⁣⁣rpcapd command (Remote Packet Capture)

Description

RPCAP (Remote Packet Capture) protocol provides the ability to remotely capture packets passed over the network, allows the remote control and analysis of the transit data flows.

RPCAP protocol consists of a server side daemon and a client side application. The client application (packet analyzer) connects to the server daemon, gives instructions which packets should be captured and manages the whole process. The server daemon sniffs the network traffic, captures the requested packets and passes them to the client side of the process to analyze the captured packets.

The Evolution devices support RPCAP protocol and have a built-in RPCAP server daemon. It can be enabled and configured using the "rpcapd" command.

Syntax:

rpcapd -user=USERNAME -key[=PASSWORD] [add|del|change]
rpcapd [-port[=PORT]] [-maxconn[=MAXCONNECTIONS]] [start|stop]
rpcapd [-buffersize=[SND_BUFFER_SIZE]]
rpcapd {trace|notrace}
rpcapd show [-s=SOURCENAME]
rpcapd source
rpcapd clear

Parameters

Parameter

Description

-user=USERNAME -key[=PASSWORD] [add|del|change]

Allows to manipulate with user accounts which are used to connect to the RPCAP server

"-user" – username.
"-key" – password.
"add/del/change" – adds/deletes/changes a username and password. If no action is specified the command adds a new account or changes the existing user with the same "USERNAME".

NOTE

If no user account is configured in the system the RPCAP server daemon will reject all connections. For allowing any user account to connect to the server, use empty "user" and "key" parameters.

[-port[=PORT]] [-maxconn[=MAXCONNECTIONS]] [start|stop]

Starts/Stops the RPCAP server daemon.

"port" – set the port.
"maxconn" – maximum concurrent connections permitted.

If no "port" or "maxconn" values are specified, the command sets the default RPCAP port value (2002) and unlimited number of allowed concurrent client connections.

[-buffersize=[SND_BUFFER_SIZE]]

Sets the internal buffer size of the daemon for sending the captured packets to the client application. The default buffer size is 32Kb.

{trace|notrace}

Enables/Disables writing daemon debug output to the unit’s system log.

show [-s=SOURCENAME]

Displays all currently active connections.

"-s" – displays the PCAP filter information of the connection with the specified device’s interface name (SOURCENAME).

source

Displays the list of sources for this device that are available for monitoring via the RPCAP protocol.

clear

Clears the configuration and stops the daemon.

Examples

Allow any user account to connect to the server using the RPCAP protocol.

rpcapd -user= -key=

Use the "source" parameter to display the list of all sources available for this device

rpcapd source
Type      Name       Description
---- --------------- -----------...
I    eth0            eth0  [link up-fd 100Mbps]=8103<UP,BROADCAST,PROMISC,MULTICAST>
I    rf5.0           rf5.0 [link up-hd 225Mbps]=8103<UP,BROADCAST,PROMISC,MULTICAST>
I    svi1            [virtual]=8003<UP,BROADCAST,MULTICAST>
I    tun0            [virtual]=8010<POINTOPOINT,MULTICAST>
A    mint_rf5.0      rf5.0 MINT payload

Previous⁣⁣loadm command (load meter)Next⁣⁣snmpd command (SNMP daemon)

Last updated 2 years ago

hashtagDescription

hashtagParameters

hashtagExamples

Description

Parameters

Examples