• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

Capturing remote interface using Ethereal and Wincap

I'm on a Windows environment and I've installed Ethereal and Wincap to capture traffic.  How do I go about capturing remote interface?  I don't see an option for that on the Ethereal menu.  I've done some research and found that I do need to use rdcapd.exe, but don't know where to go from here.

Please advise.  Thanks
  • 2
3 Solutions
Hi Nelson97

Can you elaborate slightly please - by remote interface do you mean you want to capture traffic destined for another machine?

Do you mean rpcapd.exe?   This is a remote packet caputer daemon.  Not sure exactly how it works, but I would assume that you install it on the computer you want to caputer traffic on, start it up, and then use something that support rpcapd to connect to it and receive the traffic.

My previous post question was entirely unnecessary, as it is clear your intention is to capture packets from a remote machine - apologies it was late!

Have a look here:


Full documentation from the winpcap guys on configuring and using rpcapd.exe.

It's use does require you to install it on the remote machine - I assume you have access to install applications on the machine you want to capture data from?

If you do not have access to the machine but it is on the same vlan as you then you could look at tools for performing man in the middle attacks using arp spoofing (e.g. Cain and Abel for example - www.oxid.it/cain.html)

If you want to monitor traffic of machines located at a LAN, just connect the machines you want to monitor to a hub (or use Cain to perform Arp Poisoning if you have a switch) and enable "promiscous mode" in Ethereal to capture all the traffic traversing the hub. To select a specific type of traffic - use filtering function in Ethereal.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now