Welcome to the rpcap home page

What is rpcap?

RPCAP is a Remote Packet Capture system.  It enables you to run a packet capture program (the server) on a target computer, which will sniff the network traffic on that system, and uplink the captured packets to another host (the client), where the captured packets can be processed, analysed and archived .  The rpcap system thus consists of two separate processes, the server (or agent) which captures network traffic on a remote system, and a client, which receives and processes these packets.  The server code is a standalone executable program which uses the libpcap packet capture library to capture network traffic.  The client is actually a library called librpcap, which is linked to a user program and used on the client system in a manner identical to libpcap, to receive and process the captured packets.

The librpcap client library exposes a subset of the pcap API as defined in the pcap (3) manpage.  The API is used in a manner identical to that of libpcap, so that any programs which do not use the libpcap functions not present in rpcap can directly link to rpcap in place of pcap.  The API functions as a set of pcap-compatible wrapper functions over a Sun RPC interface to the remote server, which invoke the corresponding libpcap functionality on it.


At this time, rpcap has been built and tested only on Linux on Intel platforms.  However, it should build on any UNIX like system that supports multithreading and has the RPC libraries and utilities available, so that it should be possible to build it on most systems.  Please note however that there are a couple of bugs in the code (all my own!) that currently restrict it to little-endian systems.  I will fix this ASAP.

Current Status

RPCAP is currently at version 0.23. It works, but is still alpha code. Be careful! There is an accompanying port of tcpdump, called rtdump, which has been linked against rpcap for remote capture applications. See the News and Documentation pages for details.


RPCAP is available under the GNU General Public Licence, a copy of which  is included in the distribution in the file COPYING.  You can also download a copy at the Free Software Foundation's website.

The Author

RPCAP was written by S. Krishnan (sri_krishnan at users.sourceforge.net).

SourceForge                               Logo