Ask Your Question
0

I don't have remote interfaces options on my Wireshark installed on a MAC book

asked 2023-07-14 20:09:16 +0000

Oye gravatar image

I don't have remote interfaces options on my Wireshark installed on a MAC book.

Capture>>Options>>manage interfaces>> NO "Remote Interfaces"

edit retag flag offensive close merge delete

Comments

Were they configured and now missing or were never added?

WSUG - 4.6. The “Manage Interfaces” Dialog Box

To add a new remote capture interface, click + and specify the following:
Host The IP address or host name of the target platform where the Remote Packet Capture Protocol service is listening.

Chuckc gravatar imageChuckc ( 2023-07-14 20:18:47 +0000 )edit

I don't have the option to add;

Oye gravatar imageOye ( 2023-07-14 20:24:33 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2023-07-15 02:41:31 +0000

Guy Harris gravatar image

I don't have remote interfaces options on my Wireshark installed on a MAC book

It's not an "option" in the sense of something you can select when you install Wireshark or something you can turn on or off in the preferences.

It's a feature provided by libpcap, and the version of libpcap that comes with macOS, most if not all Linux distributions, most if not all of the *BSDs, Solaris, and AIX doesn't have that feature enabled, which means that programs using libpcap, such as Wireshark, don't offer it.

As far as I know, the only versions of libpcap that include it are the versions in WinPcap and Npcap for Windows.

It's not enabled by default on UN*Xes because there is a security risk involved with communicating with possibly-untrusted hosts and because code that uses libpcap may run with elevated privileges to allow it to capture on local machines. It's enabled by default in WinPcap because that's where it was first implemented, and it's enabled by default in Npcap because it's a replacement for WinPcap.

(I spent some time a while ago checking the code to make sure it didn't have the usual sort of buffer overflow etc. issues that cause the most obvious problems, but I'm not sure it's time to enable it by default.)

So, if you want to capture on a remote machine using the rpcap mechanism, you'd have to rebuild libpcap from source with remote capture enabled, install it, and then rebuild Wireshark from source. The resulting WIreshark should be able to do remote captures.

Another possibility is to use the sshdump extcap mechanism, which uses the ssh protocol to run tcpdump or dumpcap on a remote machine and have it send the capture to the machine running Wireshark.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2023-07-14 20:09:16 +0000

Seen: 721 times

Last updated: Jul 15 '23