Michael McNamara

technology, networking, virtualization and IP telephony

Remote Packet Capture with WireShark and WinPCAP

by

I’m just continually impressed with the quality of so many open source products available today. One such product that should be extremely high on any network engineer’s list is WireShark. WireShark has become the de-facto standard for packet capture software and is almost unrivaled in features and functionality.

Last week I had the task of diagnosing some very intermittent desktop/application performance issues at a remote site. I had installed WireShark locally on a few desktops but I wanted the ability to remotely monitor a few specific desktops without obstructing the users workflow to get a baseline for later comparison. I was excited to learn that WireShark and WinPCAP had (experimental) remote packet capture functionality built into each product. I followed the instructions on the WireShark website by installing WinPCAP v4.1.2 on the remote machine and then starting the “Remote Packet Capture Protocol v.0 (experimental)” service. With that done I then proceeded to launch WireShark on my local desktop and configure the remote packet capture settings. From within WireShark I chose Options -> Capture, changed the Interface from Local to Remote. Then enter the IP address of the remote machine along with the TCP port (the default TCP port is 2002). I initially tried to use “Null authentication” but was unsuccessful. I eventually ended up choosing “Password authentication” and used the local Administrator account and password of the remote desktop that had WinPCAP installed on it. If the remote desktop had multiple interfaces I could have selected which interface I wanted to perform the remote packet capture on. In this case the desktop in question only had an integrated Intel(R) 82567LM-3 network adapter. I clicked ‘Start’ and to my sheer amazement the packet trace was off and running collecting packets from the remote desktop. There will still be the occasional need to place the Dolch (portable sniffer) onsite when the situation demands it  but this is a great tool to have available.

Cheers!

Updated: Sunday September 5, 2010
The images appear to be missing above because the URL paths are wrong, not sure how WordPress messed up that. I don’t have time right now to fix it but I will fix it a little later.

Nortel on Nortel

by

Nortel recently created a website, Nortel on Nortel, to host some of the best practices and experiences that Nortel’s own Information Technology department uses in day to day IT business. While the best practices and case study documents are nice additions it’s the tools section that has me excited.

The IT Tools site has a number of very useful tools that include;

– Nortel Configuration Converter
– CLI*manager
– MultiCast Hammer (MC Hammer)
– Nortel Icons Library
– Latency Manager

The Nortel Configuration Converter promises to convert any Cisco CatOS configuration file to a number of different Nortel product configurations. When I managed six Nortel Passport 6480 Switches I used CLI*manager extensively to help automated the provisioning and configuration and was extremely greatful to Brett Sinclair for his efforts. Multicast Hammer is a great tool that can be used to help map out any multicast configuration issues (although I still like using VLC). I’ve always struggled to find icon sets for both logical and physical diagrams so it’s nice to see Nortel finally stepping up to the plate with some decent icons. I have never seen the last tool, Latency Manager, but I’ll be interested to see if it’s really useful, I have considered deploying SmokePing by Tobi Oetiker in the past so I’ll definitely need to give this tool a try.

You can download each of the tools from the link provided above, the website only asks for your first name, last name and email address when you download the tool(s).

Cheers!

Recent Posts

Categories

SUBSCRIBE BY EMAIL