Reputation: 81
Windows 7: sniff TCP sockets to localhost
I want to capture and analyze TCP communication data between two applications running on local host, which is running Windows 7 OS. I try to use Wireshark, but Wireshark could not capture the data, it seems just monitor the data in/out the network interface.
Could you introduce some useful tools to monitor the local TCP data easily.
Upvotes: 5
Views: 10434
Answers (2)
Reputation: 196
There are limitations in Windows that prevent libpcap and Microsoft Network Monitor from sniffing localhost/loopback. But you can sniff localhost if you use Raw Sockets.
There is a free tool called RawCap that can sniff localhost and save the captured packets in a PCAP file. This allows you to inspect the traffic in Wireshark later on.
You can download RawCap from here: http://www.netresec.com/?page=RawCap
Upvotes: 1
Reputation: 43081
The reason wireshark doesn't work is because sniffers rely on the network driver stack, and Windows don't expose localhost calls through it.
You should use Socket Sniffer, which looks at Winsock calls and monitors network sockets; the download link is at the bottom of the page.
Upvotes: 4
Related Questions
- TCP/IP Socket Port Listening
- How to sniff local outgoing network traffic in .NET without using PCap?
- Using RawCap to Sniff localhost on Windows XP, SP3
- Python TCP Sniffer under Windows
- Capturing windows XP localhost TCP traffic
- Tcp raw packets
- Intercept TCP and UDP traffic localhost
- Is it possible to open a 'local machine only' socket on Windows?
- Sniffing packets from a single executable
- How do I hook the TCP stack in Windows to sniff and modify packets?