On Fri, May 02, 2003 at 05:55:16AM -0700, Santos, Fabricio wrote:
> Running the risk of repeating myself... :-) Are you using the loop back
> interface (IP 127.0.0.1)? If so it will not work.
It probably won't even work if he's not using 127.0.0.1 - if his
machine's IP address is 216.158.130.75, and he's sending packets from
216.158.130.75 to 216.158.130.75, the traffic will probably go through
the loopback data path and not be captureable.
> The fault is not Ethereal, and it is not WinPcap either:
>
> http://winpcap.polito.it/misc/faq.htm#Q-13
Even worse, there *is* no loopback interface of that sort in Windows:
on some UNIX systems (e.g., the BSDs, Linux, Digital UNIX, and
possibly AIX) traffic from a host to itself gets sent through a
loopback device that supports packet capture, so you can see it
(but not if you capture on any of the machine's regular real
network interfaces - you have to capture on the loopback
interface);
on some other UNIX systems (e.g., Solaris) that traffic probably
gets sent through a loopback device (given that Solaris does
have such a device), but that device doesn't support packet
capture;
but on Windows the packet appears to get looped back through a code path
that doesn't involve a loopback network interface (perhaps the IP
routing code path does it), so there isn't even a device on which to
capture it.
There is a "Microsoft Loopback Adapter" driver of some sort available
for some flavors of Windows, but I think it's not used by regular packet
loopback, and I don't think it's supported by WinPcap in any case.