Why it currently doesn't work with WinPcap 3.1 :-(ĭoing all this, you'll get a running capture. Without deeply thinking about it, I don't see an easy way to set a correct capture filter, as the port used to transfer the rpcap data will be choosen randomly?!? (the port seems to be negotiated while establishing - we might ask the WinPcap about this). If you capture on the same interface where the rpcap protocol is used to transfer the capture data between the daemon and the client, you'll soon (~100 packets) get a *lot* of traffic as the deamon will capture it's own traffic though create even more traffic … Well, where to get that interface name from? I've got that name from an already installed Wireshark on the remote machine. Rpcap:///\Device\NPF_ is the interface to capture from (would be something like eth0 on linux). Inside Wireshark you would simply type something like the following into the Interface field of the Capture Options dialog box: There is an option to run the daemon as a Windows service, but I didn't try that. The -n will turn off authentication, as Wireshark can't use it and the daemon won't work together with Wireshark otherwise. The easiest is to start the deamon from the command line now: I'll only explain the Win32 one, the Linux one should work similar.įirst install WinPcap on the remote machine. The daemon is available for both Win32 and Linux. The following would be the easiest setup to bring Wireshark to work remotely. You'll find additional info at the related WinPcap page: Remote Capture or the link at the bottom of this page.
Then you can take the capture files and use Wireshark to analyze them … This analyzer has the same origins as WinPcap itself, so it might work better than Wireshark for this feature (for now).
If you really need it, you may try analyzer to do the remote capture. It should also work with the current version of Wireshark and WinPcap 4.x. This feature will not work with WinPcap 3.1 it has been tested with with Ethereal 0.10.13 + WinPcap 4.0 alpha 1 using a Cisco MDS 9216 switch's fcanalyzer as the the remote capture device, and does work. This page is to collect information experienced while trying to bring this feature to life. The remote capture feature of WinPcap 3.1 is currently not working together with Wireshark!!!
0 kommentar(er)
