This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Windows client with Linux remote packet capture

0

I've got my headless Linux box in the cabinet where I need to capture my packets, but I'd rather use the fancy GUI instead of tshark over ssh. Since all my client systems run Windows I'm trying to setup a Windows Wireshark instance to display remotely captured packets from a Linux host. I looked and rpcapd doesn't appear to be a part of the Ubuntu Wireshark package that I am using. Online I could only find Windows copies of the program. Is this just a configuration that not a lot of people use? Or am I missing an obvious link that puts this puzzle together nicely?

Thanks! -Matt

asked 28 Jan '11, 10:29

mra's gravatar image

mra
1111
accept rate: 0%


2 Answers:

0

That is a configuration not a lot of people use.

It can be made to work though, if you're willing to compile it yourself.

Get the WinPcap source code, extract it and follow what's said in winpcap/wpcap/libpcap/readme-rpcap.txt

answered 28 Jan '11, 15:41

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

i currently use tshark/wireshark on linux, but also over two years i created tools from the ground up using tshark(since tshark can do everything that the GUI can do), i redirected stdin/stdout/stderr streams into c# winform applications. i did have numerous linux packet sniffer boxes in small network with windows host. the packet sniffers in this case were pcmcia cards on the linux boxes. also i used Mono at that time as well. mono by now is much more capable than that time, 2007 to 2008 time frame.

best of luck.

answered 27 Mar '16, 15:55

Ron%20Harding's gravatar image

Ron Harding
61
accept rate: 0%