Remote packet capturing using Wireshark

Remote packet capturing using Wireshark

Wireshark offers a feature to capture packets from remote cards!Wireshark Logo

To start capturing, simply open a elevated command prompt and type:

net start rpcapd

on your target machine.
You must have installed WinPcap already.


Then, by going into Wireshark on your source machine, Capture > Options. (or hitting Ctrl+K)


Hit Manage Interfaces button, and click on the Remote Interfaces tab.


Now click Add button and fill the information needed along with port 2002 (default rpcapd port)


After that, try to sniff remotely, done!