[Winpcap-users] rpcapd & Wireshark 1.2.1 / WinPcap 4.1beta5

j.snelders at telfort.nl j.snelders at telfort.nl
Mon Aug 17 12:36:34 PDT 2009 

Remote capturen fails and I can't figure out why.
I did start the service at the remote daemon. I've used password authentication,
could select the proper interface, start Wireshark, but I didn't capture
any traffic from the remote machine.


I launched another instance of Wireshark and captured this traffic during
remote capture setup:
  6   0.000683 192.168.100.12 -> 192.168.100.14 RPCAP 81 Authentication request
  7   0.089700 192.168.100.14 -> 192.168.100.12 RPCAP 62 Authentication reply
  8   0.089829 192.168.100.12 -> 192.168.100.14 RPCAP 62 Find all interfaces
request
  9   0.170706 192.168.100.14 -> 192.168.100.12 RPCAP 798 Find all interfaces
reply
 17  25.433024 192.168.100.12 -> 192.168.100.14 RPCAP 81 Authentication request
 18  25.435069 192.168.100.14 -> 192.168.100.12 RPCAP 62 Authentication reply
 19  25.435126 192.168.100.12 -> 192.168.100.14 RPCAP 112 Open request
 20  25.437210 192.168.100.14 -> 192.168.100.12 RPCAP 70 Open reply
 21  25.448845 192.168.100.12 -> 192.168.100.14 RPCAP 90 Start capture request
 22  25.454141 192.168.100.14 -> 192.168.100.12 RPCAP 70 Start capture reply
 26  25.455400 192.168.100.12 -> 192.168.100.14 RPCAP 414 Update filter request
 27  25.457252 192.168.100.14 -> 192.168.100.12 RPCAP 62 Update filter reply

Note:
When I uninstall WinPcap 4.1beta5 on the remote daemon and the local client
and install WinPcap 4.0.2 everything works fine.

Best regards
Joan


Wireshark:
Version 1.2.1 (SVN Rev 29141)

Copyright 1998-2009 Gerald Combs <gerald at wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with
MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, with AirPcap 3.2.3 build 1297.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

More information about the Winpcap-users mailing list