Wireshark Remote Capture Issues

  • retag add tags

Hi guys - I'm attempting to setup remote capturing. I have opened up TCP port 2002 on the Windows 10 firewall - which allows me to add remote interfaces.

However, when I attempt to capture, it times out and states 'is the server configured correctly..'

I can see from netstat -an that the machine is indeed listening on port 2002 - If I disable the Windows Firewall on the target machine everything works. Are there any additional ports that require opening for packet capture to take place?

Windows Firewall log shows

2018-09-18 20:40:56 DROP TCP 192.168.50.100 192.168.50.186 60281 65213 52 S 3176331892 0 8192 - - - RECEIVE

Also - I have noticed that when adding a remote interface, I see multiple entries for the same machine in the Remote Interfaces window - All entries are identical with the same list of interfaces. Wireshark version is 2.6.3 and Winpcap is on the latest release.

Many thanks

yuljk's avatar
1
yuljk
asked 2018-09-18 16:47:03 +0000, updated 2018-09-18 20:13:54 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Any ideas guys/gals?

yuljk's avatar yuljk (2018-09-29 11:06:42 +0000) edit
more
  • delete
add a comment see more comments