Guys, As of my knowledge (I have a Macbook Pro) Wireshark does not support remote packet capture in MacOS. Is there any workaround or a plan to include this feature in newer versions? Thanksl asked 06 Sep '16, 13:54  Victor Tort |
One Answer:
The upcoming Wireshark 2.2 release will support that. answered 07 Sep '16, 06:23  Jaap ♦ |
I just downloaded version 2.2 and it is still not supported.
It does, via SSH remote capture, an extcap feature. It's at the bottom of your capture interfaces list.
If by "remote packet capture" you mean "the remote packet capture mechanism available on Windows", rather than "the ability to capture remotely by some mechanism, not necessarily the one available on Windows", then to support it in Wireshark, either 1) Wireshark needs to be built with a version of libpcap that supports it (the version in OS X doesn't currently support it) or 2) there needs to be an extcap module to support it (there is currently no such module).
At some point in the future the standard libpcap release should support it; hopefully, Apple will pick up that version once it's released.