I’m rather fresh with socket programming, and right now I needed some guidance as to where I should start tackling this problem.
To put it short, are there any scenarios where WireShark can fail to capture packets from and to a local machine?
We have a pair of Simple TCP Server/Client written with Qt5, using QTcpSocket and QTcpServer. These Qt server and client, both running locally on my own PC, can send strings of text to each other.
The strange thing is, WireShark can’t seem to capture any packets exchanged between the Qt server and client. I’m pretty sure the packets are there if the server and client managed to receive data from each other, and I can use RawCap to sniff those packets as well.
I’ve tried writing another server using a WinSock2 socket instead of the QTcpSocket , and still, WireShark can’t detect any packets when the server and client have successfully exchanged data with each other.
I’ve seen many people using WireShark with their network apps on the Qt forum, so the possibility of WireShark not being compatible with Qt seems quite slim. I also made sure that I’m running with an Administrator account, and the server and client are allowed through my firewall as well. My Ethernet adapter is that of Realtek PCI GBE Family Controller, and the driver is up to date.
I did read from the FAQ of WireShark, though, that WinPcap might not capture packets with erroneous CRC. Still, by my understanding (correct me if I’m wrong), the CRC is something handled by the Ethernet adapter hardware, and since I can capture mostly all other packets through this same Ethernet Interface with WireShark, that also seems unlikely.
Is there anything else I can try to have WireShark capture the activities between my server and client?
asked 09 May '14, 06:35
edited 12 May '14, 09:03
That's the problem, if you are running the software on the same Windows system.
Reason: WinPcap cannot capture localhost traffic, which is traffic that does not 'physically' leave the system.
For that case you can use RawCap to capture the traffic and then user Wireshark to analyze it.
If you did your test on Linux, Unix, *BSD, please capture on the loopback interface (lo, lo0, etc.).
answered 09 May '14, 10:59
Kurt Knochner ♦