I am trying to set up a remote packet capture on a device that is natted behind a firewall. I have forwarded port 2002 to the device. I get a list of interfaces but when I start the capture i get no data. It says that there is an active capture running but no packets captured. then It errors out with the following message: No packets captured! As no data was captured, closing the temporary capture file! Help about capturing can be found at: Wireless (Wi-Fi/WLAN): Try to switch off promiscuous mode in the Capture Options! Error while capturing packets: Is the server properly installed on 98.190.240.71? connect() failed: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ( Please report this to the Wireshark developers. (This is not a crash; please do not report it as such.) Any help with this would be greatly appreciated. Thanks asked 12 Jul '11, 13:20  kkarl528 edited 12 Jul '11, 20:09  cmaynard ♦♦ |
One Answer:
Remote packet capture isn't support on NAT'ed connections. The reasons are:
answered 13 Jul '11, 01:10  Jaap ♦ Would it work using active mode with Analyzer instead of Wireshark? (13 Jul '11, 05:13) cmaynard ♦♦ Its description says so... (13 Jul '11, 06:23) Jaap ♦ Right, but I didn't know if anyone ever actually tried this and knew for sure if it would work or not. I guess kkarl528 can tell us for sure if he tries it. And if it does work, then this might be a candidate enhancement feature for Wireshark if anyone cares to file a bug report for it. (13 Jul '11, 07:03) cmaynard ♦♦ I'm sure I've seen the request before. Now for someone to program it... (14 Jul '11, 01:52) Jaap ♦ |
Which version of WinPcap are you running? Note that the Wireshark WinPcapRemote page indicates that WinPcap 3.1 does not work. If you're not running the latest version of WinPcap, version 4.1.2 as of this writing, I'd recommend that you upgrade.