Wireshark mailing list archives
Re: How to capture http localhost traffic?
From: Erik Hjelmvik <erik.hjelmvik () gmail com>
Date: Wed, 9 May 2012 20:25:18 +0200
2012/5/9 Guy Harris <guy () alum mit edu>:
On May 9, 2012, at 1:14 AM, Erik Hjelmvik wrote:The best solution is to run RawCap. It's a great command line tool that can capture localhost traffic on Windows machines. You don't even need WinPcap to do it, since it uses raw sockets. http://www.netresec.com/?page=RawCap...which means it has both advantages:Properties of RawCap: • Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)...• No external libraries or DLL's needed other than .NET Framework 2.0 • No installation required, just download RawCap.exe and sniff • Can sniff most interface types, including WiFi and PPP interfacesand *dis*advantages:Raw sockets limitations (OS dependent) Due to current limitations in the raw sockets implementations for Windows Vista and Windows 7 we suggest running RawCap on Windows XP. The main problem with raw socket sniffing in Vista and Win7 is that you might not receive either incoming packets (Win7) or outgoing packets (Vista).So there's a tradeoff between using raw sockets and using NDIS (as both WinPcap and the NetMon driver do).
Yes, while building RawCap I noticed that Microsoft have truely screwed up the ability to sniff traffic by making vital changes between various service packs (and OS releases) to what is allowed to do with raw sockets. I tried to sort this out with Microsoft without success here: http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/65ce9bee-897b-4c19-a4c6-4d3da103be44 However, most problems with raw sockets sniffing on Windows are associated with sniffing traffic on external interfaces. David wanted to sniff localhost traffic, which should work just fine with RawCap. /erik -- blog: http://www.netresec.com/?page=Blog twitter: http://twitter.com/netresec ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to capture http localhost traffic? David Hoffer (May 01)
- Re: How to capture http localhost traffic? Jeff Morriss (May 01)
- Re: How to capture http localhost traffic? Erik Hjelmvik (May 08)
- Re: How to capture http localhost traffic? Guy Harris (May 09)
- Re: How to capture http localhost traffic? Erik Hjelmvik (May 09)
- Re: How to capture http localhost traffic? Erik Hjelmvik (May 08)
- Re: How to capture http localhost traffic? Jeff Morriss (May 01)