Ask Your Question
0

How to capture traffic on 127.0.0.2

asked 2018-02-15 19:08:43 +0000

jca gravatar image

I use a product called SecureLink that through a Web Interface creates a tunneled connection from my PC to a remote server. I then run a Terminal Emulator (like Putty) and make a ssh connection to 127.0.0.2 22. I need to be able to capture the traffic on 127.0.0.2 so I can see what encryption keys are being offered by the remote server. I know Putty has some debugging/tracing ability, but I am using a different Terminal Emulator that does not. And it is getting an error that it cannot use any of the keys provide by the server. I cannot look at the PC NIC because the tunneling program is using something like TLS between the the PC and the remote server and the ssh hand shaking just shows as encrypted packets.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-02-15 21:28:36 +0000

sindy gravatar image

updated 2018-02-15 21:29:50 +0000

As you mention PuTTY, I assume your PC runs MS Windows. MS Windows do not normally use a lo interface like *n*x operating systems do, but you can change that by installing npcap from the nmap project instead of WinPcap and checking the option to install a loopback interface when configuring the installation. After that, the loopback interface appears in the interface list of Wireshark and the traffic on 127.0.0.0/8 goes through it.

edit flag offensive delete link more

Comments

I have installed npcap and the interface shows up. I assume it would capture by default. Do I need to configure something to capture traffic on it? During the npcap install I don't think there were any configuration options. I found npcap when I first started searching about capturing traffic on the loopback interface. But most of it seemed to talk about 127.0.0.1.

jca gravatar imagejca ( 2018-02-15 22:20:53 +0000 )edit

I figured out what I was doing wrong. I though wireshark was capturing traffic on all interfaces, but it was not it was defaulting to the physical NIC. After I selected the loopback interface I can now see the traffic on 127.0.0.2.

jca gravatar imagejca ( 2018-02-16 02:54:39 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-02-15 19:08:43 +0000

Seen: 655 times

Last updated: Feb 16 '18