I have not done it in a long while, but it always worked for me using
windump (at that time ethereal did not have support for rpcap! - are
you saying it does have now?!?
In any case, you should start by setting up the DAEMON side on the
remote station (the one you want to trigger the capture from), as
described here:
http://winpcap.polito.it/docs/docs31beta4/html/index.html
Then try in the ethereal instance on the MONITORING station (the one
you want to record the trace ON), to call as interface
rpcap://remote_station/...
The best way to test this, though, is to start with winpcap, from the
same place:
http://windump.polito.it/
by passing it as a parameter the lines you just had before (i.e.
windump -i rpcap://...)
HTH,
Stef
On Tue, 9 Nov 2004 12:09:03 -0500, Silverstein, Jeffrey
<jeffrey.silverstein@xxxxxxxxxxx> wrote:
>
>
> Hi I wrote before about this. I'm trying to monitor a remote interface from
> my workstation. I was using a crossover cable to test this first. The
> remote interface didn't appear in the drop down list, so it was suggested
> that I use the rpcap utility but I can't get it to work right. Thanks for
> any help you can give. Here's what's happening:
>
> I tried to use rpcap to capture the packets to and from the remote nic, but
> I must be doing something wrong. I was using the syntax
>
> rpcap://10.11.12.13/adaptername.
> What I typed specifically was
> rpcapd://172.16.52.212/3Com EtherLink PCI:
> \Device\NPF_{C5533B45-4272-4036-8610-369AD6E69036}.
> When I did this I got
> Press CTRL + C to stop the server...
> I also tried
> rpcapd://172.16.52.212/3Com EtherLink PCI.
>
> I got the same result. Nothing appears to be happening. I tried writing
> the output to a file and it didn't write the file.
>
> Since these adapter names appeared in the Ethereal Capture Options Interface
> drop down list I assumed that one of these was the name of the adapter; is
> this correct or is the adapter name obtained in some other way?
>
> What else might I be doing wrong?
>
> Thanks for your help.
> Jeff
