This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture real-time packets directly from an application

0

Looking for best way to convey my application's IPv6 packets in real-time to Wireshark. My application does not Tx/Rx packets on a conventional network or network interface that Wireshark can easily sniff. It would for example, be great to output my packets to a UDP socket that I can tell Wireshark to listen on. I feel that so many developers must have had this need, that Wireshark includes built-in support for this in some way.

asked 28 Jul '17, 17:19

mikegrobler's gravatar image

mikegrobler
6112
accept rate: 0%


One Answer:

0

You have two basic options:

  • on *n*x systems, you can send the UDP packets to the lo inteface and capture there (and if you choose a nice source and destination port and set a corresponding capture filter, you even won't be bothered by other traffic which exists on lo). On Windows, you need to install npcap to be able to capture at lo interface.
  • or you can encapsulate the packets in your application as pcap and feed Wireshark through an input pipe. Just remember you have to send the pcap header once, before the very first packet.

answered 28 Jul '17, 22:38

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 28 Jul '17, 22:39