Client-server communication on localhost not showing up

asked 2020-02-14 12:57:56 +0000

EdS gravatar image

Hello, I'm trying to capture packets from a client-server communication on localhost (on the same computer). None of the network interfaces show this. When I connect the client to a remote server though, Wireshark is able to capture the transmitted packets.

How can I visualise the packets exchanged between client and server on the same host? While I can run each on a different computer, for debugging purposes it's easier to test both locally.

Any help welcome.

Regards, Ed

Please add output of wireshark -v or Help->About Wireshark
That will include information about the host and the capture library.

Chuckc ( 2020-02-14 14:40:30 +0000 )

Hi. I've just realized that wireshark shows protocol S101 when running the system under loopback. Why? When server and client are on different computers, protocol is informed correctly

EdS ( 2020-02-15 16:00:26 +0000 )

In the capture done on the local system using loopback, what are the src and dst ports?
Wireshark has a preference (s101.tcp.port) default value to decode port 9000 as S101.

Chuckc ( 2020-02-16 04:10:34 +0000 )

answered 2020-02-15 16:08:47 +0000

grahamb gravatar image

When the client and server are on the same computer, the networking stack uses an optimization (or shortcut) and the TCP or UDP traffic does not go down the stack to the NIC but is directly routed to the receiving application. This is often termed loopback traffic.

This means that applications such as Wireshark, using a capture driver of npcap or WinPcap, that (effectively) capture just above the NIC, don't see the traffic.

A loopback adaptor allows a capturing application to see the loopback traffic.

Asked: 2020-02-14 12:57:56 +0000

Seen: 1,556 times

Last updated: Feb 15 '20