Menu
I am attempting to use RawCap to sniff Windows localhost. However, contrary to its billed ability to do so, it is not working. I am starting it as follows:
rawcap 127.0.0.1 echo.pcap
I then run a little echo TCP client / server test app I wrote. I use the client to send some data over 127.0.0.1, and it indeed gets printed on the server and sent back to the client, where it is also printed. Howver, the packet capture file is empty.
I am running under Windows XP, SP3.
Is anybody aware of any other steps I need to take to get this to work?
Additional information added on 7/20/2011: I contacted the company that produces RawCap, and they suggested making sure that I have administrator privilege, that I try sniffing ping 127.0.0.1, and that I try enabling telnet and sniffing telnet 127.0.0.1. I do indeed have administrator privilege, RawCap sees ping packets, but it did not see telnet packets. I also tried sniffing 127.0.0.1 on another machine, and I failed there also.
Best, Dave
560
Wireshark cannot sniff traffic within the same machine (localhost) on Windows. If you need to sniff local traffic on Windows, try Fiddler.
RawCap is a free command line network sniffer for Windows that uses raw sockets. Quick RawCap facts: Can sniff any interface that has got an IPv4 address, including 127.0. 0.1 (localhost/loopback)
I've been in contact with the author of RawCap, and he indicated that I found a bug where Windows XP SP 3 can't sniff TCP on localhost. He does not seem hopeful that he can fix it. If any more useful information comes along, I will, in an attempt to help the community, comment on this answer.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
