In this section, we'll take a look at how to use that remote packet capture software that we set up with WinPcap on the remote system.
In order to use that remote WinPcap service running on the remote system and capture packets from it, we need to add that into our local Wireshark interface so that we can capture it. So in order to do this, we will perform the following steps:
- We will go ahead and click on
Capture options
icon. - Click on
Manage Interfaces...
and you'll see here that there's theRemote Interfaces
tab; click on that. - Click on the plus icon in the bottom left-hand side here.
- Enter in the
Host
IP address of that remote system. - Click on the
Password authentication
radio button, and enter in the credentials for that service account that we created. I usedpcap
here. You can then enter in the username and password and click onOK
. At this point, it should show us the remote interfaces that it sees on the other device. So you see here that's my5.25
device, and here...