Wireshark-users: Re: [Wireshark-users] how to configure remote captureusing wireshark

From: "Max P" <addax.ws@xxxxxxxxx>
Date: Wed, 29 Oct 2008 00:34:25 -0700
Hi,

Found your post. Probably you already found information but maybe not.

I did some implementation to support Remote functionality in GUI. I compiled version which I'm using for my work. It can be download from here. It's Win32 version.

Sorry I did not create installer version so just unpack archive to any directory and start wireshark.exe.
Local installed WinPCAP required. If you do not know how to install WinPCAP just run regular WireShark installation (0.99.6 recommended). It'll do everything needed.

If you want capture from remote Windows PC go to WinPCAP installation directory on remote PC and start rpcapd.exe. Copy from your Windows PC should also work.

To remote capture from Linux PC rpcapd should be started. Check for information how to build rpcapd for linux here.

I have compiled development version of rpcapd for FC4  (can work on other linux'es as well). Available here.

You need to use -n flag for now when rpcapd started. Read documentation (link I posted above) if have any questions on rpcapd.

After you start rpcapd, lunch my version of wireshark. Go Properties->Capture->Edit..... You'll find a way to add new remote interface.
Then go to Capture->Interfaces you'll see new interface in list. It should work as regular interface.

Any comments welcome.
Max



On Sun, May 11, 2008 at 11:35 PM, vijaya n <vnemakal2@xxxxxxxxx> wrote:
Hi,
I am a newbie to wireshark. I am interested in using the remote capture capabilities of wireshark.I have downloaded the 1.0 version of wireshark. The release notes of earlier release says that the remote capture facility is integrated in the wireshark.
But I do not see any options on the wireshark gui to do remote capture.
I could not get much help from any of the documents or in the web either on the usage of remote capture functionality using wireshark.
I wanted to know the steps to follow to configure the remote capture.
 
I went through http://www.mail-archive.com/wireshark-users@xxxxxxxxxxxxx/msg02940.html  mail chain but that didn't help much.
 
And in linux, the rpcap feature is not enabled by default. I enabled it and the compilation is failing.

Any information on how to configure wireshark for using the remote capture functionality and how it is designed would be much appreciated
Thanks in advance for the help
regards
Vijaya


Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users