User Guide
Capturing Live Network Data
55
4.5.6. Buttons
Once you have set the values you desire and have selected the options you need, simply click on Start to
commence the capture, or Cancel to cancel the capture.
If you start a capture, Wireshark allows you to stop capturing when you have enough packets captured,
for details see Section 4.11, “While a Capture is running ...”.
4.6. The "Remote Capture Interfaces" dialog
box
Besides doing capture on local interfaces Wireshark is capable of reaching out across the network to a so
called capture daemon or service processes to receive captured data from.
Microsoft Windows only
This dialog and capability is only available on Microsoft Windows. On Linux/Unix you can
achieve the same effect (securely) through an SSH tunnel.
The Remote Packet Capture Protocol service must first be running on the target platform before Wireshark
can connect to it. The easiest way is to install WinPcap from http://www.winpcap.org/install/default.htm
on the target. Once installation is completed go to the Services control panel, find the Remote Packet
Capture Protocol service and start it.
Note
Make sure you have outside access to port 2002 on the target platform. This is the port where
the Remote Packet Capture Protocol service can be reached, by default.
To access the Remote Capture Interfaces dialog use the Interfaces dropdown list on the "Capture Options"
dialog, see Figure 4.3, “The "Capture Options" dialog box”, and select "Remote...".