我有一個安裝了 rpcapd 的遠端伺服器,它遵循嚴格的安全策略規則。任何客戶端只能透過遵循相同安全策略的防火牆存取伺服器(請不要怪我,這不是我的主意)。伺服器和防火牆上為遠端擷取目的而開放的唯一連接埠是tcp:2002。防火牆也會阻止任何未知的傳出連接埠。所以整個圖片看起來是這樣的:
client >> firewall (tcp:2002 opened) >> target server (tcp:2002 opened)
問題是:rpcapd 是否使用任何「資料連接埠」(tcp 或 udp)將擷取的流量轉送到客戶端?如果是這樣,這些連接埠是什麼?我可以透過一些cmd開關手動設定它們嗎?
文檔中提到的唯一連接埠是...
-p <port> It sets the port the daemon has to bind to. Default: it binds to port 2002.
..但如果這只是某種“控制端口”,則遠端捕獲在我的情況下將不起作用。
答案1
透過閱讀文檔,活動模式似乎對您提供的模式很有用:[來源:https://www.winpcap.org/docs/docs_412/html/group__remote.html]
Remote Capture Running Modes
The Remote Capture Protocol (RPCAP) can work in two modes:
Passive Mode (default): the client (e.g. a network sniffer) connects to the remote daemon, it sends them the appropriate commands, and it starts the capture.
Active Mode: the remote daemon try to establish a connection toward the client (e.g. the network sniffer); then, the client sends the appropriate commands to the daemon and it starts the capture. This name is due to the fact thet the daemon becomes active instead of waiting for new connections.
The Active Mode is useful in case the remote daemon is behind a firewall and it cannot receive connections from the external world. In this case, the daemon can be configured to establish the connection to a given host, which will have been configured in order to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both Active and Passive Mode.