Remote Packet Capture

[Tim Naami <tnaami () gmail com>]

I need to capture packets with Wireshark from remote computers.  I used to
use WinPCAP but now am attempting to use NPCAP.  I've installed NPCAP
version 0.9995 on the remote computer.  Still no luck.  Using NMAP to scan
the remote computer I do not see port 2002 available.

Some questions:

   - Does this install as a service that is visible on the Services GUI?
   If so, what is the name?
   - Short of the GUI, I've gone to the command prompt and performed a net
   stop npcap  and net start npcap and get a service to stop and start.
   - The Npcap Loopback Adapter is listed under Computer Management >
   Device Manager > Network Adapters
   - NMAP run from that machine works fine.
   - Wireshark on that machine runs fine.
   - As stated I port scanned the remote computer and don't see port 2002
   open.  Did the port number change?
   - I've run the installer using "Run as Administrator" as well as without.
   - I've gone to the C:\Program Files\Npcap\ directory and run (as
   Administrator) FixInstall.bat  still nothing on port 2002.
   - Referring back to services, should this be NPF?  I've run the
   DiagReport and under the "Service Info" I have:
   - *************************************************
   Service Info:
   *************************************************

   Status      : Running
   Name        : npcap
   DisplayName : Npcap Packet Driver (NPCAP)

   Get-Service : Cannot find any service with service name 'npf'.
   At C:\Program Files\Npcap\DiagReport.ps1:211 char:1
   + Get-Service npf
   + ~~~~~~~~~~~~~~~
       + CategoryInfo          : ObjectNotFound: (npf:String)
   [Get-Service], ServiceCommandException
       + FullyQualifiedErrorId :
   NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceComman


Please let me know what I might be overlooking.

Thank you,

Tim

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/