This is our old Q&A Site. Please post any new questions and answers at

I'm using Visual Basic 2010 for client/server authentication. I want the information that is transferred during that time between client and server. Is it possible that Wireshark is able to display it?

This question is marked "community wiki".

asked 27 Jan '14, 19:54

vikramd's gravatar image

accept rate: 0%

edited 29 Jan '14, 08:21

cmaynard's gravatar image

cmaynard ♦♦

While the Loopback wiki page does mention RawCap, it perhaps should expand on its use. For example, if you want to view live traffic in Wireshark, you can still do it by running RawCap from one command-line and running Wireshark from another. Assuming you have cygwin's tail available, this could be accomplished using something like so:

cmd1: RawCap.exe -f dumpfile.pcap

cmd2: tail -c +0 -f dumpfile.pcap | Wireshark.exe -k -i -

permanent link

answered 29 Jan '14, 08:12

cmaynard's gravatar image

cmaynard ♦♦
accept rate: 20%

Couldn't a pipe be used?

(29 Jan '14, 08:29) grahamb ♦

Ideally, but in practice, it doesn't work ... at least not in my testing. Perhaps the Netresec folks would be willing to modify RawCap to be able to write to a pipe though.

(29 Jan '14, 08:41) cmaynard ♦♦

An update: Netresec just announced today (Jan 30, 2020) a new version of RawCap that now supports writing to a pipe or to stdout. So as of today, the solution provided above can be simplified as follows, with no tail required:

RawCap.exe -q - | Wireshark.exe -i - -k

You can read more about the new RawCap features on the RawCap Redux announcement page.

(30 Jan '20, 11:22) cmaynard ♦♦

Assuming that your client and server are on the same machine and your OS is Windows (as you're using VB), then Wireshark, or more precisely WinPCap, can't easily capture such traffic.

See the Wiki page on Loopback capturing for more info.

permanent link

answered 28 Jan '14, 01:24

grahamb's gravatar image

grahamb ♦
accept rate: 22%

I realize that this is an old question and this site is no longer the active Wireshark Q&A site, but for the benefit of anyone who happens to find this question looking for a solution to loopback capturing on the Windows platform, another solution is to use Npcap instead of WinPcap, which newer versions of Wireshark now ship with by default. Npcap provides an "Adapter for loopback traffic capture" that Wireshark can directly capture from, just like any other local interface. Npcap is also mentioned on the Loopback wiki page.

permanent link

answered 30 Jan '20, 11:31

cmaynard's gravatar image

cmaynard ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Jan '14, 19:54

question was seen: 154,683 times

last updated: 30 Jan '20, 11:31

p​o​w​e​r​e​d by O​S​Q​A