This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

pcaps capture

0

Hello Everybody,

I the following situation. I have one PC with two wireless cards (NICs) and one laptop. The one NIC is responsible for an Access point, let's say MyAP and the other one is a normal receiver, let's say PC_Recv. I want to ping from PC_Recv to MyAP and then do the same thing backwards, ping from MyAP to PC_Recv. After that I want capture pcaps for these pings from my laptop. The PC and laptop are connected in one network via hostapd (MyAP).

so, could someone tell me how do I capture pcaps from above? Thanks!

asked 10 Feb '17, 07:44

Euclid's gravatar image

Euclid
6112
accept rate: 0%


One Answer:

0

If you don't need to view the packets live, I would install wireshark on the PC, capture the traffic on the interfaces that you are interested in (MyAP and PC_Recv), save the file, and transfer to your laptop and view the capture file there.

If you need to view the traffic live, you should be able to do that also. The exact method would depend on your setup. Do you have Windows installed on both computers? The easiest solution I can think of, and others may have better suggestions, is to just use a remote desktop program (TeamViewer, NX, LogMeIn, etc) to connect from the laptop to the PC. The PC is still the one capturing the packets in wireshark, but you can see them from the laptop, and save off a file if you need to. A slightly more complicated solution would involve installing cygwin and ssh on both machines (unless you have Linux, then you should already have the tools installed). You could monitor the packets like this:

From the laptop (with cygwin and ssh installed):

ssh [email protected] "tshark -i <PC-INTERFACE1> -s0 -U -F pcapng -w - " | wireshark -k -i -

This will run tshark on the PC and will output the packets to standard output, which then gets sent over the ssh tunnel to your laptop, which then gets fed into wireshark and displayed on your laptop. This would take some further configuration to start the ssh server on the PC (openssh) and get the tshark executable in the path. But it is a handy tool to have once you get it working.

answered 10 Feb '17, 08:14

Lemurshark's gravatar image

Lemurshark
26569
accept rate: 0%