Re: Remote fieldbus capture "protocol"

[Guy Harris <guy () alum mit edu>]

On Jan 26, 2020, at 6:15 AM, Patrick Klos <patrick () klos com> wrote:

> I would like to address 2 of your points:
>
>         "rcap seems windows only"
>
> (asking the list) Why is this the case?  Why has remote capture not been implemented on non-Windows platforms?

Because:

        Until a few years ago, nobody'd taken the time to pull it from WinPcap source into the main libpcap repository; 
it's now there.

        It's not enabled by default, at least for now, because, if it's enabled, it opens up new attack surfaces on 
both client and server.  Recent libpcap releases have some fixes for problems found by a code auditor (Include 
Security) as well as some other problems that might also introduce vulnerabilities.  (It also has a fix to an 
interoperability problem between Solaris and non-Solaris machines, and a provision for protocol version negotiation.)

So it's currently implemented in the sense that you can compile an recap-enabled libpcap, and rpcapd, for most if not 
all modern UN*Xes *if* you run the configure script with --enable-remote or run CMake with -DENABLE_REMOTE=YES, but not 
in the sense that macOS/*BSD/Linux distributions/Solaris/AIX/any other UN*X that ship with libpcap ship with a version 
that has remote capture enabled and rpcapd provided.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe