Posts

Showing posts from December, 2009

Using wireshark to trace localhost traffic on windows.

(If you don’t care why this works and just need a recipe, switch to this post ) Capturing network packets on localhost doesn't work on windows. The reason is windows doesn't send loopback traffic far enough down the networking stack for wireshark to see it. To make sniffing work on localhost you can route your ip traffic to your default gateway. I'll walk you through this, and along the way you'll see: netcat - telnet on steroids (nc.exe) tshark - command line network sniffer from the wireshark package. powershell jobs - background jobs from the shell! Step 1 - launch the server as a background job (Woohoo powershell) PS C:\Users\igord> $server = start-job { \bin_drop\nc -L -p 8082 } Step 2 - Make client connection: PS C:\Users\igord> \bin_drop\nc.exe 127.0.0.1 8082 Hello You can see me Step 3: See if we can see anything in tshark on port 8082. C:\Program Files (x86)\Wireshark>tshark -i 4 -R "tcp.port == 8082" Capturing on M...