Best IT Recipes

Local Host Sniffer (Windows)

I am looking for a sniffer that can work with a loopback address on Windows.

So far, I have found Microsoft Network Monitor a good tool, but for localhost it is useless because localhost packets do not go through the regular network stack on Windows, so they are invisible to a network analyzer such as MS Network Monitor.

How do you debug applications that send data to the loopback mechanism? Any good (open source) sniffers that can work with localhost?

UPDATE: if you have experience with the tool, it would be nice to have a brief description for future links

+55
debugging windows tcp packet-sniffers
Oct. 14 '09 at 13:28
source share
5 answers

I ran into this problem and got nowhere after many studies. Basically, all available sniffers rely on the network driver stack, and Windows does not make localhost calls through it.

As a result, I used the SocketSniffer tool, which looks into Winsock calls and controls TCP, UDP connections. This helped me debug an application problem that occurred only in win 2k3.

His download site is at http://www.nirsoft.net/utils/socket_sniffer.html

Note that this no longer works on Windows 8. Microsoft Message Analyzer is now able to disable closed traffic. The official blog is here: http://blogs.msdn.com/b/winsdk/archive/2014/08/15/rejoice-we-can-now-capture-loopback-traffic.aspx

+58
Jan 14 '10 at 19:11
source share

A new tool is available on Windows that can capture looback / localhost network traffic. It is called RawCap and is available here: http://www.netresec.com/?page=RawCap

Just run RawCap to sniff the loopback interface: RawCap.exe 127.0.0.1 localhost.pcap

You can then open localhost.pcap in Wireshark or any other pcap analyzer to look at the captured traffic.

Btw. Not only is RawCap capable of sniffing circular traffic on Windows, but it can also sniff your WiFi interface, as well as PPP interfaces such as 3G / UMTS connections.

+32
Apr 10 2018-11-11T00:
source share

I believe that you can do http://localhost./ (note the period at the end) to force localhost packets through a regular network stack.

This works in order to get a recognizable http tool with a tool like a violinist - not sure about other protocols.

+5
Oct. 14 '09 at 13:31
source share

I had such a problem when I want to track traffic on a local host after setting up SelfSSL on it. After searching for other useful tools, I found that fidllre is somehow suitable for my problem, you should try this Fiddler for Http and Https

Hope this helps you!

+2
May 17 '12 at 23:43
source share

I would recommend Wireshark, it can connect to any network device and offers several useful utilities for traffic analysis, as well as free software.

-5
Oct 14 '09 at 13:31
source share


More articles:


All Articles