Man page of RPCAPD
Section: Maintenance Commands (8)
Updated: 13 January 2019
Return to Main Contents
This man page documents rpcapd version 1.11.0-PRE-GIT.
Your system may have a different version installed, possibly with some
local modifications. To achieve the best results, please make sure this
version of this man page suits your needs. If necessary, try to look for
a different version on this web site or in the man pages available in your
rpcapd - capture daemon to be controlled by a remote libpcap application
Rpcapd is a daemon (Unix) or service (Win32) that allows the capture
and filter part of libpcap to be run on a remote system.
Rpcapd can run in two modes: passive mode (default) and active mode.
In passive mode, the client (e.g., a network sniffer) connects to
The client then sends the appropriate commands to
to start the capture.
In active mode,
tries to establish a connection toward the client
(e.g., a network sniffer). The client then sends the appropriate commands
to rpcapd to start the capture.
Active mode is useful in case
is run behind a firewall and
cannot receive connections from the external world. In this case,
can be configured to establish the connection to a given host,
which has to be configured in order to wait for that connection. After
establishing the connection, the protocol continues its job in almost
the same way in both active and passive mode.
The user can create a configuration file in the same directory as the
executable, and put the configuration commands in there. In order for
to execute the commands, it needs to be restarted on Win32, i.e.
the configuration file is parsed only at the beginning. The UNIX
will reread the configuration file upon receiving a
HUP signal. In that case, all the existing connections remain in place,
while the new connections will be created according to the new parameters.
In case a user does not want to create the configuration file manually,
they can launch
with the desired flags plus
Rpcapd will parse all the parameters and save them into the specified
Installing rpcapd on Win32
The remote daemon is installed automatically when installing WinPcap.
The installation process places the
executable file into the WinPcap folder.
This file can be executed either from the command line, or as a service.
For instance, the installation process updates the list of available
services list and it creates a new item (Remote Packet Capture Protocol
v.0 (experimental)). To avoid security problems, the service is
inactive and it has to be started manually (control panel -
administrative tools - services - start).
The service has a set of "standard" parameters, i.e. it is launched
flag (in order to make it run as a service) and the
Starting rpcapd on Win32
executable can be launched directly, i.e. it can run in the
foreground as well (not as a daemon/service). The procedure is quite
simple: you have to invoke the executable from the command line with all
the requested parameters except for the
flag. The capture server will
start in the foreground.
Installing rpcapd on Unix-like systems
Starting rpcapd on Unix-like systems
needs sufficient privileges to perform packet capture, e.g.
run as root or be owned by root and have suid set. Most operating
systems provide more elegant solutions when run as user than the
above solutions, all of them different.
- -b address
Bind to the IP address specified by
(either numeric or literal).
binds to all local IPv4 and IPv6 addresses.
- -p port
Bind to the port specified by
binds to port 2002.
Listen only on IPv4 addresses.
listens on both IPv4 and IPv6 addresses.
- -l host_list
Only allow hosts specified in the
argument to connect to this server.
is a list of host names or IP addresses, separated by commas.
We suggest that you use host names rather than literal IP addresses
in order to avoid problems with different address families.
Permit NULL authentication (usually used with
- -a host,port
Run in active mode, connecting to host
is omitted, the default port (2003) is used.
Run in active mode only; by default, if
it accepts passive connections as well.
Run in daemon mode (UNIX only) or as a service (Win32 only).
Warning (Win32): this flag is specified automatically when
the service is started from the control panel.
Run in inetd mode (UNIX only).
Log debugging messages.
- -s config_file
Save the current configuration to
in the format specified by
- -f config_file
Load the current configuration from
in the format specified by
and ignore all flags specified on the command line.
Print this help screen.
was compiled with SSL support, the following options are also
Require that SSL be used on connections.
With SSL enabled, XXX - I'm not sure how *fetching* the list of
compression mechanisms does anything to compression.
With SSL enabled, use
as the SSL key file.
With SSL enabled, use
as the SSL certificate file.
This document was created by
using the manual pages from "The Tcpdump Group" git repositories.
Time: 10:43:38 GMT, October 05, 2021
[Valid HTML 4.01]