- Download WinPcap, the packet capture guru from here and install it onto the remote machine.
- If you do not already have wireshark, get it from here.
- In the remote system, open an elevated command prompt and type the following commands.
cd "Program Files\WinPcap
rpcapd.exe -s rpcapd.ini
- Now open p rpcapd.ini with notepad and paste in the following.
# Configuration file help. # Hosts which are allowed to connect to this server (passive mode) # Format: PassiveClient =
PassiveClient = 192.168.1.2,192.168.1.1; # Hosts to which this server is trying to connect to (active mode) # Format: ActiveClient = , # Permit NULL authentication: YES or NOT NullAuthPermit = YES
- Now in Start>Run type services.msc.
Now in the Capture Options dialog box in Wireshark, select Remote.
Enter the address of the remote system and port as 2002
Now click the start button and you will see that all the traffic of the remote system, post doubts to the comment section.