I have WinPCAP running on a number of machines. I have a couple other devices running Wireshark. I have remote capture working. This is being done so I don't increase too much load on the remote servers being monitored. The problem is there is no way to save remote ports in Wireshark so I have to create them each time. There is a way to use a command line to start Wireshark and map a remote port: wireshark -i rpcap://hostname:2002/adaptername From https://www.winpcap.org/docs/docs_40_2/html/group__remote.html What do I use for adaptername? In Linux it is something like eth0 but I must be missing something as I don't know of the Windows equivalent. Anyone know what that is? It is my hope to write a batch file and call the three to five remote adapters even if it means opening multiple Wireshark windows. asked 19 Oct '16, 14:14  Jollyrgr |
One Answer:
The Windows equivalent is, in Windows 2000 and later, an ugly string including a GUID. There's no name that, like eth0, is likely to be the default interface. And, unfortunately, there's no command-line way in Wireshark to say "give me a list of all the interfaces on a remote machine", so there really isn't a good way to find the name of the interface without running a command on the remote machine or starting up the Wireshark GUI and getting a list of the remote interfaces from the GUI. answered 19 Oct '16, 16:34  Guy Harris ♦♦ |
