен для мониторинга сетевого трафика и захвата пакетов, поступающих на удаленное устройство в сети, для контроля и анализа транзитных потоков данных.
Протокол RPCAP подразумевает взаимодействие удаленного устройства и программы анализа сетевых данных (анализатора пакетов) по схеме сервер-клиент. На удаленном устройстве запускается демон RPCAP, который принимает запросы на соединение от клиентских приложений, производит аутентификацию и начинает обслуживание авторизованных клиентов: «прослушивает» сеть и передаёт запрошенные пакеты клиенту для обработки и анализа.
Устройства «Инфинет» имеют встроенный демон RPCAP. Его конфигурация производится с помощью команды “rpcapd”.
Синтаксис:
Параметры
Параметры управления учетными записями пользователей для подключения к устройству по протоколу RPCAP:
Если в конфигурации RPCAP нет ни одного пользователя, то демон будет запрещать все попытки подключения к нему. Чтобы разрешить соединения от любых клиентов, необходимо использовать пустые значения параметров “user” и “key”.
[-port[=PORT]] [-maxconn[=MAXCONNECTIONS]] [start|stop]
Если команда используется без параметров (rpcapd start), то она устанавливает стандартное значение порта RPCAP 2002 и разрешает неограниченное число клиентских соединений. Для установки других значений порта и максимально разрешённого количества соединений используются параметры “port” и “maxconn”.
Параметры «start/stop» выполняют запуск/остановку демона.
[-buffersize=[SND_BUFFER_SIZE]]
Устанавливает размер внутреннего буфера демона RPCAP на передачу захваченных пакетов клиенту. Размер буфера по умолчанию равен 32 Кб.
show [-s=SOURCENAME]
source
Отображает список ресурсов на данном устройстве, доступных для мониторинга через протокол RPCAP.
clear
Примеры
Разрешим соединения от любых клиентов по протоколу RPCAP.
С помощью параметра «source» выведем список ресурсов доступных на устройстве.
Remote packet capture protocol v 0 experimental что это
Rpcapd is a daemon (Unix) or service (Win32) that allows the capture and filter part of libpcap to be run on a remote system.
Rpcapd can run in two modes: passive mode (default) and active mode.
In active mode, rpcapd tries to establish a connection toward the client (e.g., a network sniffer). The client then sends the appropriate commands to rpcapd to start the capture.
Active mode is useful in case rpcapd is run behind a firewall and cannot receive connections from the external world. In this case, rpcapd can be configured to establish the connection to a given host, which has to be configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both active and passive mode.
Installing the Remote Capture Daemon in UNIX
The WinPcap source archive can be compiled in UNIX as well. Currently, remote capture has been tested on Linux and BSD. What you have to do is:
The remote capture capabilities are turned on by default on Linux and FreeBSD. In case you do not want remote capture capabilities in libpcap, you can type
What you obtained right now, is:
Warning: in order to run the rpcapd daemon, the program must either
Known bugs
Installing rpcapd on Win32
Remote Capture
WinPcap comes with Remote Capture capabilities. This is an highly experimental feature that allows to interact to a remote machine and capture packets that are being transmitted on the remote network.
This requires a remote daemon (called rpcapd ) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data.
WinPcap extends the standard WinPcap code in such a way that all WinPcap-based tools can expoit remote capture capabilities. For instance, the capabillity to interact with a remote daemon are added to the client software without any explicit modification to it. Vice versa, the remote daemon must be explicitely installed (and configured) on the remote machine.
SEE ALSO
This document was created by man2html, using the manual pages from «The Tcpdump Group» git repositories.
Time: 10:43:38 GMT, October 05, 2021 [Valid HTML 4.01] [Valid CSS]
Remote Capture Running Modes
The Remote Capture Protocol (RPCAP) can work in two modes:
The Active Mode is useful in case the remote daemon is behind a firewall and it cannot receive connections from the external world. In this case, the daemon can be configured to establish the connection to a given host, which will have been configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both Active and Passive Mode.
Remote Capture
WinPcap comes with Remote Capture capabilities. This is an highly experimental feature that allows to interact to a remote machine and capture packets that are being transmitted on the remote network.
This requires a remote daemon (called rpcapd ) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data.
WinPcap extends the standard WinPcap code in such a way that all WinPcap-based tools can expoit remote capture capabilities. For instance, the capabillity to interact with a remote daemon are added to the client software without any explicit modification to it. Vice versa, the remote daemon must be explicitely installed (and configured) on the remote machine.
Installing the Remote Capture Daemon in UNIX
The WinPcap source archive can be compiled in UNIX as well. Currently, remote capture has been tested on Linux and BSD. What you have to do is:
The remote capture capabilities are turned on by default on Linux and FreeBSD. In case you do not want remote capture capabilities in libpcap, you can type
What you obtained right now, is:
Warning: in order to run the rpcapd daemon, the program must either
Known bugs
Installing rpcapd on Unix-like systems
Configuration file
The user can create a configuration file in the same directory as the executable, and put the configuration commands in there. In order for rpcapd to execute the commands, it needs to be restarted on Win32, i.e. the configuration file is parsed only at the beginning. The UNIX version of rpcapd will reread the configuration file upon receiving a HUP signal. In that case, all the existing connections remain in place, while the new connections will be created according to the new parameters.
Remote Capture Running Modes
The Remote Capture Protocol (RPCAP) can work in two modes:
The Active Mode is useful in case the remote daemon is behind a firewall and it cannot receive connections from the external world. In this case, the daemon can be configured to establish the connection to a given host, which will have been configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both Active and Passive Mode.
Starting a capture on a remote machine
If you are using a tool that is already aware of the remote capture (like Analyzer), everything is simple. The capture wizard will help you to locate the appropriate interface on the remote machine.
If your preferred tool is not aware of the remote capture, you can still use the remote capture. In this case you have to read the next Section.
Be carefully: the capture server ( rpcapd ) must be up and running on the remote machine.
New string specifiers for interface selection
If your preferred tool is not aware of the remote capture, the only thing you must do is to insert, as interface specifier, the indication of the remote machine you want to contact. The following forms are allowed:
| Adapter String | Description |
|---|---|
| It opens a local file. | |
| It opens a remote adapter; the host is specified by means of the literal name, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It opens a remote adapter, but the host is specified by means of an IPv4 numeric address, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It is the same as before, but the numeric address is specified within square brackets (like IPv6 addresses). | |
| It opens a remote adapter, but the host is specified by means of an IPv6 numeric address, without port number (i.e. it uses the RPCAP default port). In case of IPv6 addresses you MUST use the square brackets. | |
| It is the same as before, but it uses a different port number. | |
| It opens a local adapter, without using the RPCAP protocol. | |
| It opens a local adapter; it is kept for compability, but it is strongly discouraged. | |
| It opens the first local adapter; it is kept for compability, but it is strongly discouraged. |
The following formats are not allowed:
| Adapter String | Description |
|---|---|
| It cannot be used to open the first local adapter. | |
| It cannot be used to open the first remote adapter. |
Sending Packets
Note that the original libpcap library at the moment doesn’t provide any way to send packets, therefore all the functions shown here are WinPcap extensions and will not work under Unix.
Sending a single packet with pcap_sendpacket()
The simplest way to send a packet is shown in the following code snippet. After opening an adapter, pcap_sendpacket() is called to send a hand-crafted packet. pcap_sendpacket() takes as arguments a buffer containing the data to send, the length of the buffer and the adapter that will send it. Notice that the buffer is sent to the net as is, without any manipulation. This means that the application has to create the correct protocol headers in order to send something meaningful.
While pcap_sendpacket() offers a simple and immediate way to send a single packet, send queues provides an advanced, powerful and optimized mechanism to send a collection of packets. A send queue is a container for a variable number of packets that will be sent to the network. It has a size, that represents the maximum amount of bytes it can store.
A send queue is created calling the pcap_sendqueue_alloc() function, specifying the size of the new send queue.
Once the send queue is created, pcap_sendqueue_queue() can be used to add a packet to the send queue. This function takes a pcap_pkthdr with the timestamp and the length and a buffer with the data of the packet. These parameters are the same as those received by pcap_next_ex() and pcap_handler(), therefore queuing a packet that was just captured or read from a file is a matter of passing these parameters to pcap_sendqueue_queue().
To transmit a send queue, WinPcap provides the pcap_sendqueue_transmit() function. Note the third parameter: if nonzero, the send will be synchronized, i.e. the relative timestamps of the packets will be respected. This operation requires a remarkable amount of CPU, because the synchronization takes place in the kernel driver using «busy wait» loops. Although this operation is quite CPU intensive, it often results in very high precision packet transmissions (often around few microseconds or less).
Note that transmitting a send queue with pcap_sendqueue_transmit() is much more efficient than performing a series of pcap_sendpacket(), because the send queue is buffered at kernel level drastically decreasing the number of context switches.
When a queue is no longer needed, it can be deleted with pcap_sendqueue_destroy() that frees all the buffers associated with the send queue.
The next program shows how to use send queues. It opens a capture file with pcap_open_offline(), then it moves the packets from the file to a properly allocated send queue. At his point it transmits the queue, synchronizing it if requested by the user.
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 CACE Technologies. All rights reserved.
Starting rpcapd on Unix-like systems
Configuring the Remote Daemon (rpcapd)
The Remote Daemon is a standard Win32 executable running either in console mode or as a service. The executable can be found in the WinPcap folder and it has the following syntax:
The daemon can be compiled and it is actually working on Linux as well.
Here there is a brief description of the allowed commands:
Installing the remote daemon
Starting the remote daemon as a standard executable
Starting a capture on a remote machine
If you are using a tool that is already aware of the remote capture (like Analyzer), everything is simple. The capture wizard will help you to locate the appropriate interface on the remote machine.
If your preferred tool is not aware of the remote capture, you can still use the remote capture. In this case you have to read the next Section.
Be carefully: the capture server ( rpcapd ) must be up and running on the remote machine.
New string specifiers for interface selection
If your preferred tool is not aware of the remote capture, the only thing you must do is to insert, as interface specifier, the indication of the remote machine you want to contact. The following forms are allowed:
| Adapter String | Description |
|---|---|
| It opens a local file. | |
| It opens a remote adapter; the host is specified by means of the literal name, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It opens a remote adapter, but the host is specified by means of an IPv4 numeric address, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It is the same as before, but the numeric address is specified within square brackets (like IPv6 addresses). | |
| It opens a remote adapter, but the host is specified by means of an IPv6 numeric address, without port number (i.e. it uses the RPCAP default port). In case of IPv6 addresses you MUST use the square brackets. | |
| It is the same as before, but it uses a different port number. | |
| It opens a local adapter, without using the RPCAP protocol. | |
| It opens a local adapter; it is kept for compability, but it is strongly discouraged. | |
| It opens the first local adapter; it is kept for compability, but it is strongly discouraged. |
The following formats are not allowed:
| Adapter String | Description |
|---|---|
| It cannot be used to open the first local adapter. | |
| It cannot be used to open the first remote adapter. |
OPTIONS
Starting rpcapd on Win32
Configuring the Remote Daemon (rpcapd)
The Remote Daemon is a standard Win32 executable running either in console mode or as a service. The executable can be found in the WinPcap folder and it has the following syntax:
The daemon can be compiled and it is actually working on Linux as well.
Here there is a brief description of the allowed commands:
Installing the remote daemon
Man page of RPCAPD
This man page documents rpcapd version 1.11.0-PRE-GIT.
SYNOPSIS
DESCRIPTION
Rpcapd is a daemon (Unix) or service (Win32) that allows the capture and filter part of libpcap to be run on a remote system.
Rpcapd can run in two modes: passive mode (default) and active mode.
In active mode, rpcapd tries to establish a connection toward the client (e.g., a network sniffer). The client then sends the appropriate commands to rpcapd to start the capture.
Active mode is useful in case rpcapd is run behind a firewall and cannot receive connections from the external world. In this case, rpcapd can be configured to establish the connection to a given host, which has to be configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both active and passive mode.
Configuration file
The user can create a configuration file in the same directory as the executable, and put the configuration commands in there. In order for rpcapd to execute the commands, it needs to be restarted on Win32, i.e. the configuration file is parsed only at the beginning. The UNIX version of rpcapd will reread the configuration file upon receiving a HUP signal. In that case, all the existing connections remain in place, while the new connections will be created according to the new parameters.
Installing rpcapd on Win32
Starting rpcapd on Win32
Installing rpcapd on Unix-like systems
Starting rpcapd on Unix-like systems
OPTIONS
SEE ALSO
This document was created by man2html, using the manual pages from «The Tcpdump Group» git repositories.
Time: 15:07:03 GMT, November 01, 2021 [Valid HTML 4.01] [Valid CSS]
Remote Capture
Modules
Detailed Description
WinPcap comes with Remote Capture capabilities. This is an highly experimental feature that allows to interact to a remote machine and capture packets that are being transmitted on the remote network.
This requires a remote daemon (called rpcapd ) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data.
WinPcap extends the standard WinPcap code in such a way that all WinPcap-based tools can expoit remote capture capabilities. For instance, the capabillity to interact with a remote daemon are added to the client software without any explicit modification to it. Vice versa, the remote daemon must be explicitely installed (and configured) on the remote machine.
Remote Capture Running Modes
The Remote Capture Protocol (RPCAP) can work in two modes:
The Active Mode is useful in case the remote daemon is behind a firewall and it cannot receive connections from the external world. In this case, the daemon can be configured to establish the connection to a given host, which will have been configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both Active and Passive Mode.
Analyzer (http://analyzer.polito.it/30alpha/) has a set of commands (in the Capture menu) that allows you to accept a remote connection and then start the capture on the remote device. Currently, Analyzer is the only tool that is able to work in active mode, since it requires some modifications to the application code.
Configuring the Remote Daemon (rpcapd)
The Remote Daemon is a standard Win32 executable running either in console mode or as a service. The executable can be found in the WinPcap folder and it has the following syntax:
The daemon can be compiled and it is actually working on Linux as well.
Here there is a brief description of the allowed commands:
Installing the remote daemon
Starting the remote daemon as a standard executable
Starting a capture on a remote machine
If you are using a tool that is already aware of the remote capture (like Analyzer), everything is simple. The capture wizard will help you to locate the appropriate interface on the remote machine.
If your preferred tool is not aware of the remote capture, you can still use the remote capture. In this case you have to read the next Section.
Be carefully: the capture server ( rpcapd ) must be up and running on the remote machine.
New string specifiers for interface selection
If your preferred tool is not aware of the remote capture, the only thing you must do is to insert, as interface specifier, the indication of the remote machine you want to contact. The following forms are allowed:
| Adapter String | Description |
|---|---|
| It opens a local file. | |
| It opens a remote adapter; the host is specified by means of the literal name, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It opens a remote adapter, but the host is specified by means of an IPv4 numeric address, without port number (i.e. it uses the RPCAP default port). | |
| It is the same as before, but it uses a different port number. | |
| It is the same as before, but the numeric address is specified within square brackets (like IPv6 addresses). | |
| It opens a remote adapter, but the host is specified by means of an IPv6 numeric address, without port number (i.e. it uses the RPCAP default port). In case of IPv6 addresses you MUST use the square brackets. | |
| It is the same as before, but it uses a different port number. | |
| It opens a local adapter, without using the RPCAP protocol. | |
| It opens a local adapter; it is kept for compability, but it is strongly discouraged. | |
| It opens the first local adapter; it is kept for compability, but it is strongly discouraged. |
The following formats are not allowed:
| Adapter String | Description |
|---|---|
| It cannot be used to open the first local adapter. | |
| It cannot be used to open the first remote adapter. |
Installing the Remote Capture Daemon in UNIX
The WinPcap source archive can be compiled in UNIX as well. Currently, remote capture has been tested on Linux and BSD. What you have to do is:
The remote capture capabilities are turned on by default on Linux and FreeBSD. In case you do not want remote capture capabilities in libpcap, you can type
What you obtained right now, is:
Warning: in order to run the rpcapd daemon, the program must either
Known bugs
For any question, please refer to the WinPcap help page.