RPCAP 0.23 review

by rbytes.net on

RPCAP is a Remote Packet Capture system

License: GPL (GNU General Public License)
File size: 0K
Developer: S. Krishnan
0 stars award from rbytes.net

RPCAP is a Remote Packet Capture system. It enables you to run a packet capture program (the server) on a target computer, which will sniff the network traffic on that system, and uplink the captured packets to another host (the client), where the captured packets can be processed, analysed and archived . The rpcap system thus consists of two separate processes, the server (or agent) which captures network traffic on a remote system, and a client, which receives and processes these packets. The server code is a standalone executable program which uses the libpcap packet capture library to capture network traffic. The client is actually a library called librpcap, which is linked to a user program and used on the client system in a manner identical to libpcap, to receive and process the packets which are captured.

The librpcap client library exposes a subset of the pcap API as defined in the pcap (3) manpage. The API is used in a manner identical to that of libpcap, so that any programs which do not use the libpcap functions not present in rpcap can directly link to rpcap in place of pcap. The API functions as a set of pcap-compatible wrapper functions over a Sun RPC interface to the remote server, which invoke the corresponding libpcap functionality on it.

At this time, rpcap has been built and tested only on Linux on Intel platforms. However, it should build on any UNIX like system that supports multithreading and has the RPC libraries and utilities available, so that it should be possible to build it on most systems. Please note however that there are a couple of bugs in the code (all my own!) that currently restrict it to little-endian systems. I will fix this ASAP.

What's New in This Release:
New code release v.0.23 alpha
added GNU autotools based build (autconf/ automake/ libtool)
pcap_geterr rewritten
pcap_compile fixed to accept null strings for tcpdump compatibility
pointer issues with pcap_compile and pcap_open_live resolved
made the code tcpdump compatible so that tcpdump now builds against librpcap
added a port of tcpdump to rpcap

RPCAP 0.23 keywords