monitor/capture remote packets?

[firehawk2010]

hi there. I am new to this place and hope someone can help.

I am wanting to know if software exists which you can capture packets on a remote network?

Something like wireshark but the ability to say, specify a target IP Address and it will capture all the outgoing/incoming data on that ip address?

reason I ask is because it would be a very handy tool to analyse a specific computer remotely to diagnose any issues from different client sites.

does such a tool exist?

thanks!

[CoffeeFiend]

That just isn't possible. You have to have physical access to the packets to capture them. You can't capture packets that aren't sent to you.

You can run something like wireshark on the other machine (netsh also works for newer machines), or you can use advanced features (port mirroring and such) in some modern network equipment to make it easier for you.

[firehawk2010]

thanks my friend.

ideally we dont want to install things on the client computer and have it done remotely in any way possible as they may "plug" the machine into the network via a standard router so if there is a problem somewhere in the network or on that machine specifically, we can then try and capture those packets as we would have the IP Address and just analyse it.

is there any other way using software we can do something like this?

[MrJinje]

We are talking about supporting multiple random small businesses ? Correct ??

I don't know how much your clients are spending but if it's enough, maybe you could provide each client a machine that is pre-configured with something like winpcap + snort and have them power-it up. When they need your assistance, they give you a call and then you can remote into that machine and do your business.

It could be a physical machine or a virtual machine (VMware ACE comes to mind), just keep it simple, let them know all they need to do is power it up and dial your number. Maybe tell them it is cheaper than an on-site call and you will not get any complaints.

[firehawk2010]

indeed, very true but its a stupid policy thats in place as they are using 2 contracts, 1 which supports some tech support requests and they validate what can/cannot be installed on the machine, and the other contract (us) support troubleshooting network/machine issues so we do not even get a say on what can or cannot be installed on the machine, which sucks.

but also looking from a different angle, this type of tool would be useful if say we didnt want to install any 3rd party apps on a computer (such as home computer or whatever) and just be able to check the outgoing/iincoming data using such a tool, if it exists

[twelfd]

try backtrack, it's a linux live distro (boots from disk) and has loads network tools already installed, it's at www.remote-exploit.org . it's a bit shady, but i use it for pentesting, but it does have wireshark etc installed, and a lot of modded network drivers preinstalled

[cluberti]

If you've got a network switch that can mirror ports, you could "remotely" monitor traffic to or from another machine by simply monitoring the mirrored port.