http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1721
Summary: FAQ addition: capturing local traffic on Windows
Product: Wireshark
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Documentation
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: greg.fenton@xxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The following post from the WinPcap user list gives details on how to configure
a Windows box to capture local traffic (i.e. traffic between two entities
running on the same machine).
http://winpcap.cs.pu.edu.tw/pipermail/winpcap-users/2006-March/000803.html
I have used this in a few scenarios and the instructions seem to work in a
typical machine configuration. I am SURE there are lots of people who can
benefit from this info, so I recommend it get added to the Windows-specific
section of the FAQ.
The instructions can be simplified to:
------------------------------
Get your {IP} and {MAC} addresses from the command:
ipconfig /all
Using those two bits of info, use the following two commands to change your
local routing rules to force packets "on to the wire" where Wireshark can sniff
them:
route add {IP} {IP}
arp -s {IP} {MAC}
For example:
c:\> ipconfig /all
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Some Network Controller
Physical Address. . . . . . . . . : AA-15-CC-AA-BB-42
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.10.105
Subnet Mask . . . . . . . . . . . : 255.255.255.0
[...]
c:\> route add 192.168.10.105 192.168.10.105
c:\> arp -s 192.168.10.105 AA-15-CC-AA-BB-42
------------------------------
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.