Wireshark remote capture

edit

Please provide a more detailed description:
- what platform is Wireshark running on?
- what is the network plumbing - switched, wireless, routers, VMs, ....?
- what type of system(s)/device(s) are you trying to make a remote capture on?

I tried to keep it as simple as it can be for the first time: - Win10 laptop connects to router and Win10 desktop connects to same router - they are on the same subnet (technically I wanted to do this inside a LAN) - tried on direct interfaces (ethernet ports) and on ZeroTier remote access as well - connectivity works, ZeroTier even works if they are exactly remote not on the same subnet - tried on admin account and I tried to add user account as well for the purpose

At one time there was a remote capture agent for Windows, but it did not make the transition from winpcap to npcap.

4.6. The “Manage Interfaces” Dialog Box

On Microsoft Windows, the “Remote Interfaces” tab lets you capture from an interface on a different machine. The Remote Packet Capture Protocol service must first be running on the target platform before Wireshark can connect to it.

74: Npcap rpcapd SERVER support

If it's possible to get a ssh server running on Windows you could load a copy of Wireshark and use the sshdump extcap on the local system to execute dumpcap for remote capture.

None of the guides mention I need an ssh server 😅 So this npcap loopback adapter interface is useless and shouldn't been setup? I will try it later when I get home. Do you have a step by step guide?

The npcap loopback adapter can be used to capture traffic on the loopback interface. Thus traffic that remains inside your laptop. There is no relation with remote capturing.

The suggestion is to set up a ssh-server allowing to execute a command remotely (dumpcap, tcpdump, etc.) and stream the output to you. See https://www.wireshark.org/docs/man-pa...