How can I see 127.0.0.1 traffic on Windows using Wireshark?

windows networking tcp wireshark loopback
93,222

Solution 1

If you are trying to this on a Windows computer, unfortunately it is not possible out of the box. You will need to install some additional software that will capture data on the loopback interface.

On a Linux computer, you will need to capture from the loopback interface which is lo most of the time. Most other Unix operating systems use lo0.

Solution 2

To keep this current, as hsluoyz said, install npcap

http://wiki.wireshark.org/CaptureSetup/Loopback

When installed on Windows Vista or later (including Win7, Win8 and Win10) with option "Support loopback traffic ("Npcap Loopback Adapter" will be created)" selected, it will create an Npcap Loopback Adapter that can be selected in Wireshark so as to capture IPv4/IPv6 loopback traffic.

Solution 3

Although you found the answer before I could respond, you can also use Socket Sniffer, which looks at Winsock calls and monitors network sockets; the download link is at the bottom of the page.

Solution 4

Use RawCap, to capture traffic of localhost (127.0.0.1). You just need to download Rawcap.exe and run it. It will open its command prompt listing interfaces. Now select one of the interface which has loopback address 127.0.0.1.

Share:
93,222

Related videos on Youtube

glutz
Author by

glutz

Updated on September 18, 2022

Comments

  • glutz
    glutz over 1 year

    Every time I try to filter to just show a specific IP address, I get an error indicating that it is "not an interface or a field." I have no idea what that means. Furthermore, I don’t really see any localhost traffic in the logs anyway.

    How can I show TCP localhost traffic?

    Platform: Windows 7

    • Admin
      Admin over 11 years
      how exactly are you trying to do this?
    • Admin
      Admin over 8 years
      Please try Npcap: github.com/nmap/npcap, it is based on WinPcap and supports loopback traffic capturing on Windows. After you installed Npcap, you can capture the loopback traffic using Wireshark.
    • Admin
      Admin about 3 years
      @Yang Luo, Wireshark installs, and is built around, npcap. Despite this Wireshark still cannot get traffic to 127.0.0.1 from a fresh install. At least on my Windows 10 PC.
  • Nikita Koksharov
    Nikita Koksharov over 4 years
    I used more modern tool by the same author nirsoft.net/utils/smsniff.html
  • Sasha Bond
    Sasha Bond about 3 years
    socket sniffer does not allow to select browser, gives an error

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Monitor loopback traffic (monitor MS TCP Loopback inteface traffic) with Microsoft Network Monitor 3.4 - possible?
TCP Server sends [ACK] followed by [PSH,ACK]
what does this wireshark info refer to
TCP Dup ACK/Retransmission, bad configuration?
How do I find out which process is using up all the TCP connections?
Network Traffic per process/application windows
Using Wireshark to track traffic on a Windows Virtual WiFi Miniport
Capture TCP communication on a specific port using wireshark
how to see all network requests made by an application
Wireshark - How do i filter the TCP[RST] packet?