This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Find Adapter Name for WinPCAP

0

I have WinPCAP running on a number of machines. I have a couple other devices running Wireshark. I have remote capture working. This is being done so I don't increase too much load on the remote servers being monitored.

The problem is there is no way to save remote ports in Wireshark so I have to create them each time.

There is a way to use a command line to start Wireshark and map a remote port:

wireshark -i rpcap://hostname:2002/adaptername

From https://www.winpcap.org/docs/docs_40_2/html/group__remote.html

What do I use for adaptername? In Linux it is something like eth0 but I must be missing something as I don't know of the Windows equivalent. Anyone know what that is? It is my hope to write a batch file and call the three to five remote adapters even if it means opening multiple Wireshark windows.

asked 19 Oct '16, 14:14

Jollyrgr's gravatar image

Jollyrgr
6112
accept rate: 0%


One Answer:

0

The Windows equivalent is, in Windows 2000 and later, an ugly string including a GUID. There's no name that, like eth0, is likely to be the default interface.

And, unfortunately, there's no command-line way in Wireshark to say "give me a list of all the interfaces on a remote machine", so there really isn't a good way to find the name of the interface without running a command on the remote machine or starting up the Wireshark GUI and getting a list of the remote interfaces from the GUI.

answered 19 Oct '16, 16:34

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%