I've got my headless Linux box in the cabinet where I need to capture my packets, but I'd rather use the fancy GUI instead of tshark over ssh. Since all my client systems run Windows I'm trying to setup a Windows Wireshark instance to display remotely captured packets from a Linux host. I looked and rpcapd doesn't appear to be a part of the Ubuntu Wireshark package that I am using. Online I could only find Windows copies of the program. Is this just a configuration that not a lot of people use? Or am I missing an obvious link that puts this puzzle together nicely? Thanks! -Matt asked 28 Jan '11, 10:29  mra |
2 Answers:
That is a configuration not a lot of people use. It can be made to work though, if you're willing to compile it yourself. Get the WinPcap source code, extract it and follow what's said in winpcap/wpcap/libpcap/readme-rpcap.txt answered 28 Jan '11, 15:41  Jaap ♦ |
i currently use tshark/wireshark on linux, but also over two years i created tools from the ground up using tshark(since tshark can do everything that the GUI can do), i redirected stdin/stdout/stderr streams into c# winform applications. i did have numerous linux packet sniffer boxes in small network with windows host. the packet sniffers in this case were pcmcia cards on the linux boxes. also i used Mono at that time as well. mono by now is much more capable than that time, 2007 to 2008 time frame. best of luck. answered 27 Mar '16, 15:55  Ron Harding |
