Wireshark · Ethereal-users: Re: [Ethereal-users] Capturing same-machine TCP packets on NT

Ethereal-users: Re: [Ethereal-users] Capturing same-machine TCP packets on NT

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Thu, 8 Mar 2001 14:39:24 -0800 (PST)

> I am trying to use Ethereal 0.8.11 on NT 4.0 (or Windows 2000) to capture
> TCP packets where the client and the server are both on the same machine
> (i.e. the same machine that's running Ethereal). I start my server, start
> Ethereal capture (no filters), run my client, then stop the capture. There
> are lots of packets captured, but none that have both the source and
> destination on this machine.
> 
> Is there any way for Ethereal to capture such packets, or am I out of luck?

You're out of luck:

	http://netgroup-serv.polito.it/winpcap/misc/faq.htm

"Q-11: Does WinPcap support loopback devices? 

A: No. Only physical interfaces are supported."

WinPcap is the library and driver that Ethereal (and WinDump, and
Analyzer, and...) uses on Windows to capture packets; a packet from a
given machine to the same machine would go over a loopback device and,
as the WinPcap driver doesn't (and possibly *can't*) capture packets
getting looped back, Ethereal (and WinDump, and Analyzer, and...) can't
see that traffic.

References:
- [Ethereal-users] Capturing same-machine TCP packets on NT
  - From: Graeme . Perrow

Prev by Date: [Ethereal-users] Capturing same-machine TCP packets on NT
Next by Date: [Ethereal-users] Printing from Ethereal in Win32 port.
Previous by thread: [Ethereal-users] Capturing same-machine TCP packets on NT
Next by thread: [Ethereal-users] Printing from Ethereal in Win32 port.
Index(es):
- Date
- Thread