On Jan 26, 2020, at 6:15 AM, Patrick Klos <patr...@klos.com> wrote:
> I would like to address 2 of your points:
>
> "rcap seems windows only"
>
> (asking the list) Why is this the case? Why has remote capture not been
> implemented on non-Windows platforms?
Because:
Until a few years ago, nobody'd taken the time to pull it from WinPcap
source into the main libpcap repository; it's now there.
It's not enabled by default, at least for now, because, if it's
enabled, it opens up new attack surfaces on both client and server. Recent
libpcap releases have some fixes for problems found by a code auditor (Include
Security) as well as some other problems that might also introduce
vulnerabilities. (It also has a fix to an interoperability problem between
Solaris and non-Solaris machines, and a provision for protocol version
negotiation.)
So it's currently implemented in the sense that you can compile an
recap-enabled libpcap, and rpcapd, for most if not all modern UN*Xes *if* you
run the configure script with --enable-remote or run CMake with
-DENABLE_REMOTE=YES, but not in the sense that macOS/*BSD/Linux
distributions/Solaris/AIX/any other UN*X that ship with libpcap ship with a
version that has remote capture enabled and rpcapd provided.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
