To use Wireshark for remote packet capture, you need to install the corresponding rpcapd service on the remote host. On Windows, you only need to install the WinPcap software. it already contains the rpcapd service and only needs to be started. However, you need to compile it on Linux.
Note: Wireshark supports remote packet capture protocol remote packet capture. you only need to install the corresponding rpcapd service routine on the remote host.
The installation command is as follows:
yum install glibc-staticwget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zipunzip WpcapSrc_4_1_2.zipcd winpcap/wpcap/libpcapchmod +x configure runlex.shCFLAGS=-static ./configuremakecd rpcapdmake
Then
./Rpcapd-n
Run the rpcap service.
However, the following error is reported when running./rpcapd-n.
[root@iZ23gx7o02aZ rpcapd]# ./rpcapd -nPress CTRL + C to stop the server...socket(): Address family not supported by protocol (code 97)
Cause: In linux, the port may not be open. in this case, you need to modify the configuration of the iptables service to open port 2002.
Solution:
1. The iptables file cannot be found in/etc/sysconfig/under CentOS.
2. detailed configuration of iptables in Linux (go)
Refer to the iptables configuration in Linux for details (go to) to modify the iptables service configuration to open port 2002.
The first thing to do is to configure the ACCEPT for SSH to avoid direct connection failure:
1. if the SSH port is 22 (we do not recommend that you use the default port to change the SSH port)
Iptables-a input-p tcp -- dport 22-j ACCEPT
Iptables-a output-p tcp -- sport 22-j ACCEPT
Note:/etc/rc. d/init. d/iptables save. it is best to execute this statement in each of the following steps.
[root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT[root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT[root@iZ23gx7o02aZ sysconfig]# /etc/rc.d/init.d/iptables saveiptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ][root@iZ23gx7o02aZ sysconfig]#
2. modify iptables to open port 2002
Iptables-a input-p tcp -- dport 2002-j ACCEPT
Iptables-a output-p tcp -- sport 2002-j ACCEPT
Finally, execute the/etc/init. d/iptables save statement to save the two statements to the/etc/sysconfig/iptables file.
[root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 2002 -j ACCEPT[root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 2002 -j ACCEPT[root@iZ23gx7o02aZ sysconfig]# /etc/init.d/iptables saveiptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ][root@iZ23gx7o02aZ sysconfig]#
3. View iptables content
[root@iZ23gx7o02aZ sysconfig]# vi iptables 1 # Generated by iptables-save v1.4.7 on Wed Dec 10 21:20:39 2014 2 *filter 3 :INPUT ACCEPT [4602:266675] 4 :FORWARD ACCEPT [0:0] 5 :OUTPUT ACCEPT [5004:417513] 6 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 7 -A INPUT -p tcp -m tcp --dport 2002 -j ACCEPT 8 -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT 9 -A OUTPUT -p tcp -m tcp --sport 2002 -j ACCEPT 10 COMMIT 11 # Completed on Wed Dec 10 21:20:39 2014
4. restart iptables
Restart command: service iptables restart
[root@iZ23gx7o02aZ sysconfig]# service iptables restartiptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Flushing firewall rules: [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ][root@iZ23gx7o02aZ sysconfig]#
5. run./rpcapd-n
[root@iZ23gx7o02aZ rpcapd]# ./rpcapd -nPress CTRL + C to stop the server...socket(): Address family supported by protocol (code 98)
Modified successfully!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
