Re: my traffic not captured

[Guy Harris <guy () alum mit edu>]

On Mar 19, 2014, at 7:52 AM, Anne Blankert <anne.blankert () geodan nl> wrote:

> If client and server on the same host and you are using 'localhost', you should capture the loopback interface.

If you're running Wireshark on Windows (which he's probably doing, given the "winsock2.h" in his comment), you might 
not *have* a loopback interface, or it might not do what somebody used to UN*Xes thinks it does:

        http://wiki.wireshark.org/CaptureSetup/Loopback

However, I infer from

        Also, it doesn't seem to make a difference whether I'm running Wireshark on the client or the server side of 
the connection.

that the client and server are separate machines.

> If  wireshark is on a seperate machine attached to the network between client and server,

As per the above quote message, he's trying running on the server and running on the client, so he doesn't appear to be 
doing a "third-party" passive capture.  If you are, however, then, if the traffic is going over a switched Ethernet, 
then:

> you may not see the traffic, because, by default, network switches will only send out packets on the client and 
> server connections. You need to configure traffic mirroring from the client and server connections to the wireshark 
> connection (only possible on managed switches).

see

        http://wiki.wireshark.org/CaptureSetup/Ethernet

for information on that and, if it's going over a Wi-Fi network, see

        http://wiki.wireshark.org/CaptureSetup/WLAN

(and note that it's not very encouraging about trying to do third-party Wi-Fi captures on Windows).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe