Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Unless tshark, on the Linux and macOS systems, is built with a version of libpcap that includes rpcap support, you will not be able to connect to the rpcapd service with tshark.

The version of libpcap that ships with macOS and with most if not all Linux distributions does not include rpcap support. You would have to get the current master branch of libpcap, configure it with --enable-remote with autotools or -DENABLE_REMOTE=YES with CMake, build it, install it in /usr/local, and build Wireshark from source, in order to get a version of Wireshark or TShark that can do the remote capture.