wireshark is not showing http nor https for a specific IP
I have a web site running on an internal ip which is 192.168.1.4 (configured in my host files in windows as www.mydomain.net) on port 5040/5041, I can access it through HTTP or HTTPS locally or remotely using the FQN www.mydomain.net. Running wireshark, When I access it remotely from my laptop, I see traffic in the capture screen but when I try to browse locally (from same box where application run that has the IP mentioned above), in wireshark nothing happens, no traffic is captured. Any reason for this or is there an option to configure? Thanks
When you browse locally the packets are probably routed to the application before seen by the capturing mechanism.
any option to fix it? But if I understand well the OSI model it goes through protocols before reaching layer 6/7, no?
Have you tried capturing on the loopback interface?
Running Wireshark with the
-D
option will show a list of available capture interfaces.You are correct, I chose the loopback and now traffic started to be captured on the IP linked to the HTTPS ip, I am a little bit surprised, why is this? Can you please explain? In fact, when I fire wireshark, I have already all interfaces displayed which I need to chose one of them to start a capture session. I was wondering how can do a session for several interfaces at the same time