I hope that now you have a better idea of Loopback adapter, so let’s continue to learn to enable this feature. Here is a step-by-step guide with relevant images, explaining you how to enable this feature in Windows 10. You may notice that Microsoft has renamed it from “Microsoft Loopback Adapter” to “Microsoft KM-TEST Loopback Adapter”. Installing & running Wireshark on loopback remotely & silently, or alternatives We have Kiosk systems running either Windows 7 or Windows 10 IOT. These systems are running a.
- Traffic - either by using the loopback address, 127.0.0.1, or just the public IP address but the client and server both reside on the same machine. Most tools, like Wireshark and Netmon aren’t able to capture data that didn’t actually go out on the wire. Windows is smart enough that it.
- パケットキャプチャーといえば Wireshark が定番だと思いますが、Windows版の Wireshark は localhost 宛てのパケットをキャプチャできません。 そこでいろいろ調べてみたのですが、結論としては「WinPcap の代わりに npcap を使う」のが良さげな感じです。.
- Wireshark Local Loopback Windows
- Wireshark Npcap Loopback Adapter
- Wireshark Sniff Loopback Windows
- Wireshark Windows Loopback Interface
This tutorial describes how to monitor traffic to the minimal-net platform, with Wireshark and a loopback interface, using the webserver as an example.
Using this platform makes for easier debugging since you can add printf()s without worrying about fitting everything into flash. Also, the turnaround time is just a few seconds.
You don't need to install the loopback on Windows if you pass an address to an active interface, at webserver startup; but, that will mix webserver packets with all the other traffic on that interface. Also, WinPcap can be installed independently of Wireshark.
Wireshark Local Loopback Windows
Here is a screen dump of ip4 and ip6 webservers running side-by-side on the minimal-net platform:
.
|
Linux
ip4
1. Install Wireshark. Development versions above 1.3.3 have the dissector for 802.15.4 radio packets. Bleeding-edge (http://www.wireshark.org/download) versions are recommended for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. If your local network already has 10/8 assignments, you need to look at the addresses in platform/minimal-net/contiki-main.c:
If necessary, change to an unused or more restricted subnet, e.g. address=10.10.10.1, mask=255.255.255.0, router=10.10.10.100.
![Wireshark loopback windows 8 Wireshark loopback windows 8](/uploads/1/2/6/0/126082423/592832264.jpg)
3. Build the webserver with the minimal-net platform:
And, run it with administrator privileges. If you modified the addresses in step 2, start it in the background by appending & to the command:
It will output:
4. If the tap0 address is wrong, or you changed the addresses in step 2, you now have to reconfigure the tap0 address to correspond
[Q: A route is not needed for the webserver; but, will it break anything to change gw to 10.1.1.100 in cpu/native/net/tapdev.c?]:
[Q: A route is not needed for the webserver; but, will it break anything to change gw to 10.1.1.100 in cpu/native/net/tapdev.c?]:
5. Launch Wireshark as root (in Ubuntu, it is in 'Applications->Internet->Wireshark (as root)'); and, start it on the tap0 interface. Direct a browser to http://10.1.1.1/; and, you should see the traffic and the index.html page.
6. To stop the background webserver process, type fg 1 (assuming it is job 1) to bring it to the foreground; and then, control-C out. You can change cpu/native/net/tapdev.c to the 10.10.10.100 address to avoid having to type it each time you run the webserver application.
7. If additional webservers are run with different IP addresses, each will create a different tapN which needs configuring similar to the above.
ip6
The steps for IPv4 above apply; but, the address autoconfigures. Build webserver6 with the minimal-net platform:
And, run it with administrator privileges:
It will create a tap0 with an IPv6 address that you can see with ifconfig. Launch Wireshark as root, capture from that interface, and direct a browser tohttp://[fe80::0206:98ff:fe00:0232%tap0]. That probably will not work, as many browsers don't support the interface designator %tap0; but, you might get lucky with curl/wget; and, it hopefully will be resolved in the future.Additional webserver6 instances can be reached by using %tap1, %tap2, etc. Use brctl to combine them onto a single bridge interface %br0. The start-up autoconfigure currently does not seem to handle address conflicts; so at present, each needs a unique
uip_lladdr
in core/net/uip6.c.
Webserver6 configures itself with an aaaa::/64 prefix; but, it doesn't tell the tap0 interface about it. Autoconfiguration isn't THAT smart. So, if you want to get the page using http://[aaaa::206:98ff:fe00:232], you have to add the prefix to the tap0 interface.
That's enough for getting to the interface with a browser. Thankfully, most browsers can use that address without the %tap0 issue. However, you probably want more routing; and so, set up radvd.
Add the following:
Save the file; and, exit.
If you try to restart radvd, and get a message like 'IPv6 forwarding seems to be disabled.', try
Windows XP
See https://github.com/contiki-os/contiki/blob/master/cpu/native/net/README-WPCAP.md for a summary.
ip4
1. Install Wireshark which includes the needed WinPCap driver.Bleeding-edge (http://www.wireshark.org/download/automated) versions are recommended, for the latest 6LoWPAN and RPL-ROLL protocol dissectors.
2. Add the XP loopback interface. These directions are from http://support.microsoft.com/kb/839013:
3. Go to 'My Network Places -> View network connections'; and, 'Local Area Connection n' should be listed, which mousing over will show is the 'Microsoft Loopback Adapter'. Right-click Properties; uncheck all protocols except TCP/IP (and TCP/IP version 6 if you have activated IPv6 for XP); select TCP/IP properties; and, enter a manual IP address and mask for the loopback interface. I suggest 10.10.10.10 and 255.0.0.0 which will direct any IP address starting with 10 to the interface. 10/8 is a good choice because it can not be routed accidentally to the entire internet! If you already have 10/8 addresses in a local intranet, then you will need to use a more restricted mask; for example, 255.255.255.0 will route only 10.10.10.x to the loopback interface.Click OK; and, close. You can't add an IPv6 address here because XP doesn't have a GUI for those properties.
4. Open a command shell (Cygwin or run->cmd); and, type ipconfig /all. You should see an entry like:
Confusingly, the interface number is 4 (obtained from the %4 on the IP address), not 5. You can add an IPv6 address with
[There appear to be no IPv6 addresses reserved for local use. The IPv6 gurus decided that such addresses could leak to the internet anyway; so, better to allow a diversity of erroneous addresses, to make it easier to track down the offenders. If you forget to add a matching local IPv6 address, your requests will be routed to the internet. You have been warned!] The loopback should now respond to pings to the ip4 and ip6 addresses.
5. Start Wireshark on the interface. If Winpcap was just installed, you will have to reboot for it to see the new interface.
6. Build the webserver with the minimal-net platform:
7. Start the program, passing it the address of the loopback adapter. Now you see why 10.10.10.10 is used; it is easy to type.
It will search through the interfaces until the loopback is found; then, configure the IP addresses:
8. If you used a more restrictive mask in step 3, you will need to change the source in platform/minimal-net/contiki-main.c; and, recompile:
The masked address has to be within the loopback's subnet; e.g., you could set the address to 10.10.7.42 and the mask to 255.255.0.0. The default router is not used in the webserver application. (Q: Where is it used?)
9. Launch a browser; and, direct it to your address (default http://10.1.1.1/). If all goes well, index.html will load; and, Wireshark will show the traffic.
10. Any number of webserver.minimal-net processes can be running, as long as they have different IP addresses within the loopback subnet.
ip6
Same as Vista/W7, except for the lack of a GUI to set the ip6 prefix. Obtain the interface number, 4 in this example; and, from a DOS or Cygwin shell, type
Direct a browser to http://[fe80::0206:98ff:fe00:0232%4] or http://[aaaa::0206:98ff:fe00:0232].
Windows Vista/7
See https://github.com/contiki-os/contiki/blob/master/cpu/native/net/README-WPCAP.md for a summary.
ip4
Installing the loopback interface is described with pictures here. To summarize:
1. Click Start – Search for cmd; right-click cmd.exe; and, select “Run as Administrator”.
2. From the command prompt, run “hdwwiz.exe“. That should launch the “Add Hardware Wizard“. Click Next.
3. Select “Install the hardware that I manually select from a list (Advanced)”; and, click Next.
4. Now, from the list, select 'Network Adapters'; and, click Next.
5. Under Manufacturers, select Microsoft; and, select “Microsoft Loopback Adapter” under 'Network Adapter'; and, click Next. That should start the installation. Click Finish when the installation completes.
6. Go to 'Network and Sharing Center'; the loopback should be present with a name like 'Local Area Connection 5'. Click on it; click on the properties button; uncheck all protocols other than ip4. Highlight that protocol; click properties; and, set a manual address of 10.10.10.10 and mask 255.0.0.0.
7. In a command window, ipconfig /all will show the interface properties. Winpcap will not see the new interface until a reboot.
8. Continue as for ip4 XP, step 5.
ip6
1. Follow the ip4 installation to install the loopback interface.
2. Enable the ip6 protocol on the loopback interface; select its properties in the GUI; and, give it a manual address of aaaa::1 and prefix length 64. It should respond now to pings to aaaa::1.
3. Find the interface number with ipconfig /all in a command window. Below, it is 21:
4. Compile and run webserver6, passing it the ip4 address of the interface:
5. Direct a browser to http://[aaaa::206:98ff:fe00:232] or http://[fe80::0206:98ff:fe00:0232%nn] where nn is the interface number. Firefox has an irritating habit of converting %nn to some other character (e.g., %21 becomes !) which will work on embedded links, but not on a page reload. Internet Explorer converts %21 to %2521 which somehow works with both embedded links and page reloads.
Any number of instances can be running. At present, autoconfigure does not seem to resolve address conflicts; so, each one must be given a different
uip_lladdr
in core/net/uip6.c or prefix in platform/minimal-net/contiki-main.c.
6. Adding the aaaa::1/64 address in the GUI will have created aaaa::1/128 and aaaa::/64 routes for local use. That also can be done in an elavated DOS or Cygwin window; and, you will have to delete the old route first if you want to publish it. Using the example interface #21:
Active3 years, 10 months ago
(This is a followup to my previous question about measuring .NET remoting traffic.)
When I am testing our Windows service / service controller GUI combination, it is often most convenient to run both pieces on my development box. With this setup, the remoting traffic between the two is via loopback, not through the Ethernet card.
Are there any software packet sniffers that can capture loopback traffic on a WinXP machine? Wireshark is a great package, but it can only capture external traffic on a Windows machine, not loopback.
Community♦
McKenzieG1McKenzieG1
10k7 gold badges31 silver badges39 bronze badges
closed as off-topic by Jon Clements♦Dec 27 '15 at 19:53
This question appears to be off-topic. The users who voted to close gave this specific reason:
- 'Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.' – Jon Clements
Wireshark Npcap Loopback Adapter
7 Answers
What you should do is to run RawCap, which is a sniffer that can capture traffic to/from the loopback interface in Windows. Just start it with 'RawCap.exe 127.0.0.1 loopback.pcap'.
You can then open up loopback.pcap in Wireshark or NetworkMiner to look at the network traffic.
You can find RawCap here:http://www.netresec.com/?page=RawCap
Good Luck!
ErikErik
I second the Microsoft Network Monitor (though this link works better at the time of writing) suggestion from Thomas Owens. Also, this post suggests that to get the loopback address, try doing:
route add <Your Machine's IP> <Your Router's IP>
This takes locally-generated packets for the local interface and sends them off to your router... which sends them back.
NOTE: To get your machine back to normal operation, make sure you delete the route when you're finished using:
route delete <Your Machine's IP>
Peter K.Peter K.
6,5614 gold badges42 silver badges67 bronze badges
There is a page on the Wireshark wiki that addresses the problem. Short answer is, you can't do it on a Windows machine, but there might be some workarounds.
Eric Z BeardEric Z Beard
Wireshark Sniff Loopback Windows
28.3k24 gold badges92 silver badges142 bronze badges
I'm not sure if it can or not, but have you looked at Microsoft Network Monitor? It might be an option.
Thomas OwensThomas Owens
72.8k91 gold badges285 silver badges420 bronze badges
Did you try to install the MS Loopback Adapter and try sniffing on that adapter with you favorite sniffing application?
Also if I remember correctluy NAI Sniffer link did use to have loopback sniffing capabilities, but it's been a while I used either solution...
SilverViperSilverViper
4242 gold badges8 silver badges14 bronze badges
If you don't care to pay, try this: CommView
It seems to work, however the Evalution version doesn't display thecomplete packets.
andrecarlucciandrecarlucci
4,2034 gold badges46 silver badges53 bronze badges
You should definitely try Npcap, it works perfectly with Wireshark to capture loopback traffic in Windows, see here:https://wiki.wireshark.org/CaptureSetup/Loopback
Wireshark Windows Loopback Interface
Yang LuoYang Luo
9601 gold badge15 silver badges39 bronze badges