A Linux box running on VMWare can be used for network capture and as a DNS server or a simulated internet. To achieve this, we can use the host-only networking mode set on all the participating guests with a Windows XP SP2 guest and a *nix guest to a bare minimum. You set it to Vmnet1 (host only) default network and the VMware DHCP service assigns IP addresses to each of them. You ping the Linux guest from the Windows guest to confirm that you are connected. Then disable the Windows firewall and try to ping the Windows guest from Linux. Since you will be using the Windows XP guest as the analysis OS and Linux for network analysis mainly, you will have to set the default gateway parameter as well as the preferred DNS server manually in the Windows guest to the IP address of the Linux guest. The IP addresses can be different on your setup. Now, all the traffic will be routed to the Linux box where you can run Wireshark and study the packet captures...