CentOS Installation RPCAPD Service (WINPCAP)

Because of the need to use Wireshark for the remote grab package, you need to install the corresponding RPCAPD service on the remote host. As long as the WinPcap software is installed on Windows, it already contains the RPCAPD service, just start. But Linux needs to compile on its own.
Note: Wireshark supports remote Packet Capture protocol protocol, as long as the corresponding RPCAPD service routines are installed on the remote host.
The installation commands are as follows:

Yum install glibc-static
wget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zip unzip
. Zip
cd winpcap/wpcap/libpcap
chmod +x Configure runlex.sh
. cflags=-static make
CD RPCAPD make

And then
./rpcapd-n
To run the Rpcap service.

however, run./rpcapd-n reported the following error

[Root@iz23gx7o02az rpcapd]#./rpcapd-n Press
CTRL + C to stop the server ...
Socket (): Address family not supported by Protocol (code 97)

Cause: On Linux, the port may not be open, then you need to modify the configuration of the Iptables service to open port 2002.
Solution:
1. iptables file not found under/etc/sysconfig/under CentOS
2. Linux iptables configuration details (turn)
Refer to Linux iptables configuration details (RPM) Modify the configuration of the Iptables service to open port 2002.

The first thing to do is give our SSH accept configuration so that it doesn't connect directly:

1. If the SSH port is 22 (it is not recommended to use the default port to get rid of the SSH port)
Iptables-a input-p TCP--dport 22-j ACCEPT
Iptables-a output-p TCP--sport 22-j ACCEPT
Note that to/etc/rc.d/init.d/iptables save, it is best to execute this statement once for each of the following steps, which is no longer described below.

[Root@iz23gx7o02az sysconfig]# iptables-a input-p tcp--dport 22-j ACCEPT
[Root@iz23gx7o02az sysconfig]# iptables- A output-p TCP--sport 22-j ACCEPT
[Root@iz23gx7o02az sysconfig]# save/etc/rc.d/init.d/iptables
ng firewall rules to/etc/sysconfig/iptables:[  OK  ]
[Root@iz23gx7o02az sysconfig]#

2. Modify Iptables Open 2002 Port
Iptables-a input-p TCP--dport 2002-j ACCEPT
Iptables-a output-p TCP--sport 2002-j ACCEPT
Finally note that you need to perform a/etc/init.d/iptables save, so that these two statements are saved to the/etc/sysconfig/iptables file just now.

[Root@iz23gx7o02az sysconfig]# iptables-a input-p tcp--dport 2002-j ACCEPT
[Root@iz23gx7o02az sysconfig]# iptables  -A Output-p TCP--sport 2002-j ACCEPT
[Root@iz23gx7o02az sysconfig]#/etc/init.d/iptables Save iptables:saving
Firewall rules to/etc/sysconfig/iptables:[  OK  ]

3. View the contents of Iptables

[Root@iz23gx7o02az sysconfig]# VI iptables

  1 # Generated by Iptables-save v1.4.7 on Wed Dec 21:20:39 2014
  2 *fi Lter
  3:input ACCEPT [4602:266675]
  4:forward ACCEPT [0:0]
  5:output ACCEPT [5004:417513]
  6-a input-p TC  P-m TCP--dport 22-j ACCEPT
  7-a input-p tcp-m tcp--dport 2002-j ACCEPT 8-a output-p tcp-m
  TCP--sport 22 -j ACCEPT
  9-a output-p tcp-m tcp--sport 2002-j ACCEPT
 COMMIT
 # Completed on Wed Dec 10 21:20:39 2 014

4. Restart Iptables
Restart Instructions: Service iptables restart

[Root@iz23gx7o02az sysconfig]# service iptables restart
iptables:setting chains to policy Accept:filter          [  OK  ]
iptables:flushing firewall rules:                         [  OK  ]
iptables:unloading modules:                               [  OK  ]
iptables:applying firewall rules:                         [  OK  ]

5. Run./rpcapd-n

[Root@iz23gx7o02az rpcapd]#./rpcapd-n Press
CTRL + C to stop the server ...
Socket (): Address family supported by protocol (Code 98)

The modification was successful.