Remote packet capturing using Wireshark

Remote packet capturing using Wireshark

Wireshark offers a feature to capture packets from remote cards!Wireshark Logo

To start capturing, simply open a elevated command prompt and type:

net start rpcapd

on your target machine.
You must have installed WinPcap already.

 

Then, by going into Wireshark on your source machine, Capture > Options. (or hitting Ctrl+K)

a

Hit Manage Interfaces button, and click on the Remote Interfaces tab.

b

Now click Add button and fill the information needed along with port 2002 (default rpcapd port)

c

After that, try to sniff remotely, done!