Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page

Welcome to S. Krishnan's home page

If you're looking for RPCAP, it has been moved to SourceForge. You can access it on http://rpcap.sourceforge.net.
However, I will continue to keep the RPCAP web page here for a few more days.

About RPCAP

What is rpcap?

RPCAP is a Remote Packet Capture system. It enables you to run a packet capture program (the server) on a target computer, which will sniff the network traffic on that system, and uplink the captured packets to another host (the client), where the captured packets can be processed, analysed and archived . The rpcap system thus consists of two separate processes, the server (or agent) which captures network traffic on a remote system, and a client, which receives and processes these packets. The server code is a standalone executable program which uses the libpcap packet capture library to capture network traffic. The client is actually a library called librpcap, which is linked to a user program and used on the client system in a manner identical to libpcap, to receive and process the captured packets.

The librpcap client library exposes a subset of the pcap API as defined in the pcap (3) manpage. The API is used in a manner identical to that of libpcap, so that any programs which do not use the libpcap functions not present in rpcap can directly link to rpcap in place of pcap. The API functions as a set of pcap-compatible wrapper functions over a Sun RPC interface to the remote server, which invoke the corresponding libpcap functionality on it.

Using rpcap

If you're familiar with libpcap and its applications, rpcap is quite simple to use. Basically, the rpcap "server" is a packet capture program that runs as a Sun RPC service on the target computer. The rpcap client is a library (librpcap) which provides a major subset of the libpcap API. The signature and usage of all the API functions is 100% compatible to their libpcap namesakes.

The client library API acts as a wrapper to a set of RPC function calls, which then invoke their server-side RPC stubs. Each server-side RPC function then invokes the corresponding libpcap function on the target computer. Thus, the overall effect is that a libprpcap call to, say, pcap_open_live on the client machine, has the actual effect of opening a live network interface on the remote target machine. The main difference is, of course, that since the target is remote, a connection has to first be established with the remote machine, which is done using the init_rpcap function call.

The capture data from the capture server to the client does not use the Sun RPC callback mechanism, because of the terrible overhead of RPC function calls when applied to a repetitive stream of callback invocations. Instead, the server uplinks capture data over a TCP stream connection to the client.

Platforms

At this time, rpcap has been built and tested only on Linux on Intel platforms. However, it should build on any UNIX like system that supports multithreading and has the RPC libraries and utilities available, so that it should be possible to build it on most systems. Please note however that there are a couple of bugs in the code (all my own!) that currently restrict it to little-endian systems. I will fix this ASAP.

Current Status

Release 0.2 is a substantial improvement over 0.1. Additional functionality has been added, and all the implemented functions have been tested. See the Changelog here. The documentation has been improved, and a heavily commented example program has been provided which exercises all the implemented functions in rpcap. However, given that this is still a product under heavy development , your mileage may vary. Please keep me informed of any bugs etc. so that I can try to fix them ASAP.

The release is labelled rpcap_devel-0.2.tar.gz, which you can download here.

Also, please note that tcpdump will not compile with rpcap without major modifications, since rpcap does not (and will not, given its nature) offer things like offline reads of archived capture data. I do plan to come up with something however - watch this space!

Availability and downloads

RPCAP is hosted on SourceForge. The project page is located at http://sourceforge.net/projects/rpcap.

Currently only the development version of rpcap, labelled rpcap_devel-0.2.tar.gz, has been released, and is available for download at Sourceforge, at http://prdownloads.sourceforge.net/rpcap/rpcap_devel-0.2.tar.gz.

Documentation

The present documentation comprises of a README file , an INSTALL file on rpcap build and installation, and an example program , all of which are included in the distribution archive, apart from this web page. However, I'm working on some proper documentation, and hopefully will have something decent ready soon. In the meantime, using the rpcap system is quite easy, if you've had some experience with libpcap based capture software.

You can check out the README and INSTALL files on the SourceForge webpage.

Licence

RPCAP is available under the GNU General Public Licence, a copy of which is included in the distribution in the file COPYING. You can also download a copy at the Free Software Foundation's website.

The Author

RPCAP was written by S. Krishnan (sri_krishnan at yahoo.com).