How do you do a remote capture using a (Mac) Apple with Wireshark on it and a XP machine with Winpcap for a host? I guess I'm really not sure of where the remote capture with host field is located in the Mac version of Wireshark. Thanks in advance for the support. asked 26 May '14, 06:18  entrophy |
2 Answers:
You mean QTShark? I don't think it has the option dialogs to add remote capture interfaces yet. If you have the "old" Wireshark with the GTK interface go to Capture -> Options -> press the "Manage Interfaces" button, select "Remote Interfaces" tab and add a new interface. answered 26 May '14, 06:23  Jasper ♦♦ Okay.... so ya installed WS on XP and the path you listed is available but, when the info is put in is does not update. I am currently using host,port,and null authentication. (26 May '14, 07:00) entrophy Usually you should get a new interface in your interface list. If not, it could be that the feature does not work for you. Remote captures are not always working as expected unfortunately. (26 May '14, 07:09) Jasper ♦♦ So got it to stop freezing on the XP machine by forwarding a port on the router but, I still get a error message saying a server is not configured correctly in both authenticated and non authentication . (26 May '14, 07:14) entrophy |
Did you start rpcapd.exe on the Windows box manually? It won't be started automatically.
Regards answered 26 May '14, 16:20  Kurt Knochner ♦ |
Found the manage interface through the interface and it looks like it may need some type of pipe configured for the remote capture device running XP. Please assist with needed pipe.