Windows grab this machine's package with Wireshark

Original: http://bijian1013.iteye.com/blog/2299856

1. Another tool can also be used: rawcap

Of course, it is not that Windows do not want to catch the local loop package, there must be another way, online seems to say that Commview can catch the local loop package.

There is also a green, small (17K) Open source software rawcap can also catch. (: Http://www.netresec.com/?page=RawCap), the captured package is saved as Pcap suffix, open with wireshark, you can continue to analyze .

---------------------------------------------------------------------------------

In the process of communication development, we tend to use this machine both as a client and as a server side to debug code, so that the machine itself and its own communication. However, the Wireshark is not able to crawl the packet at this time, need to pass the simple settings can.

Here's how:

Method One:

1. Run cmd as Administrator

2.route Add native IP mask 255.255.255.255 gateway IP

Such as: Route add 172.16.51.115 Mask 255.255.255.255 172.16.1.1

After the use of the route delete 172.16.51.115 mask 255.255.255.255 172.16.1.1 Delete, otherwise all the native messages go through the network card out to walk a lap back very consumption performance.

At this time, the use of Wireshark to grab the packet can catch the machine itself with its own communication packet, so the configuration is sent to the local packet to the gateway, and at this time Wireshark can capture the network card driver packet implementation grab packet.

However, there is a disadvantage, that is, the URL of the local request can only write local IP address, cannot write localhost or 127.0.0.1, write localhost or 127.0.0.1 or can't catch the packet.

Method Two:

Windows system does not provide the interface of the local loopback network, using Wireshark to monitor the network can only see the traffic through the network card, do not see the traffic to localhost, because Wireshark on the Windows system by default is used by WinPcap to grab the packet, It is now possible to replace Winpcap,npcap with Npcap, which is based on WinPcap 4.1.3 and API compatible WinPcap.

1. Download the installation package

Npcap Project homepage, which is based on the MIT Open Source Agreement, Npcap download

2. Installation

When installing, check the Use dlt_null protocol sa Loopback ... and install Npcap in WinPcap Api-compat mode, as shown below.

If you have installed Wireshark, please uninstall WinPcap before installing.

If you are also prompted WinPcap has been detected and the like, it will C:\Windows\ SysWOW64 under the Wpcap.dll modified to Wpcap.dll.old,packet.dll modified to Packet.dll.old, also refer to: HTTPS://NICOLASK.WORDPRESS.COM/2012/09/23 /solved-winpcap-4-12-install-error/.

Of course, if you have not installed Wireshark installation, install Wireshark do not install WinPcap.

When the installation is complete start Wireshark, you can see in the network interface list, one more Npcap Loopback adapter, this is to catch the local loopback packet network interface, opened after such as:

It can not only catch the URL is localhost, it can also be 127.0.0.1.

Of course, grasping this machine IP is also completely possible.

Article Source: http://www.oschina.net/question/133867_108525?fromerr=GpyhsmXr

Http://www.cnblogs.com/wangweihan/archive/2011/01/13/1934459.html

http://blog.techbeta.me/2015/12/wireshark-Loopback/

Windows grab this machine's package with Wireshark