Wireshark Remote Capturing
This short tutorial is without screenshots but a slightly more
advanced usecase of Wireshark, namely doing the capture on one box and
visualize the captured data in realtime on another box.
on 03/09/2010 – Made popular on 03/09/2010
I have used Microsoft Network Monitor 3.4 in Windows 7 to create a capture file from my wireless g network by setting monitor mode.
When loaded into Wireshark I can see the four way handshake and I can enter the password into keys toolbar but all the packets that look like data are "Qos Data" and I can see no obvious text(see below).
I can decrypt the Wireshark test encrypted session.
Am using a Virtual Windows 8 client and a virtual Linux machine as server. I mapped a share on client and then started wireshark, done something on share like creating a file and writing into it. Then I stopped wireshark and set the filter as "smb2" to analyse smb2 packets but strangely there were no smb2 packets captured. I checked using powershell command whether smb2 is enabled or not.
I need to to capture RTMP traffic between two virtual machines (server and client) or atleast have the server and client on the same machine and capture the traffic. I am able to capture the traffic if I run wireshark on the host rather than on the VMs. But I need to capture it on the VM to be able to manipulate it.