Because you need to use Wireshark to capture packets remotely, you need to install the corresponding rpcapd service on the remote host.
As long as WinPcap software is installed on Windows, it already includes the rpcapd service, as long as it starts. But on Linux you need to compile it yourself.
Note: Wireshark supports remote packet capture protocol to capture packets remotely, as long as the corresponding rpcapd service routine is installed on the remote host.
The installation command is as follows:
yum install glibc-static flex
wget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zip
unzip WpcapSrc_4_1_2.zip
cd winpcap/wpcap/libpcap
chmod +x configure runlex.sh
CFLAGS=-static ./configure
make
cd rpcapd
makethen
./rpcapd -n
Run the rpcap service.
However, running ./rpcapd -n reports the following error
[root@iZ23gx7o02aZ rpcapd]# ./rpcapd -n
Press CTRL + C to stop the server...
socket(): Address family not supported by protocol (code 97)
Reason: On Linux, the port may not be open. In this case, you need to modify the configuration of the iptables service to open the 2002 port.
Solutions:
1. Cannot find iptables file under / etc / sysconfig / in CentOS
2. Detailed configuration of iptables in Linux (transfer)
Refer to detailed configuration of iptables in Linux (transfer) Modify the configuration of iptables service to open the 2002 port.
The first thing to do is to configure ACCEPT for our SSH, so as not to directly connect:
1. If the SSH port is 22 (the default port is not recommended here, it is better to change the SSH port)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
Pay attention to /etc/rc.d/init.d/iptables save, it is best to execute this statement again for each step below, and it will not be repeated below.
[root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
[root@iZ23gx7o02aZ sysconfig]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@iZ23gx7o02aZ sysconfig]#
2. Modify iptables to open port 2002
iptables -A INPUT -p tcp --dport 2002 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 2002 -j ACCEPT
Finally, note that you need to execute /etc/init.d/iptables save again, so that these two statements are saved in the / etc / sysconfig / iptables file just now.
[root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 2002 -j ACCEPT
[root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 2002 -j ACCEPT
[root@iZ23gx7o02aZ sysconfig]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@iZ23gx7o02aZ sysconfig]#
3. View the contents of iptables
[root@iZ23gx7o02aZ sysconfig]# vi iptables
1 # Generated by iptables-save v1.4.7 on Wed Dec 10 21:20:39 2014
2 *filter
3 :INPUT ACCEPT [4602:266675]
4 :FORWARD ACCEPT [0:0]
5 :OUTPUT ACCEPT [5004:417513]
6 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
7 -A INPUT -p tcp -m tcp --dport 2002 -j ACCEPT
8 -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
9 -A OUTPUT -p tcp -m tcp --sport 2002 -j ACCEPT
10 COMMIT
11 # Completed on Wed Dec 10 21:20:39 2014
4. Restart iptables
restart command:
service iptables restart
[root@iZ23gx7o02aZ sysconfig]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@iZ23gx7o02aZ sysconfig]#
5. Run ./rpcapd -n
[root@iZ23gx7o02aZ rpcapd]# ./rpcapd -n
Press CTRL + C to stop the server...
socket(): Address family supported by protocol (code 98)
Successfully modified!
