因为需要用Wireshark进行远程抓包,需要在远程主机上安装相应的rpcapd服务。Windows上只要安装WinPcap软件就行了,它已经包含了rpcapd服务,只要启动就行了。但Linux上需要自己编译。 yum install glibc-static wget http://www./install/bin/WpcapSrc_4_1_2.zip unzip WpcapSrc_4_1_2.zip cd winpcap/wpcap/libpcap chmod +x configure runlex.sh CFLAGS=-static ./configure make cd rpcapd make
然后 但是,运行./rpcapd -n报如下错误 [root@iZ23gx7o02aZ rpcapd]# ./rpcapd -n
Press CTRL + C to stop the server...
socket(): Address family not supported by protocol (code 97)
原因:在linux上,端口有可能没有开放,这时需要修改iptables服务的配置来开放2002端口。
首先要做的是给咱的SSH进行ACCEPT配置,以免直接无法连接的情况发生: [root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT [root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT [root@iZ23gx7o02aZ sysconfig]# /etc/rc.d/init.d/iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@iZ23gx7o02aZ sysconfig]#
2. 修改iptables开放2002端口 [root@iZ23gx7o02aZ sysconfig]# iptables -A INPUT -p tcp --dport 2002 -j ACCEPT [root@iZ23gx7o02aZ sysconfig]# iptables -A OUTPUT -p tcp --sport 2002 -j ACCEPT [root@iZ23gx7o02aZ sysconfig]# /etc/init.d/iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@iZ23gx7o02aZ sysconfig]# 3. 查看iptables的内容 [root@iZ23gx7o02aZ sysconfig]# vi iptables 1 # Generated by iptables-save v1.4.7 on Wed Dec 10 21:20:39 2014 2 *filter 3 :INPUT ACCEPT [4602:266675] 4 :FORWARD ACCEPT [0:0] 5 :OUTPUT ACCEPT [5004:417513] 6 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 7 -A INPUT -p tcp -m tcp --dport 2002 -j ACCEPT 8 -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT 9 -A OUTPUT -p tcp -m tcp --sport 2002 -j ACCEPT 10 COMMIT 11 # Completed on Wed Dec 10 21:20:39 2014
4. 重启iptables [root@iZ23gx7o02aZ sysconfig]# service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@iZ23gx7o02aZ sysconfig]# 5. 运行./rpcapd -n [root@iZ23gx7o02aZ rpcapd]# ./rpcapd -n
Press CTRL + C to stop the server...
socket(): Address family supported by protocol (code 98)
修改成功! |
|
来自: 浸心阁 > 《remote capture》