HackToHell. Powered by Blogger.

How to capture network traffic from remote computers using Wireshark

I will show how to capture traffic from a remote machine, this will be very helpful for analysing malware samples in an VM.

  1. Download WinPcap, the packet capture guru from here and install it onto the remote machine.
  2. If you do not already have wireshark, get it from here.
  3. In the remote system, open an elevated command prompt and type the following commands.
    cd \
    cd "Program Files\WinPcap
    rpcapd.exe -s rpcapd.ini
  4. Now open p rpcapd.ini with notepad and paste in the following.
    # Configuration file help.
    # Hosts which are allowed to connect to this server (passive mode)
    # Format: PassiveClient = 
    PassiveClient =,;
    # Hosts to which this server is trying to connect to (active mode)
    # Format: ActiveClient = , 
    # Permit NULL authentication: YES or NOT
    NullAuthPermit = YES

  5. Now in Start>Run type services.msc.
    Now in the properties windows, make the Startup type automatic, click the start button and close it.

Now in the Capture Options dialog box in Wireshark, select Remote.
Enter the address of the remote system and port as 2002
Now click the start button and you will see that all the traffic of the remote system, post doubts to the comment section.
Share on Google Plus

About hacktohell

Love technology.
    Blogger Comment
    Facebook Comment