Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Connect to rpcapd service on Windows from Linux/OSX using tshark

I have an rpcapd service running on a Windows system. I can connect to the service and start a capture session using tshark from another Windows system, but when I try the same thing from a Linux or OSX system I get:

sudo tshark -p -w output.pcap -i "rpcap://<IP>:2002/\Device\NPF_{3C1CAC08-C702-4D89-96CB-1F2B845ACA1D}"    
shark: The capture session could not be initiated on interface 'rpcap://<IP>:2002/\Device\NPF_{3C1CAC08-C702-4D89-96CB-1F2B845ACA1D}' (No such device exists).
    Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.

The firewall is open and I can even use netcat to establish a connection on port 2002. Is this just not supported functionality or am I doing something wrong?