Running Wireshark 1.6.1 on Win 7 x64. I have a webserver running on my PC, and would like to capture packets from applications accessing the webserver, from the same PC. Attempting to capture packets on the usual port don't seem to work. Is this even possible? Thanks for any pointers. asked 22 Aug '11, 07:16  cgtyoder |
2 Answers:
I don't think it is, because the packets are not going out to the network and winpcap will not be able to pick them up. For that kind of scenario I usually put application and server on two different PCs to be able to see what is going back and forth - it's a pain to do that, but IMHO the easiest way to see what is really happening. answered 22 Aug '11, 07:41  Jasper ♦♦ |
Unfortunately on Windows intra-PC packets (loopback) don't surface at a level that WinPCap can capture them. See THIS page on the Wireshark Wiki for more info about loopback capturing. answered 22 Aug '11, 07:55  grahamb ♦ |
grahamb, thanks for the pointer. RawCap looks like a great deal, but the traffic I am after is SSL-encrypted, and it would be way too much work to manually decrypt. I ended up re-creating the sending env on another computer, and quickly found the problem I was after. Thanks much for the pointers.
Have a look at Fiddler as well, it's an HTTP(S) proxy that logs all traffic in plain text.