Re: How to capture http localhost traffic?

[Guy Harris <guy () alum mit edu>]

On May 9, 2012, at 1:14 AM, Erik Hjelmvik wrote:

> The best solution is to run RawCap. It's a great command line tool
> that can capture localhost traffic on Windows machines.
> You don't even need WinPcap to do it, since it uses raw sockets.
>
> http://www.netresec.com/?page=RawCap

...which means it has both advantages:

> Properties of RawCap:
>
>       • Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)

                ...

>       • No external libraries or DLL's needed other than .NET Framework 2.0
>       • No installation required, just download RawCap.exe and sniff
>       • Can sniff most interface types, including WiFi and PPP interfaces

and *dis*advantages:

> Raw sockets limitations (OS dependent)
>
> Due to current limitations in the raw sockets implementations for Windows Vista and Windows 7 we suggest running 
> RawCap on Windows XP. The main problem with raw socket sniffing in Vista and Win7 is that you might not receive 
> either incoming packets (Win7) or outgoing packets (Vista).

So there's a tradeoff between using raw sockets and using NDIS (as both WinPcap and the NetMon driver do).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe