I am trying to capture remote tcp packets using tshark/pyshark. I can see the packets in wireshark if the firewall in the remote machine is turned off. It doesn't work with the firewall on. I have the tcp ports 2002 and 1448 opened in the remote machine firewall.
I have run the rpcapd service with the command rpcapd -n
If any of you have done remote capturing behind the firewall, your help will be much appreciated
Using netstat i checked the ports listening and found that there is a random port between 30000-39999 listening everytime my pyshark program sniffs.
I was having windows server 2008 which prevented me from opening a range of ports.
So the solution to my problem was to allow the rpcapd.exe program in the firewall.