上QQ阅读APP看书,第一时间看更新
Capture packets on a remote machine
For capturing data from a remote machine, perform the following actions:
- Install the pcap driver on the remote machine. You can find it at http://www.winpcap.org/ or install the entire Wireshark package instead.
- For capturing data on the remote machine, choose Options | Capture Interfaces |Manage Interfaces|Remote Interface. The following window will open:
- On the local machine:
- Host name: The IP address or host name of the remote machine
- Port: 2002: You can leave it open and it uses the default 2002
- Password authentication: The username and password of the remote machine.
- On the remote machine:
- Install WinPcap on the remote PCs that you want to collect data from. You can get it from http://www.winpcap.org/. You don't need to install Wireshark itself, only WinPcap.
- Configure the firewall is open to TCP port 2002 from your machine.
- On the remote PC, add a user to the PC user list, give it a password, and administrator privileges. You configure this from Control Panel | Users Accounts and Family Safety|Add or remove user accounts | create a new account.
- Right-click on the Start symbol down to the left of the Windows screen, choose Open Windows Explorer, right-click on Computer, and choose Manage. In the Manage window, open the services, as illustrated here:
- You will see the interface you have configured on the remote interfaces, and when you click on OK, you will also see it on the local interfaces' list. Now you can capture packets on it as if it was a local interface on your machine.
This feature can be useful when , for example, you monitor connectivity between your PC and a remote one, or even between two remote machines. When you implement it, you will see the packets that are living on the device; then you will see them arrive (or not!) at the other device, which is a very powerful tool.
This file is attached as Cap_B05518_01_01.