How can I see 127.0.0.1 traffic on Windows using Wireshark?
Solution 1
If you are trying to this on a Windows computer, unfortunately it is not possible out of the box. You will need to install some additional software that will capture data on the loopback interface.
On a Linux computer, you will need to capture from the loopback interface which is lo
most of the time. Most other Unix operating systems use lo0.
Solution 2
To keep this current, as hsluoyz said, install npcap
http://wiki.wireshark.org/CaptureSetup/Loopback
When installed on Windows Vista or later (including Win7, Win8 and Win10) with option "Support loopback traffic ("Npcap Loopback Adapter" will be created)" selected, it will create an Npcap Loopback Adapter that can be selected in Wireshark so as to capture IPv4/IPv6 loopback traffic.
Solution 3
Although you found the answer before I could respond, you can also use Socket Sniffer, which looks at Winsock calls and monitors network sockets; the download link is at the bottom of the page.
Solution 4
Use RawCap, to capture traffic of localhost (127.0.0.1). You just need to download Rawcap.exe and run it. It will open its command prompt listing interfaces. Now select one of the interface which has loopback address 127.0.0.1.
Related videos on Youtube
glutz
Updated on September 18, 2022Comments
-
glutz over 1 year
Every time I try to filter to just show a specific IP address, I get an error indicating that it is "not an interface or a field." I have no idea what that means. Furthermore, I don’t really see any localhost traffic in the logs anyway.
How can I show TCP localhost traffic?
Platform: Windows 7
-
Admin over 11 yearshow exactly are you trying to do this?
-
Admin over 8 yearsPlease try Npcap: github.com/nmap/npcap, it is based on WinPcap and supports loopback traffic capturing on Windows. After you installed Npcap, you can capture the loopback traffic using Wireshark.
-
Admin about 3 years@Yang Luo, Wireshark installs, and is built around, npcap. Despite this Wireshark still cannot get traffic to 127.0.0.1 from a fresh install. At least on my Windows 10 PC.
-
-
Nikita Koksharov over 4 yearsI used more modern tool by the same author nirsoft.net/utils/smsniff.html
-
Sasha Bond about 3 yearssocket sniffer does not allow to select browser, gives an error