converted to 1.6 markup
|Deletions are marked like this.||Additions are marked like this.|
|Line 7:||Line 7:|
|See [http://www.wireshark.org/media.html Wireshark: Supported Capture Media] page for Wireshark capturing support on various platforms. Summary: you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you ''might'' be able to do it on Irix and AIX, but you definitely '''cannot''' do so on Solaris, HP-UX, or Windows.||See [[http://www.wireshark.org/media.html|Wireshark: Supported Capture Media]] page for Wireshark capturing support on various platforms. Summary: you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you ''might'' be able to do it on Irix and AIX, but you definitely '''cannot''' do so on Solaris, HP-UX, or Windows.|
|Line 10:||Line 10:|
|=== IP 127.0.0.1 ===|
|Line 11:||Line 12:|
|=== IP other ===|
|Line 16:||Line 17:|
| * [http://support.microsoft.com/kb/842561 Microsoft: How to install the Microsoft Loopback Adapter in Microsoft Windows Server 2003]
* [http://support.microsoft.com/kb/839013 Microsoft: How to install the Microsoft Loopback adapter in Windows XP]
* [http://support.microsoft.com/kb/236869 Microsoft: How To Install Microsoft Loopback Adapter in Windows 2000]
| * [[http://support.microsoft.com/kb/842561|Microsoft: How to install the Microsoft Loopback Adapter in Microsoft Windows Server 2003]]
* [[http://support.microsoft.com/kb/839013|Microsoft: How to install the Microsoft Loopback adapter in Windows XP]]
* [[http://support.microsoft.com/kb/236869|Microsoft: How To Install Microsoft Loopback Adapter in Windows 2000]]
|Line 55:||Line 56:|
|This is translated from French, based on the method described [http://ici.lemmy.free.fr/blog/index.php?2005/05/19/16-capturer-localhost-sous-windows-avec-ethereal here].||This is translated from French, based on the method described [[http://ici.lemmy.free.fr/blog/index.php?2005/05/19/16-capturer-localhost-sous-windows-avec-ethereal|here]].|
|Line 58:||Line 59:|
| * [:CaptureSetup/Ethernet:Capturing on Ethernet Networks]
* [:CaptureSetup/WLAN:Capturing on 802.11 Wireless Networks]
* [:CaptureSetup/TokenRing:Capturing on Token Ring Networks]
* [:CaptureSetup/VLAN:Capturing on VLAN Protected Networks]
* [:CaptureSetup/PPP:Capturing on PPP Networks]
* [:CaptureSetup/FrameRelay:Capturing on Frame Relay Networks]
* [:CaptureSetup/DOCSIS:Capturing DOCSIS Traffic]
* [:CaptureSetup/Bluetooth:Capturing Bluetooth Traffic]
* [:CaptureSetup/ATM:Capturing on ATM Networks]
* [:CaptureSetup/USB:Capturing USB Traffic]
* [:CaptureSetup/IrDA:Capturing IrDA Traffic]
* [:CaptureSetup/CiscoHDLC:Capturing on Cisco HDLC Networks]
* [:CaptureSetup/SS7:Capturing SS7 Traffic]
| * [[CaptureSetup/Ethernet|Capturing on Ethernet Networks]]
* [[CaptureSetup/WLAN|Capturing on 802.11 Wireless Networks]]
* [[CaptureSetup/TokenRing|Capturing on Token Ring Networks]]
* [[CaptureSetup/VLAN|Capturing on VLAN Protected Networks]]
* [[CaptureSetup/PPP|Capturing on PPP Networks]]
* [[CaptureSetup/FrameRelay|Capturing on Frame Relay Networks]]
* [[CaptureSetup/DOCSIS|Capturing DOCSIS Traffic]]
* [[CaptureSetup/Bluetooth|Capturing Bluetooth Traffic]]
* [[CaptureSetup/ATM|Capturing on ATM Networks]]
* [[CaptureSetup/USB|Capturing USB Traffic]]
* [[CaptureSetup/IrDA|Capturing IrDA Traffic]]
* [[CaptureSetup/CiscoHDLC|Capturing on Cisco HDLC Networks]]
* [[CaptureSetup/SS7|Capturing SS7 Traffic]]
Loopback capture setup
The following will explain capturing on loopback interfaces a bit.
If you are trying to capture traffic from a machine to itself, that traffic will not be sent over a real network interface, even if it's being sent to an address on one of the machine's network adapters. This means that you will not see it if you are trying to capture on, for example, the interface device for the adapter to which the destination address is assigned. You will only see it if you capture on the "loopback interface", if there is such an interface and it is possible to capture on it; see the next section for information on the platforms on which you can capture on the "loopback interface".
See Wireshark: Supported Capture Media page for Wireshark capturing support on various platforms. Summary: you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows.
You can't capture on the local loopback address 127.0.0.1!
You can add a virtual network card called Microsoft Loopback Adapter, but in most cases that might not give results as expected either.
This adapter is available from Microsoft:
... and is quite different than the ones available for various UN*X systems. This adapter is a virtual network adapter you can add, but it will not work on the 127.0.0.1 IP addresses; it will take its own IP address. BTW: You can only add one Loopback Adapter to the system!
Beware: Capturing from this Loopback Adapter requires the WinPcap 3.1 release, 3.1 beta versions won't work!
Let's suppose you have set the IP address of the loopback adapter to 10.0.0.10 and are capturing on that interface. If you ping to this 10.0.0.10 address the ping will get ping replies, but you won't see any of this traffic in Wireshark (much like the 127.0.0.1 problem). If you ping on 10.0.0.11, you won't get ping replies as there is obviously no remote host, but you will see the corresponding ARP requests in Wireshark.
The only benefit I can see so far is if you use it with colinux (and probably other PC virtualization software) to capture the traffic between Windows and the virtual machine. - UlfLamping
Recipe (to capture traffic on ms loopback adapter / Windows XP): --- by mitra
1. go to MS Loopback adapter properties, set IP 10.0.0.10, MASK 255.255.255.0 adapter/additional/network address: 55-55-55-55-55-55 2. arp -s 10.0.0.10 55-55-55-55-55-55 3. route add 10.0.0.10 10.0.0.10 mask 255.255.255.255 4. to test: "telnet 10.0.0.10"
I am now using the loopback adapter to capture traffic that I source into a Dyanmips/Dynagen virtual router network. This is a potentially very useful tool/feature that I will be testing further in the weeks to come. As it stands, I can connect my loopback adapter to a virtual router interface and capture ping, arp, etc. In the near future, I hope to tie a server w/ a loopback adapter to a virtual router and then capture a full client/server type of exchange across a Dynamips/Dynagen emulated network. -- Scott Vermillion
A commercial network sniffer called CommView (from TamoSoft) allows to capture packets on the localhost network adapter but it dissects less protocols, so you can capture packets with CommView and save them into a file and open it with WireShark.
An other alternative is to add a route to your local machine going through the network gateway:
route add <your_IP> mask 255.255.255.255 <the_gateway> metric 1
with <your_IP> being different from 127.0.0.1. It should (has to) be the result of ipconfig command (ip address field) <the_gateway> has to be the default gateway field taken from ipconfig /all result.
Doing so, every network traffic from your machine to itself will use the physical network interface, it will then go to the gateway, back to you. Therefor, you will see each packet twice, but it can be filtered on the view.
Be careful, since your machine will use the actual network to talk to itself, it may overload the network. It may be wise to remove the new route once you are done with the tests:
route delete <your_IP>
This is translated from French, based on the method described here.