[Windump] Cant sniff
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Sep 28 08:23:53 PDT 2007
----- Original Message -----
From: "Janne Ruohomäki" <janne.ruohomaki at gmail.com>
To: "Gianluca Varenni" <gianluca.varenni at cacetech.com>
Cc: <windump at winpcap.org>
Sent: Friday, September 28, 2007 2:53 AM
Subject: Re: [Windump] Cant sniff
> Actually I figured out this limitation originates from crappy windows.
I wouldn't consider this a "limitation from crappy windows". The reason why
you cannot sniff localhost packets is that packets do not go to the network
card at all. "localhost" is an IP concept, and localhost packets under
windows (like other OSes, as well) are managed in the TCP/IP protocol
driver. WinPcap sits in parallel to TCP/IP. The reason why linux and other
OSes have the "lo" interface is that they have a hook inside the TCP/IP
kernel code to sniff such packets.
Just my two cents
GV
> This is why I try to avoid M$ and stay with Real Operating Systems.
> This small problem created bill of ca. 1000 euros to my client
> already. Well.. Im not unhappy, because I am not the one who has to
> pay. I am the one who gets paid, lucky me.
>
> Thanks for the virtual machine suggestion, I will try that.
>
> On 9/27/07, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
>> Janne,
>>
>> this is a limitation of WinPcap (the underlying capture engine used by
>> windump): you cannot sniff the traffic from localhost to localhost. The
>> only
>> workaround at the moment is having the client and the server on two
>> different machines. Virtual machines work as well.
>>
>> Have a nice day
>> GV
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "Janne Ruohomäki" <janne.ruohomaki at gmail.com>
>> To: <windump at winpcap.org>
>> Sent: Thursday, September 27, 2007 4:13 AM
>> Subject: [Windump] Cant sniff
>>
>>
>> > I have a huge problem with WinDump: I dont seem to be able to see any
>> > traffic going from localhost to localhost. I am trying to debug a web
>> > service on this machine and I see absolutely nothing coming out of
>> > WinDump! How is this possible ? Is it a bug in WinDump or what,
>> > because I am 100% sure that I am sending HTTP requests to my server at
>> > localhost:7001 as I can see them in the server log file.
>> > _______________________________________________
>> > Windump mailing list
>> > Windump at winpcap.org
>> > https://www.winpcap.org/mailman/listinfo/windump
>>
>>
More information about the Windump
mailing list