I'm using Visual Basic 2010 for client/server authentication. I want the information that is transferred during that time between client and server. Is it possible that Wireshark is able to display it? This question is marked "community wiki". asked 27 Jan '14, 19:54  vikramd edited 29 Jan '14, 08:21  cmaynard ♦♦ |
3 Answers:
While the Loopback wiki page does mention RawCap, it perhaps should expand on its use. For example, if you want to view live traffic in Wireshark, you can still do it by running RawCap from one command-line and running Wireshark from another. Assuming you have cygwin's cmd1: cmd2: answered 29 Jan '14, 08:12 cmaynard ♦♦ |
Assuming that your client and server are on the same machine and your OS is Windows (as you're using VB), then Wireshark, or more precisely WinPCap, can't easily capture such traffic. See the Wiki page on Loopback capturing for more info. answered 28 Jan '14, 01:24  grahamb ♦ |
I realize that this is an old question and this site is no longer the active Wireshark Q&A site, but for the benefit of anyone who happens to find this question looking for a solution to loopback capturing on the Windows platform, another solution is to use Npcap instead of WinPcap, which newer versions of Wireshark now ship with by default. Npcap provides an "Adapter for loopback traffic capture" that Wireshark can directly capture from, just like any other local interface. Npcap is also mentioned on the Loopback wiki page. answered 30 Jan '20, 11:31 cmaynard ♦♦ |
Couldn't a pipe be used?
Ideally, but in practice, it doesn't work ... at least not in my testing. Perhaps the Netresec folks would be willing to modify RawCap to be able to write to a pipe though.
An update: Netresec just announced today (Jan 30, 2020) a new version of RawCap that now supports writing to a pipe or to
stdout. So as of today, the solution provided above can be simplified as follows, with notailrequired:You can read more about the new RawCap features on the RawCap Redux announcement page.