How to block own rpcap traffic where tshark is running?
Posted
by
Pankaj Goyal
on Server Fault
See other posts from Server Fault
or by Pankaj Goyal
Published on 2013-11-07T19:08:21Z
Indexed on
2013/11/07
21:59 UTC
Read the original article
Hit count: 314
Platform :- Fedora 13 32-bit machine
RemoteMachine$ ./rpcapd -n
ClientMachine$ tshark -w "filename" -i "any interface name"
As soon as capture starts without any capture filter, thousands of packets get captured. Rpcapd binds to 2002 port by default and while establishing the connection it sends a randomly chosen port number to the client for further communication. Both client and server machines exchange tcp packets through randomly chosen ports. So, I cannot even specify the capture filter to block this rpcap related tcp traffic.
Wireshark & tshark for Windows have an option "Do not capture own Rpcap Traffic" in Remote Settings in Edit Interface Dialog box. But there is no such option in tshark for linux.
It will be also better if anyone can tell me how wireshark blocks rpcap traffic....
© Server Fault or respective owner