Capturing remote interface using Ethereal and Wincap

I'm on a Windows environment and I've installed Ethereal and Wincap to capture traffic.  How do I go about capturing remote interface?  I don't see an option for that on the Ethereal menu.  I've done some research and found that I do need to use rdcapd.exe, but don't know where to go from here.

Please advise.  Thanks
nelson97Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
kevinf40Commented:
Hi Nelson97

Can you elaborate slightly please - by remote interface do you mean you want to capture traffic destined for another machine?

0
 
giltjrCommented:
Do you mean rpcapd.exe?   This is a remote packet caputer daemon.  Not sure exactly how it works, but I would assume that you install it on the computer you want to caputer traffic on, start it up, and then use something that support rpcapd to connect to it and receive the traffic.

0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
kevinf40Commented:
My previous post question was entirely unnecessary, as it is clear your intention is to capture packets from a remote machine - apologies it was late!

Have a look here:

http://www.winpcap.org/docs/man/html/group__remote__help.html

Full documentation from the winpcap guys on configuring and using rpcapd.exe.

It's use does require you to install it on the remote machine - I assume you have access to install applications on the machine you want to capture data from?

If you do not have access to the machine but it is on the same vlan as you then you could look at tools for performing man in the middle attacks using arp spoofing (e.g. Cain and Abel for example - www.oxid.it/cain.html)


0
 
JoyIddCommented:
If you want to monitor traffic of machines located at a LAN, just connect the machines you want to monitor to a hub (or use Cain to perform Arp Poisoning if you have a switch) and enable "promiscous mode" in Ethereal to capture all the traffic traversing the hub. To select a specific type of traffic - use filtering function in Ethereal.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.