Remote Capture Using Winpcap

Just when you thought network monitoring couldn't get any cooler -- I learned WinPcap (mailing list) version 3.0 support Remote Capture. "This is an highly experimental feature that allows [you to] interact [with] a remote machine and capture packets that are being transmitted on the remote network. This requires a remote daemon (called rpcapd) which performs the capture and sends data back and a local client that sends the appropriate commands and receives the captured data." What is even cooler -- "The [Remote] daemon [rpcapd] can be compiled and it is actually working on Linux as well." This sounds similar to SVtun. I couldn't get remote capture to work with Analyzer (Sourceforge site) by the WinPcap team, even though it natively supports remote capture.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics