Capturing remote interface using Ethereal and Wincap

Posted on 2006-05-11
Last Modified: 2008-01-09
I'm on a Windows environment and I've installed Ethereal and Wincap to capture traffic.  How do I go about capturing remote interface?  I don't see an option for that on the Ethereal menu.  I've done some research and found that I do need to use rdcapd.exe, but don't know where to go from here.

Please advise.  Thanks
Question by:nelson97
    LVL 5

    Expert Comment

    Hi Nelson97

    Can you elaborate slightly please - by remote interface do you mean you want to capture traffic destined for another machine?

    LVL 57

    Accepted Solution

    Do you mean rpcapd.exe?   This is a remote packet caputer daemon.  Not sure exactly how it works, but I would assume that you install it on the computer you want to caputer traffic on, start it up, and then use something that support rpcapd to connect to it and receive the traffic.

    LVL 5

    Assisted Solution

    My previous post question was entirely unnecessary, as it is clear your intention is to capture packets from a remote machine - apologies it was late!

    Have a look here:

    Full documentation from the winpcap guys on configuring and using rpcapd.exe.

    It's use does require you to install it on the remote machine - I assume you have access to install applications on the machine you want to capture data from?

    If you do not have access to the machine but it is on the same vlan as you then you could look at tools for performing man in the middle attacks using arp spoofing (e.g. Cain and Abel for example -

    LVL 1

    Assisted Solution

    If you want to monitor traffic of machines located at a LAN, just connect the machines you want to monitor to a hub (or use Cain to perform Arp Poisoning if you have a switch) and enable "promiscous mode" in Ethereal to capture all the traffic traversing the hub. To select a specific type of traffic - use filtering function in Ethereal.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now