I have an rpcapd service running on a Windows system. I can connect to the service and start a capture session using tshark from another Windows system, but when I try the same thing from a Linux or OSX system I get:
sudo tshark -p -w output.pcap -i "rpcap://<IP>:2002/\Device\NPF_{3C1CAC08-C702-4D89-96CB-1F2B845ACA1D}"
shark: The capture session could not be initiated on interface 'rpcap://<IP>:2002/\Device\NPF_{3C1CAC08-C702-4D89-96CB-1F2B845ACA1D}' (No such device exists).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
The firewall is open and I can even use netcat to establish a connection on port 2002. Is this just not supported functionality or am I doing something wrong?
