infrastation
commented
2 years ago Thank you for this bug report. Could you provide exact steps to reproduce it along the lines of what is mentioned in CONTRIBUTING.md?
Closed colinal closed 2 years ago
infrastation
commented
2 years ago Thank you for this bug report. Could you provide exact steps to reproduce it along the lines of what is mentioned in CONTRIBUTING.md?
colinal
commented
2 years ago Thanks reply! Maybe it is not a bug, it is just a feature. libpcap version: libpcap-1.9.0 operating system: Linux VM_0_2_centos I just start rpcapd, the command such as: rpcapd -b 192.21.0.2 -p 9999 -n if the firewall not work, i can link it with wireshark from my windows, and you can see the rpcapd listening other ports in netstat. so when i limited the inbound port(not including 9999), the wireshark will recv nothing. so I think it is a feature, however, Is there any way to solve the problem Not using firewall is insecure for me.
mcr
commented
2 years ago If you are going to run a server (rpcapd) on your machine, then you need to allow connections to it. If you are trying to run it locally only, then you may be able to use -b 127.0.0.1 and avoid adjusting your firewall.
colinal
commented
2 years ago Thanks reply I use rpcapd in my server. and run wireshark in local if rpcapd use a random port rather than specify port(or specify port range) to transfer data, then we obliged to allow all port inbound, which maybe inscure. so can we add a parameter like what rpcapd-linux(https://github.com/rpcapd-linux/rpcapd-linux) -t do, which can limit the port used in transfering data.
guyharris
commented
2 years ago It seem rpcapd use random port to send data packet rather then the specified port in command. (Is that true?)
The rpcap protocol uses two TCP connections, or one TCP connection and one UDP session; the first TCP connection is for control messages, and the second TCP connection or the UDP session is used to transfer packets.
(and i see another project rpcapd-linux(https://github.com/rpcapd-linux/rpcapd-linux) can use -t to specify data_transfer_port.)
That was added by rpcapd-linux/rpcapd-linux#4.
I have turned that into a patch and applied it (with a fair bit of manual change, as the rpcap client and server code in libpcap, while it was originally based on the WinPcap code, has undergone a lot of work in our source tree).
guyharris
commented
2 years ago -t flag added in 493e050fd6503d250a04732946e6d68d7b193b37.
infrastation
commented
2 years ago If you need to convert another pull request into a patch, you can append .patch or .diff after the pull request number in its URL, and the web server will reply with all the proposed changes combined into respective file.
guyharris
commented
2 years ago Yes, that's how I got the patch - but it didn't apply cleanly because the version modified by that PR was a separate UN*X port of the WinPcap code, in a repository that hasn't been updated in a long time, that was missing a bunch of the subsequent changes we've made.
Hello! I used rpcapd and wireshark to capture remote Network data packet in the past time, and it do well. but when i limit my port using the firewall, even though i am not limitint the rpcapd port (use -p parameter), i could not recv any packet in my wireshark. i see someone ask this question but no definitive answer (https://serverfault.com/questions/929134/rpcapd-behind-a-firewall) It seem rpcapd use random port to send data packet rather then the specified port in command. (Is that true?) (and i see another project rpcapd-linux(https://github.com/rpcapd-linux/rpcapd-linux) can use -t to specify data_transfer_port.) Is there any way to solve this problem