Hello all, I want to capture sntp packets from system(windows 8) running as both server and client(using a tool). my question is how can i capture ntp packets from this tool using wireshark in other system(windows xp) while server client tool(both as server and client) is synchronizing time in unicast mode. thankfully monisha asked 15 Jun '13, 00:09  sana edited 15 Jun '13, 16:33  Guy Harris ♦♦ |
2 Answers:
see the answer to a similar question:
Regards answered 15 Jun '13, 06:26  Kurt Knochner ♦ |
If the same computer is being used as both a client and a server, and that computer is using itself as a server, so that all the messages are sent from the computer to itself, you cannot capture them by using some other system; those packets are NOT transmitted on ANY network, much less a network that some other computer can sniff on. On Windows, about all you can do in that case is run RawCap and have it write out to a file, and then read the file in Wireshark (or TShark or tcpdump/WinDump or...). answered 17 Jun '13, 17:23 Guy Harris ♦♦ |
hi ,
Gone through the link. Can I use same system as client and server to capture those packets in other system? if so what are all the settings required in wireshark or how can i do that?
thanks for ur time sana
??? same system or other system?
ya like single system(system 1)works as both server and client and one more system(system 2) to capture packets(from system 1) using wireshark
Can't work and won't work. System 1 is communicating with system 1 (i.e., with itself) over an internal connection within the operating system software, NOT over an Ethernet or Wi-Fi network or anything else to which system 2 has any access whatsoever, and, unfortunately, unlike many UN*Xes, that internal network can't be sniffed using the same mechanism that is used to sniff external networks, so Wireshark can't see the traffic even on system 1 itself.
See my answer.