As probably most of you know, it's not possible to capture loopback traffic on Windows ... or is it?
The Wireshark Loopback wiki page provides some information and potential work-arounds for this problem, such as installing the "Microsoft Loopback Adapter", but it also indicates that "... in most cases that might not give results as expected either." In my case, it certainly does not give me the desired results. Recently I came across a tool called proxocket, written by Luigi Auriemma. After installing the ws2_32.dll from proxocket into a directory containing 3 binaries that communicate with each other over the loopback interface and starting them all up, it generated 3 separate capture files, one for each process, which I was then able to merge together into a single capture file using mergecap. After filtering out the duplicate packets in the file, which contained the source IP address of 0.0.0.0, I had a pretty good capture file containing loopback traffic on Windows. Some packets were clearly ordered incorrectly, but it was easy enough for me to spot them and tell what was going on. While certainly not as good/easy as capturing loopback traffic on a *NIX platform, so far this has been by far the best way for me to obtain loopback traffic on Windows. Maybe others will find this tool useful as well. - Chris References: [1] http://wiki.wireshark.org/CaptureSetup/Loopback [2] http://en.wikipedia.org/wiki/Layered_Service_Provider#cite_note-0 [3] http://www.netresec.com/?page=Blog&month=2011-01&post=Proxocket---A-Winsock-Proxy-Sniffer [4] http://aluigi.altervista.org/mytoolz.htm#proxocket ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
