Linux SIDE wget http://www.winpcap.org/install/bin/WpcapSrc_4_1_2.zip unzip WpcapSrc_4_1_2.zip cd winpcap/wpcap/libpcap/ chmod +x configure runlex.sh apt install libpcap-dev flex ./configure make cd rpcapd/ make rpcapd [-b <address>] [-p <port>] [-6] [-l <host_list>] [-a <host,port>] [-n] [-v] [-d] [-s <file>] [-f <file>] -b <address>: the address to bind to (either numeric or literal). Default: it binds to all local IPv4 addresses -p <port>: the port to bind to. Default: it binds to port 2002 -4: use only IPv4 (default both IPv4 and IPv6 waiting sockets are used) -l <host_list>: a file that keeps the list of the hosts which are allowed to connect to this server (if more than one, list them one per line). We suggest to use literal names (instead of numeric ones) in order to avoid problems with different address families -n: permit NULL authentication (usually used with '-l') -a <host,port>: run in active mode when connecting to 'host' on port 'port' In case 'port' is omitted, the default port (2003) is used -v: run in active mode only (default: if '-a' is specified, it accepts passive connections as well -d: run in daemon mode (UNIX only) or as a service (Win32 only) Warning (Win32): this switch is provided automatically when the service is started from the control panel -s <file>: save the current configuration to file -f <file>: load the current configuration from file; all the switches specified from the command line are ignored -h: print this help screen Win SIDE: Wireshark -> Remote Interfaces -> + Host: x.x.x.x Port: 2002