I have WinPCap installed and service started I have a local profile on the computer with Admin rights But when I try to remote capture I get 2 different error messages
1 Can't get list of interfaces: Unsername and password 2. Cant' get list of interfaces: on interfaces found! Libpcap/winpcap is properly installed and you have the right to access to the remote device.
Any assistance on this please.
I'm not positive if this will help with your issue, but you might try specifying an interactive command line for the 'rpcapd' service executable directly. Locate this file on your installation (for 64-bit it will be under Program Files (x86)\WinPCAP) within a CMD prompt window (WIN+R, 'cmd', Enter):
cd \Program Files (x86)\WinPCAP
rpcapd -l 1.2.3.4 -n
You can then try authenticating without credentials (as specified by -n) only from a remote system with the IPv4 address (1.2.3.4) following the -l parameter. In the Wireshark "Capture Interfaces" (Ctrl+K), "Mange Interfaces..." button, "Remote Interfaces" tab, "+"-button, "Remote Interface" dialog box, select "Null authentication". This ought to provide a list of interfaces available on the WinPCAP host and ought to resemble the output of 'dumpcap -D -M' on that remote host. If this procedure doesn't work there is some connectivity problem between the two systems, perhaps due to a firewall or cabling issue.
I was able to build an RPCAP connection without issue on Windows 10 Pro 64-bit, with Wireshark 2.4.4 64-bit and WinPCAP 4.1.3 as the remote system, and Windows 7 Pro 64-bit as the system running Wireshark or Dumpcap (I used the -b and -p options for 'rpcapd' as well). I did not need to run 'rpcapd' with an Administrator-level account, a "Limited User Account" worked fine in my case.
Note that with this configuration I have found that it is necessary to specify a '-m count:1' option for 'dumpcap' to actually capture packets, or the same sampling option in the GUI for Wireshark (found in the dialog box via the button on the lower right of the same "Remote Interfaces" tab noted above). If the RPCAP sampling option is not set it seems that no packets are passed over the network to Wireshark or the command line tools.
Comments
Please add more detail to your question, e.g. host OS, Wireshark version and remote host OS and Wireshark version.
Host OS windows 7 64bit wireshark Ver 2.4.4 and the remote host OS windows 7 32 Bit 64 Bit.
unable to capture traffic remotely from a windows 7 32bit and 64 bit system. local install works fine. remotely can get the WinPcap service to install and start but can't get wireshark to connect remotely and capture the traffic for troubleshooting.