Use Wireshark to capture loopback traffic without a loopback adapter

If you’ve ever used Wireshark for debugging applications you may have noticed that it only seems to pick up traffic that is actually transmitted over the wire and ignores all traffic sent to your local ip address or localhost. If you want to watch this traffic without having to install a special loopback adapter you can use the following trick.

How to force local traffic to your default gateway
1) Open a command prompt (Run as Administrator for Vista/7)
2) Type ipconfig/all (note your local ip address(es) and default gateway)
3) Type “route add <your ip address> mask 255.255.255.255 <default gateway IP address> metric 1″

This instructs windows to send any requests for your local ip address to your default gateway, which will in turn forward the request back to your machine. Be aware that this route will disappear once you restart your machine unless you include the -p switch after the route command. You may also notice an echo effect if you’re using Wireshark because you see each request and response twice. You can remove this problem by applying the following filter at the top.

ip.src==<default gateway> or ip.dst==<default gateway>

Consider the default gateway as a client trying to reach your machine and all traffic sent to the default gateway as your machine’s response.

To remove the route, type “route delete <the ip address you entered>”.

If you have an application running locally that uses localhost, you can map localhost to the IP address you added a route for. Just don’t forget you mapped localhost to a different IP than 127.0.0.1!

How to map localhost
1) Open notepad (Run as Administrator in Vista/7)
2) Navigate to C:\Windows\System32\drivers\etc\ and open the hosts file (there’s no extension).
3) Add this entry “<the IP address you added a route for> localhost”. Note that the space between the ip address and localhost is a tab.

Now, when your machine tries to send something to localhost, it will resolve to the IP address you added a route for and send its traffic to your default gateway.

(Important!) Remember to unblock the port used for incoming traffic on your machine. Also, if you find that an application you’re using doesn’t seem to send out traffic the way you expect, try flushing the dns cache with ipconfig/flushdns.

转自:http://blog.sina.com.cn/s/blog_53d3653e0100t2kq.html

 

Use Wireshark to capture loopback traffic without a loopback adapter (转)的更多相关文章

  1. Cannot capture jmeter traffic in fiddler

    Cannot capture jmeter traffic in fiddler First, change Fiddler's port back to 8888 as it was origina ...

  2. WireShark Flow capture analysis

    Wiresharkl流量分析 1.图示是对WiFi数据接口的80号端口进行数据捕获,设置混杂模式 过滤表达式设置: IP地址设置过滤   ip.src==191.168.1.102    ip.dst ...

  3. 使用开源的工具解析erspan流量

    Decapsulation ERSPAN Traffic With Open Source Tools Posted on May 3, 2015 by Radovan BrezulaUpdated ...

  4. wireshark, loopback

    swapondd if=/dev/zero of=/data/mnt/swap bs=1024 count=8024000 sudo apt-get install wireshark sudo gr ...

  5. How To: Capture Android & iOS Traffic with Fiddler

    How To: Capture iOS Traffic with Fiddlerhttps://www.telerik.com/blogs/how-to-capture-ios-traffic-wit ...

  6. wireshark & fiddler

    wireshark display filterhttps://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSec ...

  7. how to use fiddler and wireshark to decrypt ssl

    原文地址: http://security14.blogspot.jp/2010/07/how-to-use-fiddler-and-wireshark-to.html Requirements2 C ...

  8. Ubuntu下用wireshark抓取802.11封包并进行过滤分析

    要用wireshark抓802.11的包 需要在linux下进行. 要在linux下抓802.11的包 需要在linux下安装无线网卡驱动. 所以 在正式抓取之前先把这两样东西搞起来. *没有特殊说明 ...

  9. 新版本wireshark tshark使用

    Wireshark-tshark wireshark 指令模式 => tshark Windows 及Linux 可至安裝目錄執行>tshark tshark.exe -i 7(利用-D找 ...

随机推荐

  1. Problem A: 小火山的跳子游戏 多校训练2(小火山专场)(周期)

    题目链接:http://acm.zzuli.edu.cn/zzuliacm/problem.php?cid=1158&pid=0 zzuli 1905  题意:如果k=1的话是1,2,3,4. ...

  2. 转:Loadrunner打开https报错“Internet…

    Loadrunner 录制htpps 协议通过IE打开页面,报错“Internet Explorer cannot display the webpage”. 但是直接打开IE不通过 loadrunn ...

  3. VI中的批量替换 (转载)

      1) 文件内全部替换:   :%s#abc#123#g (如文件内有#,可用/替换,:%s/abc/123/g)   --注:把abc替换成123   (或者: %s/str1/str2/g 用s ...

  4. Spring + iBATIS完整示例

    最近研究了一下Spring + iBATIS.发现看别人的例子是一回事,自己写一个完整的应用又是另外一回事.自己受够了网上贴的一知半解的代码. iBATIS是一个持久化框架,封面了sql过程,虽然sq ...

  5. web学习:Spring2.5+Hibernate3.3+Struts1.3整合小例子

    写android有段时间了,感觉思维越写越狭窄,考虑问题越来越局限了,看不到一个项目整体的设计和构架,觉得很有必要多多写一些大型的框架性的东西来提高自己的视野. 从接触java到现在一年多了,在我的印 ...

  6. 我的android学习脚步----------- 的第一个应用

    刚刚开始学android开发,以前都是在别人调好的应用中修改JNI,现在需要自己一步步走 开发环境:Eclipse+ADT 配置不多讲了,引自:http://www.cnblogs.com/allen ...

  7. arm nop

    MOV R0,R0 这个语句相当于做一次无用功,也就相当于实现了NOP.       接下去就是怎么修改机器码的部分.先查询手册,查到MOV 的机器码是0xE1A0(此处可能不同,主要看自己IDA反汇 ...

  8. android异步加载AsyncTask

    http://blog.csdn.net/abc5382334/article/details/17097633 http://keeponmoving.iteye.com/blog/1515611 ...

  9. Enterprise Architect与startUML表示UML常用图

    转自:http://www.cnblogs.com/alexlee73/archive/2011/11/05/2237294.html 附下载地址:http://download.csdn.net/d ...

  10. 关于HTTP_CLIENT_IP,HTTP_X_FORWAR

    HTTP_CLIENT_IP:可通过http头伪造HTTP_X_FORWARDED_FOR:可通过http头伪造REMOTE_ADDR:可能是用户真实IP也可能是代理IP 服务端获取IP地址 http ...