Saturday, March 19, 2011

Powershell script to enable windows to capture localhost traffic in wireshark

If you want to understand why the following scripts work read this post. Otherwise just paste the following into an elevated powershell window:

Setup windows networking to allow localhost capturing in wireshark:
# Find the network configuration that has the default gateway.
$defaultAdapter = Get-WMIObject Win32_NetworkAdapterConfiguration | ? {$_.DefaultIPGateway}
if (@($defaultAdapter).Length -ne 1) {throw "You don't have 1 default gateway, your network configuration is not supported" } 
# Route local IP address via the default gateway
route add $defaultAdapter.IPAddress[0] $defaultAdapter.DefaultIPGateway
Write-Host "Start capturing on localhost by connecting to $($defaultAdapter.IPAddress[0])" 
Return windows networking to normal configuration:
# Find the network configuration that has the default gateway.
$defaultAdapter = Get-WMIObject Win32_NetworkAdapterConfiguration | ? {$_.DefaultIPGateway}
if (@($defaultAdapter).Length -ne 1) {throw "You don't have 1 default gateway, your network configuration is not supported" } 

# Stop routing localhost traffic to the router.
route delete $defaultAdapter.IPAddress[0] 
Remember, you won’t see traffic to localhost (127.0.0.1) but traffic to your network adapter’s IP address as listed in the script.

3 comments:

venugopal said...

Thanks for the sharing of such information. we will pass it on to our readers. This is a great reading. Thanking you.

Windows Network Setup

Todaydownload.com said...

Resources like the one you mentioned here will be very useful to me ! I will post a
link to this page on my blog. I am sure my visitors will find that very useful
Get Wireshark

mthomas said...

Thank you. This was pretty useful for my windows 7.