Menu
So... I'm attempting to use RawCap to capture traffic to localhost When I run rawcap, it reports packets in the cmd prompt - but the dump file is always empty.
Any ideas (I've tried running with admin privs)
571
You should terminate RawCap with ctrl+c and not by just closing the window.
for more information here: http://www.netresec.com/?page=Blog&month=2011-10&post=Automatic-Flushing-in-RawCap
73
Set the -f flag to flush the data to the file after each package.
rawcap -f 127.0.0.1 my_loopback.pcap
Then as geniaz1 said, stop capture with ctrl + c
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
