This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to Capture packets of a remote computer ??

0

I wanna capture packets from a remote computer, let say my friend is chatting with me, is it possible to capture all his ingoing and outgoing traffic by WireShark ?

asked 23 May '11, 05:18

nzhacker's gravatar image

nzhacker
1111
accept rate: 0%

retagged 24 May '11, 15:56

helloworld's gravatar image

helloworld
3.1k42041


2 Answers:

0

Yes or no, depending where your friend is. If he's right next to you, sharing a hub (not switch) with you that will "broadcast" all frames, you can capture everything. If he's on a switch or even at another location then no, you can't.

answered 23 May '11, 05:31

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

0

I'm guessing at what you're wanting to accomplish, but if you are trying to help your friend resolve a problem and have their cooperation you can use "rpcapd" to do remote capture if you need to get all of the connection-type traffic, plus the upper-layer traffic.
If you are 'chatting' using something like Windows live messenger, and interested more in the actual message traffic, as I recall that traffic is sent in clear text, and your capture file will have both the incoming and outgoing traffic/text related to those messages in it without doing a remote capture on the other computer. Or as Jasper mentioned, you can use a hub at the remote location and capture all traffic broadcasted/received in parallel with the remote computer.

Hope this is helpful, John

answered 23 May '11, 08:00

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%