Sniff the Ether Remotely
Monitor your networks remotely with rpcapd.
If you’ve ever wanted to monitor network traffic from another segment and use a graphical protocol analyzer like Ethereal (http://www.ethereal.com), you know how time-consuming it can be. First you have to capture the data. Then you have to get it onto the workstation that you’re running the analyzer from, and then you have to load the file into the analyzer itself. This creates a real problem because it increases the time between performing an experiment and seeing the results, which makes diagnosing and fixing network problems take much longer than they should.
One tool that solves this problem is
program included with WinPcap (http://winpcap.polito.it). rpcapd is a daemon that
monitors network interfaces in promiscuous mode and sends the data
that it collects back to a sniffer running on a remote
machine. You can run
rpcapd either from the command line or as a
service. To start
rpcapd, you will probably want to use the
-n flag, which tells the daemon to use null
authentication. Using this option,
you will be able to monitor the data stream that
produces with any program that uses the WinPcap capture
interface. Otherwise, special code will have to be added to the
program that you are using that will allow it to authenticate itself
-n option allows anyone to
connect to the daemon, you’ll also want to use the
-l option, which allows you to specify a comma-separated list ...