This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture intra-PC packets

0

Running Wireshark 1.6.1 on Win 7 x64.

I have a webserver running on my PC, and would like to capture packets from applications accessing the webserver, from the same PC. Attempting to capture packets on the usual port don't seem to work. Is this even possible? Thanks for any pointers.

asked 22 Aug '11, 07:16

cgtyoder's gravatar image

cgtyoder
11224
accept rate: 0%


2 Answers:

0

I don't think it is, because the packets are not going out to the network and winpcap will not be able to pick them up. For that kind of scenario I usually put application and server on two different PCs to be able to see what is going back and forth - it's a pain to do that, but IMHO the easiest way to see what is really happening.

answered 22 Aug '11, 07:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

2

Unfortunately on Windows intra-PC packets (loopback) don't surface at a level that WinPCap can capture them.

See THIS page on the Wireshark Wiki for more info about loopback capturing.

answered 22 Aug '11, 07:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

grahamb, thanks for the pointer. RawCap looks like a great deal, but the traffic I am after is SSL-encrypted, and it would be way too much work to manually decrypt. I ended up re-creating the sending env on another computer, and quickly found the problem I was after. Thanks much for the pointers.

(22 Aug '11, 11:53) cgtyoder

Have a look at Fiddler as well, it's an HTTP(S) proxy that logs all traffic in plain text.

(22 Aug '11, 13:39) grahamb ♦