Wireshark-dev: Re: [Wireshark-dev] Wireshark packet capture in simulations/emulations (e.g. Min

From: Murat Karakus <muratkarakus60@xxxxxxxxx>
Date: Mon, 19 Oct 2015 13:41:38 -0400

Thank you for the explanation. This makes more sense.

Best Regards,
Murat Karakus

On Oct 19, 2015 2:25 AM, "Guy Harris" <guy@xxxxxxxxxxxx> wrote:

On Oct 18, 2015, at 6:22 PM, Murat Karakus <muratkarakus60@xxxxxxxxx> wrote:

> As far as I know Wireshark captures real packets sent to/from your machine's network cards/interfaces like Ethernet, wireless etc.

Wireshark captures real packets sent over anything on which libpcap/WinPcap can capture traffic.

Not everything on which libpcap/WinPcap can capture corresponds to an actual hardware network interface.  For example, on UN*Xes, there's a network interface called the "loopback" interface, which doesn't correspond to any hardware; it has a host on it with the IPv4 address 127.0.0.1, and packets sent on it are received by the networking stack on the same machine.  That is done purely in software.  On most UN*Xes - Linux, *BSD, OS X, Solaris 11 and later, possibly others - libpcap can capture traffic on the loopback interface.

> I could not understand how Wireshark can capture packets in a simulated/emulated network created such as Mininet. At the end, it is a simulation/emulation and no real packet is sent from/to my laptop's network cards/interfaces!

Perhaps it's sent on a software interface similar to the loopback interface, in which case libpcap can probably capture on it.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe