rpcapd command (Remote Packet Capture)
Description
RPCAP (Remote Packet Capture) protocol provides the ability to remotely capture packets passed over the network, allows the remote control and analysis of the transit data flows.
RPCAP protocol consists of a server side daemon and a client side application. The client application (packet analyzer) connects to the server daemon, gives instructions which packets should be captured and manages the whole process. The server daemon sniffs the network traffic, captures the requested packets and passes them to the client side of the process to analyze the captured packets.
The Evolution devices support RPCAP protocol and have a built-in RPCAP server daemon. It can be enabled and configured using the "rpcapd" command.
Syntax:
Parameters
-user=USERNAME -key[=PASSWORD] [add|del|change]
Allows to manipulate with user accounts which are used to connect to the RPCAP server
"-user" – username.
"-key" – password.
"add/del/change" – adds/deletes/changes a username and password. If no action is specified the command adds a new account or changes the existing user with the same "USERNAME".
NOTE
If no user account is configured in the system the RPCAP server daemon will reject all connections. For allowing any user account to connect to the server, use empty "user" and "key" parameters.
[-port[=PORT]] [-maxconn[=MAXCONNECTIONS]] [start|stop]
Starts/Stops the RPCAP server daemon.
"port" – set the port.
"maxconn" – maximum concurrent connections permitted.
If no "port" or "maxconn" values are specified, the command sets the default RPCAP port value (2002) and unlimited number of allowed concurrent client connections.
[-buffersize=[SND_BUFFER_SIZE]]
Sets the internal buffer size of the daemon for sending the captured packets to the client application. The default buffer size is 32Kb.
{trace|notrace}
Enables/Disables writing daemon debug output to the unit’s system log.
show [-s=SOURCENAME]
Displays all currently active connections.
"-s" – displays the PCAP filter information of the connection with the specified device’s interface name (SOURCENAME).
source
Displays the list of sources for this device that are available for monitoring via the RPCAP protocol.
clear
Clears the configuration and stops the daemon.
Examples
Allow any user account to connect to the server using the RPCAP protocol.
Use the "source" parameter to display the list of all sources available for this device
Last updated