Wireshark-users: Re: [Wireshark-users] capturing traffic on a virtual interface

From: Brian K <knairb01@xxxxxxxxx>
Date: Thu, 30 Jul 2009 09:30:16 -0700 (PDT)
Thanks for the help, Sake and Guy.


From: Guy Harris <guy@xxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Thursday, July 30, 2009 12:53:01 AM
Subject: Re: [Wireshark-users] capturing traffic on a virtual interface


On Jul 29, 2009, at 10:49 PM, Sake Blok wrote:

> No, if you are browsing the site (which is hoted on the VM) from 
> within
> the VM,

...or if you are browsing a site hosted on *any* machine (real or 
virtual) from the same machine...

> then the traffic won't pass the NIC driver and won't pass the
> WinPcap capture engine.

This is a limitation of the way the Windows networking stack works. 
Solaris has a similar problem; on some other UN*Xes, you can capture 
that traffic, *but* you have to capture on the OS's "loopback" device 
("lo" on Linux, "lo0" on *BSD, Mac OS X, and Digital/Tru64 UNIX).

See

    http://wiki.wireshark.org/CaptureSetup/Loopback

for details.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe