PaulDotCom mailing list archives
Re: Remote Traffic Sniff with wireshark.
From: Erik Hjelmvik <erik.hjelmvik () gmail com>
Date: Tue, 13 Sep 2011 20:59:40 +0200
You'll need to have an RPCAP agent running on the remote client from where you wanna sniff traffic: http://rpcap.sourceforge.net/ This RPCAP is something old built on top of Sun RPC. I don't think many people are using it today. It would be much better if tcpdump, dumpcap and Wireshark could implement native support for Pcap-over-IP instead, as described here: http://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner Pcap-over-IP is a really nice way of doing lice sniffing from a remote device, such as a firewall. /erik 2011/9/13 Adrian Crenshaw <irongeek () irongeek com>:
Crud, I've never used that function. Thanks for letting me know about it. Adrian On Tue, Sep 13, 2011 at 9:19 AM, Larry McDonald <larrymcdonald () uhost org> wrote:http://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html hmmm maybe it does. On Tue, Sep 13, 2011 at 7:50 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:Not sure I follow you, but you can only sniff local traffic in your collision domain unless you pull off some other shenanigans. May be some network layer stuff you can do to get the traffic coming to you, but that depends on the scenario. Is this IP on the same LAN? Adrian On Tue, Sep 13, 2011 at 3:10 AM, Mohsen Mostafa Jokar <mohsenjokar () gmail com> wrote:Hello All. I want sniffing a remote traffic with Wireshark, when in capture option i select remote interface and enter my remote ip show me error.code(10061). what should i do? Thanks. Best Regards. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Larry McDonald _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Remote Traffic Sniff with wireshark. Mohsen Mostafa Jokar (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Adrian Crenshaw (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Larry McDonald (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Adrian Crenshaw (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Dancing Dan (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Erik Hjelmvik (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Michael Lubinski (Sep 15)
- Re: Remote Traffic Sniff with wireshark. Sven Aluoor (Sep 17)
- Re: Remote Traffic Sniff with wireshark. Larry McDonald (Sep 13)
- Re: Remote Traffic Sniff with wireshark. Adrian Crenshaw (Sep 13)