Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 4 years ago.
(This is a followup to my previous question about measuring .NET remoting traffic.)
When I am testing our Windows service / service controller GUI combination, it is often most convenient to run both pieces on my development box. With this setup, the remoting traffic between the two is via loopback, not through the Ethernet card.
Are there any software packet sniffers that can capture loopback traffic on a WinXP machine? Wireshark is a great package, but it can only capture external traffic on a Windows machine, not loopback.
What you should do is to run RawCap, which is a sniffer that can capture traffic to/from the loopback interface in Windows. Just start it with "RawCap.exe 127.0.0.1 loopback.pcap".
You can then open up loopback.pcap in Wireshark or NetworkMiner to look at the network traffic.
You can find RawCap here:
http://www.netresec.com/?page=RawCap
Good Luck!
I second the Microsoft Network Monitor (though this link works better at the time of writing) suggestion from Thomas Owens. Also, this post suggests that to get the loopback address, try doing:
route add <Your Machine's IP> <Your Router's IP>
This takes locally-generated packets for the local interface and sends them off to your router... which sends them back.
NOTE: To get your machine back to normal operation, make sure you delete the route when you're finished using:
route delete <Your Machine's IP>
There is a page on the Wireshark wiki that addresses the problem. Short answer is, you can't do it on a Windows machine, but there might be some workarounds.
I'm not sure if it can or not, but have you looked at Microsoft Network Monitor? It might be an option.
Did you try to install the MS Loopback Adapter and try sniffing on that adapter with you favorite sniffing application?
Also if I remember correctluy NAI Sniffer link did use to have loopback sniffing capabilities, but it's been a while I used either solution...
If you don't care to pay, try this: CommView
It seems to work, however the Evalution version doesn't display the
complete packets.
You should definitely try Npcap, it works perfectly with Wireshark to capture loopback traffic in Windows, see here:
https://wiki.wireshark.org/CaptureSetup/Loopback
