This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Issue in remote capture option (Wireshark-1.10.8)

0

Hi All

We have a requirement to capture packets from a remote machine. We used the feature provided by Wireshark to get this done. But, i observed some issues while performing the remote capture. Following are the ones listed.

  • Remote interface link type listed as "Unknown" alt text

  • When i forcefully start the capture i am getting error as "Could not set the capture buffer size!" alt text

  • Not able to apply capture filter, getting error as "Link type of the interface not specified". alt text

Are these issues a known issues or is it due to a specific reason. I am using Wireshark-1.10.8 version (WinPcap-4.1.3) on Windows platform. Can anyone let me know what could be the issue. On the same interface i tried remote capture using Wireshark-1.6.1 version, it works fine.

asked 22 Apr '15, 09:03

Kiran%20Kumar%20G's gravatar image

Kiran Kumar G
21111415
accept rate: 0%

edited 22 Apr '15, 09:04

what is the WinPcap version on the remote machine and what is the OS and OS version there?

(22 Apr '15, 09:05) Kurt Knochner ♦

Remote machine OS and version = RHELv6.4 Since it is Linux we are using rpcapd to perform remote capture. We also observed that remote capturing works fine with Wireshark-1.6.x and 1.8.x versions. But fails in 1.10.x and 1.12.x versions.

(24 Apr '15, 07:00) Kiran Kumar G

I am using rpcapd on Linux in order to connect remotely from Windows machine. Is there any constraint of using a specific version of rpcapd along with Wireshark-1.12.4 in order to work properly.

(27 Apr '15, 05:55) Kiran Kumar G

Can anyone help on this issue ?

(06 May '15, 07:04) Kiran Kumar G