Easy remote wireshark sniffing / capture linux to windows (rpcapd)

Remote linux sniffer :

At Linux:

  • Download rpcapd.gz for linux, statically compiled for linux/i386 ( mirror: rpcapd )
  • Gunzip and run as root:
     ./rpcapd -n

At Windows:

  • Go to „Capture Options” and specify remote host:
rpcap://remote-host.pl/remoteif-eth0
Source:
http://www.pawelko.net/linux/17-Rpcapd-For-Linux