Wireshark Remote Capture Issues

asked 2018-09-18 16:47:03 +0000

yuljk gravatar image

updated 2018-09-18 20:13:54 +0000

Hi guys - I'm attempting to setup remote capturing. I have opened up TCP port 2002 on the Windows 10 firewall - which allows me to add remote interfaces.

However, when I attempt to capture, it times out and states 'is the server configured correctly..'

I can see from netstat -an that the machine is indeed listening on port 2002 - If I disable the Windows Firewall on the target machine everything works. Are there any additional ports that require opening for packet capture to take place?

Windows Firewall log shows

2018-09-18 20:40:56 DROP TCP 192.168.50.100 192.168.50.186 60281 65213 52 S 3176331892 0 8192 - - - RECEIVE

Also - I have noticed that when adding a remote interface, I see multiple entries for the same machine in the Remote Interfaces window - All entries are identical with the same list of interfaces. Wireshark version is 2.6.3 and Winpcap is on the latest release.

Many thanks

edit retag flag offensive close merge delete

Comments

Any ideas guys/gals?

yuljk gravatar imageyuljk ( 2018-09-29 11:06:42 +0000 )edit