Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sniffer for localhost (Windows OS) [closed]

I am looking for a sniffer that can work with the loopback address in Windows.

So far, I found Microsoft Network Monitor which is a nice tool, but for localhost it's useless because on Windows, localhost packets don't pass through the regular network stack, so they're invisible to an ethernet sniffer like MS Network Monitor.

How do you debug applications that send data in the loopback mechanism? Any good (open source) sniffers that can work with localhost?

UPDATE: If you have experience with a tool, it would be nice to have a short description for future reference

like image 277
citn Avatar asked Oct 14 '09 13:10

citn


People also ask

How do I use tcpdump in Windows 10?

To do this, run tcpdump -D. This command will return a list of all interfaces tcpdump detects. Once you know the interface you'd like to monitor (usually eth0), you can then begin monitoring packets on that interface by providing the interface name to the -i argument, for example, tcpdump -i eth0.

Does Windows come with tcpdump?

WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules.

How do I sniff network traffic in Windows?

Run netmon in an elevated status by choosing Run as Administrator. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click New Capture, and then select Start. Reproduce the issue, and you'll see that Network Monitor grabs the packets on the wire.


2 Answers

I was faced with this issue and got nowhere after a lot of research. Basically all available sniffers rely on the network driver stack, and Windows don't expose localhost calls through it.

What I ended up using was a tool called SocketSniffer, that peeks at Winsock's calls and monitor TCP, UDP socket connections. It helped me debug an application problem that only occurred in win 2k3.

Its download site is at http://www.nirsoft.net/utils/socket_sniffer.html

Note that this no longer works in Windows 8. Microsoft Message Analyzer is now capable of sniffing loopback traffic out of the box. Official blog post here: http://blogs.msdn.com/b/winsdk/archive/2014/08/15/rejoice-we-can-now-capture-loopback-traffic.aspx

like image 86
Rafael Nobre Avatar answered Oct 15 '22 05:10

Rafael Nobre


There is a new tool available for Windows that can capture looback / localhost network traffic. It is called RawCap and is available here: http://www.netresec.com/?page=RawCap

Just start RawCap like this to sniff the loopback interface: RawCap.exe 127.0.0.1 localhost.pcap

You can then open localhost.pcap in Wireshark or any other pcap analyzer to look at the capured traffic.

Btw. not only is RawCap able to sniff loopback traffic on Windows, it can also sniff your WiFi interface as well as PPP interfaces such as 3G/UMTS connections.

like image 32
Erik Avatar answered Oct 15 '22 06:10

Erik