Ethereal-users: Re: [Ethereal-users] How to sniff packets between two local ports using Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 23 Feb 2005 10:10:50 -0800
Scott Lowrey wrote:
Depending on the OS you are using, the kernel is probably smart enough to route these packets directly between the two applications without handing them down to the Ethernet device driver (and out onto the wire). 

However, you might trying capturing on the loopback device.


...if the OS you're using has one, and it supports packet capture.
On Linux, on various BSDs, and on Digital/Tru64 UNIX, it's possible to capture on the loopback device.
It's not possible to capture on the loopback device on Solaris and HP-UX, however, and there may be other OSes that don't support it.
Windows doesn't have a loopback device on which to capture. (There's the "Microsoft Loopback Device", but
1) it's an add-on - it's not what's used by default for traffic between two ports on the same machine; 

	2) it apparently doesn't support packet capture.)

See

	http://www.ethereal.com/media.html
for information on what link-layer types are known to work, are known not to work, or haven't been reported on for various OSes.