Menu
(This is a followup to my previous question about measuring .NET remoting traffic.)
When I am testing our Windows service / service controller GUI combination, it is often most convenient to run both pieces on my development box. With this setup, the remoting traffic between the two is via loopback, not through the Ethernet card.
Are there any software packet sniffers that can capture loopback traffic on a WinXP machine? Wireshark is a great package, but it can only capture external traffic on a Windows machine, not loopback.
842
This is the actual tool that Wireshark uses to capture the traffic. Npcap is a similar tool with a more modern driver mechanism within Windows. Npcap will create a driver for the loopback interface so that you can directly capture the traffic from the loopback interface using Wireshark.
A Loopback adapter is a network interface that can be used to route network traffic from one application to another on the same computer, but does NOT send that traffic to any other device on the network.
On Windows platform, it is also possible to capture localhost traffic using Wireshark. What you need to do is to install the Microsoft loopback adapter, and then sniff on it.
The Wireshark packet sniffing tool is known for both its data capture and its analysis capabilities. You can apply filters to limit the scope of data Wireshark collects, or simply let it collect all traffic passing through your selected network.
What you should do is to run RawCap, which is a sniffer that can capture traffic to/from the loopback interface in Windows. Just start it with "RawCap.exe 127.0.0.1 loopback.pcap".
You can then open up loopback.pcap in Wireshark or NetworkMiner to look at the network traffic.
You can find RawCap here: http://www.netresec.com/?page=RawCap
Good Luck!
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
