Ask Your Question
0

Remote Capture on Mac

asked 2022-04-14 11:39:57 +0000

colritz gravatar image

updated 2022-04-14 13:33:23 +0000

I am trying to do a remote packet capture using Pyshark- pyshark.RemoteCapture('192.168.1.101', 'eth0') - from a remote host - my computer ( Mac)- with a Raspberrypi4. I have installed Wireshark and I am running a python script with the remotecapture command on my pi, and i know " The remote machine (which is my computer) should have rpcapd running in null authentication mode (-n)" as stated here: https://github.com/KimiNewt/pyshark/b... ".

I am aware remote capture normally only works on Windows, but I am wondering if there is any way i can make rpcapd run null authentification mode to use it with my Mac... or any other ways to use remotecapture pyshark command with my Mac!

Any help would be amazing.

Thanks.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-04-14 13:11:50 +0000

Jaap gravatar image

Think 'MacOS' not 'Windows' (assuming you're running MacOS, are you?). Then leverage the sshdump extcap interface, rather than fiddling with building your own libpcap (which you would have to do).

edit flag offensive delete link more

Comments

Thanks Jaap, can i use pyshark with sshdump extcap interface?

colritz gravatar imagecolritz ( 2022-04-14 13:34:22 +0000 )edit

I don't know. We don't maintain that project.

Jaap gravatar imageJaap ( 2022-04-15 11:07:22 +0000 )edit
0

answered 2022-04-17 07:33:10 +0000

Guy Harris gravatar image

As Jaap noted, there's more involved here than authentication.

The only versions of libpcap I know of that include the rpcap client code are WinPcap and Npcap; the versions provided with various Linux distributions, the *BSDs, macOS, etc. tend not to have the rpcap source compiled in (it's not configured in by default).

As such, you'd need to build libpcap from source with rpcap support enabled, install it, and then build Wireshark from source with that version of libpcap.

If you were to do that, and you want to run the rpcap server with null authentication enabled, you would have to arrange that it run with the -n command-line flag, or set up the rpcapd configuration file with a

NullAuthPermit=YES

line (and, if rpcapd is running, send it a SIGHUP signal with kill -HUP {process-id-of-rpcapd} to get it to reread the configuration file).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-04-14 11:39:57 +0000

Seen: 426 times

Last updated: Apr 17