Remote capture usage

In this section, we'll take a look at how to use that remote packet capture software that we set up with WinPcap on the remote system.

In order to use that remote WinPcap service running on the remote system and capture packets from it, we need to add that into our local Wireshark interface so that we can capture it. So in order to do this, we will perform the following steps:

1. We will go ahead and click on Capture options icon.
2. Click on Manage Interfaces... and you'll see here that there's the Remote Interfaces tab; click on that.
3. Click on the plus icon in the bottom left-hand side here.
4. Enter in the Host IP address of that remote system.
5. Click on the Password authentication radio button, and enter in the credentials for that service account that we created. I used pcap here. You can then enter in the username and password and click on OK. At this point, it should show us the remote interfaces that it sees on the other device. So you see here that's my 5.25 device, and here's the interface that it detected:

If you do not see this at this point, or you get a popup saying that you have some sort of connection error or it can't connect to the remote host, or anything like that, make sure that the service is running. Remember, when we set up the service on the remote system, it was on manual for the service—it was not automatic. So there's a good chance that the server's stopped or the system has rebooted, or something like that. Go over there and make sure that the service is enabled.

1. So we go ahead and click on OK. You'll see that it shows in our interface list here. We can then go ahead and click on Start:

And that's all there is to it.