Hi, I have installed Wireshark 1.10.3 and winpcap 4.1.3 in my local windows machine. Tried to add remote interfaces for the specific host name by specifying host name for host , port number for port, and username. password for password authentication. i am getting the error "can't get list of interfaces:incompatiable version number: message discarded. I verified that remote host name is accesible from my local windows machine. I tried this by using ping command. I'm not sure that what the reason for this. Help us to figure out reason for this error and share procedure for how to connect to remote hostname via wireshark. Thanks in advance. asked 16 Dec '13, 04:29  Manivas |
One Answer:
Sounds like you did not install WinPcap on the remote host and/or did not start rpcapd (Remote Capturing Daemon) on that machine.
Please search the site for 'rpcapd' to get similar questions and answers. If you've installed and started rpcapd on the remote machine, please post the output of the following command (run it as Administrator in an elevated DOS box).
In that output search for 'rpcapd' or '2002' and post the two lines before and after the line that contains those strings. Regards answered 16 Dec '13, 06:27  Kurt Knochner ♦ edited 17 Dec '13, 03:02 showing 5 of 11 show 6 more comments |
Hi,
Thanks for your support.
Executed command "netstat -nap", it's not giving any output values for Proto, Local Address, Foreign address and state.
I tried the command "rpcapd -a " command from winpcap installed location"C:\Program Files (x86)\WinPcap" to start, but its giving output as "rpcapd: option requires an argument --a , Press CTRL+C to stop the server". What it could means, whether server started or it required some other parameters.
Thanks in advance.
sorry, on Windows it's
'b' instead of 'p'
Please read the rpcapd documentation!
Hi, Thanks for your support.
Can you please suggest the link for downloading wireshark install via RPM on Redhat Systems.
Wireshark software download for Redhat system.
There is only the repository of Red Hat, but they offer only an ancient version of Wireshark. So, if you want a recent version, you must compile it yourself.
BTW: If you want to run rpcapd on Red Hat, that won't be included in any Wireshark package. You can however compile it yourself from the sources of WinPcap.
Thanks,
Can you please share link to download Wireshare for Redhat systems to install in linux machines.
As I said, it's in the repository of Red Hat.
BTW: why are we talking about Red Hat? You started the question with WinPcap!?!
Hi,
Could you please explain the difference between working nature of below two command.
tcpdump -w xpackets2.pcap -i eth0 src host-name
tcpdump -w xpackets2.pcap -i eth0 dst host-name
Thanks in advance.
Hi,
could you please open a new question and close this one by accepting it, if the answer was helpful to you. This i a Q&A site. Asking new questions in an existing one is undesirable.
Thanks,its helped me a lot.
Good.
Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).