xinsong001
xinsong001

Reputation: 81

Windows 7: sniff TCP sockets to localhost

I want to capture and analyze TCP communication data between two applications running on local host, which is running Windows 7 OS. I try to use Wireshark, but Wireshark could not capture the data, it seems just monitor the data in/out the network interface.

Could you introduce some useful tools to monitor the local TCP data easily.

Upvotes: 5

Views: 10434

Answers (2)

netresec
netresec

Reputation: 196

There are limitations in Windows that prevent libpcap and Microsoft Network Monitor from sniffing localhost/loopback. But you can sniff localhost if you use Raw Sockets.

There is a free tool called RawCap that can sniff localhost and save the captured packets in a PCAP file. This allows you to inspect the traffic in Wireshark later on.

You can download RawCap from here: http://www.netresec.com/?page=RawCap

Upvotes: 1

Mike Pennington
Mike Pennington

Reputation: 43081

The reason wireshark doesn't work is because sniffers rely on the network driver stack, and Windows don't expose localhost calls through it.

You should use Socket Sniffer, which looks at Winsock calls and monitors network sockets; the download link is at the bottom of the page.

Upvotes: 4

Related Questions