This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Remote packet capture

1

How do you do a remote capture using a (Mac) Apple with Wireshark on it and a XP machine with Winpcap for a host? I guess I'm really not sure of where the remote capture with host field is located in the Mac version of Wireshark. Thanks in advance for the support.

asked 26 May '14, 06:18

entrophy's gravatar image

entrophy
16223
accept rate: 0%

Found the manage interface through the interface and it looks like it may need some type of pipe configured for the remote capture device running XP. Please assist with needed pipe.

(26 May '14, 06:23) entrophy

2 Answers:

0

You mean QTShark? I don't think it has the option dialogs to add remote capture interfaces yet.

If you have the "old" Wireshark with the GTK interface go to Capture -> Options -> press the "Manage Interfaces" button, select "Remote Interfaces" tab and add a new interface.

answered 26 May '14, 06:23

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Okay.... so ya installed WS on XP and the path you listed is available but, when the info is put in is does not update. I am currently using host,port,and null authentication.

(26 May '14, 07:00) entrophy

Usually you should get a new interface in your interface list. If not, it could be that the feature does not work for you. Remote captures are not always working as expected unfortunately.

(26 May '14, 07:09) Jasper ♦♦

So got it to stop freezing on the XP machine by forwarding a port on the router but, I still get a error message saying a server is not configured correctly in both authenticated and non authentication .

(26 May '14, 07:14) entrophy

0

Did you start rpcapd.exe on the Windows box manually? It won't be started automatically.

http://www.winpcap.org/docs/docs_40_2/html/group__remote.html

Regards
Kurt

answered 26 May '14, 16:20

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%