Rtdump is a modified version of tcpdump that allows the capture of network traffic on remote systems and networks.
To capture network traffic, the server code is a standalone executable program that captures network traffic using the libpcap packet capture library. The client, on the other hand, is a library called librpcap, which is linked to a user program and used on the client system like libpcap. The librpcap client library exposes a subset of the pcap API as defined in the pcap (3) manpage. The API functions as a set of pcap-compatible wrapper functions over a Sun RPC interface to the remote server, which calls the corresponding libpcap functionality on it.
At present, rpcap has been built and tested only on Linux systems with Intel platforms. Nonetheless, it should build on any UNIX-like system that supports multithreading and has the RPC libraries and utilities available. Note, however, that there are a few bugs in the code that currently limit it to little-endian systems, although the developer hopes to fix this ASAP.
The rtdump executable is a modified version of tcpdump, which links against librpcap rather than libpcap, requiring some modifications in the initialization stuff. The main difference for end-users is in the command-line invocation. Rtdump is invoked by specifying the remote host name option, which is the IP address or name of the remote host from which you wish to capture traffic.
For instance, suppose you want to capture TCP traffic to your local machine from a remote machine called "fred" on Fred's eth1 interface. In that case, you should call rtdump with the following command: rtdump -i eth1 tcp fred. By default, rtdump uses the default rpcap port values of 21373 TCP and 61373 UDP for communication with the server process, other than the RPC process. However, if you need to modify any of these defaults, the initialization code in rtdump.c must be changed accordingly.
Finally, all other rtdump operational parameters are identical to tcpdump, so consult man (1) tcpdump for more information. In this release, Rtdump has been modified to link to librpcap and compile as rtdump for remote capture. The developer renamed tcpdump.c to rtdump.c and added librpcap initialization code to main() in rtdump.c, rpcap client host address routines to main() in rtdump.c, rpcap capture end function to cleanup() in rtdump.c, and the str_utils.c and str_utils.h files for parsing client names (called in main() in rtdump.c).
Version 1.0: N/A