This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 9 and 11 (spanning 2 versions)
Revision 9 as of 2005-06-25 17:17:56
Size: 2451
Editor: GuyHarris
Comment: Small edits.
Revision 11 as of 2006-01-23 21:10:38
Size: 2726
Editor: UlfLamping
Comment: clarify windows problems
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
If you are trying to capture traffic from a machine to itself, that traffic will not be sent over a network interface, even if it's being sent to an address on one of the machine's network adapters. This means that you will not see it if you are trying to capture on, for example, the interface device for the adapter to which the destination address is assigned. You will only see it if you capture on the "loopback interface", if there is such an interface and it is possible to capture on it; see the next section for information on the platforms on which you can capture on the "loopback interface". If you are trying to capture traffic from a machine to itself, that traffic will not be sent over a real network interface, even if it's being sent to an address on one of the machine's network adapters. This means that you will not see it if you are trying to capture on, for example, the interface device for the adapter to which the destination address is assigned. You will only see it if you capture on the "loopback interface", if there is such an interface and it is possible to capture on it; see the next section for information on the platforms on which you can capture on the "loopback interface".
Line 13: Line 13:
There is a ''Microsoft Loopback Adapter'' available from Microsoft: '''You can't capture on the local loopback address 127.0.0.1!'''

You can add a virtual network card called ''Microsoft Loopback Adapter'', but in most cases that might not give results as expected either.

This adapter is available from Microsoft:
Line 19: Line 23:
... which is quite different than the ones available for various UN*X systems. This adapter is a virtual network adapter you can ''add'', but it will not work on the 127.0.0.1 IP addresses; it will take its own IP address. ... and is quite different than the ones available for various UN*X systems. This adapter is a virtual network adapter you can ''add'', but it will not work on the 127.0.0.1 IP addresses; it will take its own IP address.
Line 21: Line 25:
/!\ Beware: This network adapter has the same limitation that also apply to other network adapters on Windows as well: you won't see any network traffic directed to itself. /!\ Beware: Capturing from this Loopback Adapter requires the WinPcap 3.1 release, 3.1 beta versions won't work!
Line 23: Line 27:
Let's suppose you have set the IP address of the loopback adapter to 10.0.0.10 and are capturing on that interface. If you ping to this 10.0.0.10 address the ping will get ping replies, but you won't see any of this traffic in Ethereal. If you ping on 10.0.0.11, you won't get ping replies as there is obviously no remote host, but you will see the corresponding ARP requests in Ethereal. Let's suppose you have set the IP address of the loopback adapter to 10.0.0.10 and are capturing on that interface. If you ping to this 10.0.0.10 address the ping will get ping replies, but you won't see any of this traffic in Ethereal (much like the 127.0.0.1 problem). If you ping on 10.0.0.11, you won't get ping replies as there is obviously no remote host, but you will see the corresponding ARP requests in Ethereal.
Line 25: Line 29:
Having said all this, the whole thing is of limited use to work with Ethereal. The only benefit I can see so far is if you use it with colinux (and probably other PC virtualization software) to capture the traffic between Windows and the virtual machine. - ''UlfLamping''

Loopback capture setup

The following will explain capturing on loopback interfaces a bit.

If you are trying to capture traffic from a machine to itself, that traffic will not be sent over a real network interface, even if it's being sent to an address on one of the machine's network adapters. This means that you will not see it if you are trying to capture on, for example, the interface device for the adapter to which the destination address is assigned. You will only see it if you capture on the "loopback interface", if there is such an interface and it is possible to capture on it; see the next section for information on the platforms on which you can capture on the "loopback interface".

Supported Platforms

See [http://www.ethereal.com/media.html Ethereal: Supported Capture Media] page for Ethereal capturing support on various platforms. Summary: you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows.

Windows

You can't capture on the local loopback address 127.0.0.1!

You can add a virtual network card called Microsoft Loopback Adapter, but in most cases that might not give results as expected either.

This adapter is available from Microsoft:

... and is quite different than the ones available for various UN*X systems. This adapter is a virtual network adapter you can add, but it will not work on the 127.0.0.1 IP addresses; it will take its own IP address.

/!\ Beware: Capturing from this Loopback Adapter requires the WinPcap 3.1 release, 3.1 beta versions won't work!

Let's suppose you have set the IP address of the loopback adapter to 10.0.0.10 and are capturing on that interface. If you ping to this 10.0.0.10 address the ping will get ping replies, but you won't see any of this traffic in Ethereal (much like the 127.0.0.1 problem). If you ping on 10.0.0.11, you won't get ping replies as there is obviously no remote host, but you will see the corresponding ARP requests in Ethereal.

The only benefit I can see so far is if you use it with colinux (and probably other PC virtualization software) to capture the traffic between Windows and the virtual machine. - UlfLamping

CaptureSetup/Loopback (last edited 2020-01-30 19:15:46 by ChristopherMaynard)