This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

On Windows, how can I capture packets from my machine to itself?

0

Hello all,

I want to capture sntp packets from system(windows 8) running as both server and client(using a tool). my question is how can i capture ntp packets from this tool using wireshark in other system(windows xp) while server client tool(both as server and client) is synchronizing time in unicast mode.

thankfully monisha

asked 15 Jun '13, 00:09

sana's gravatar image

sana
11113
accept rate: 0%

edited 15 Jun '13, 16:33

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


2 Answers:

1

see the answer to a similar question:

http://ask.wireshark.org/questions/21912/sntp-packet-cannot-be-captured

Regards
Kurt

answered 15 Jun '13, 06:26

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

hi ,

Gone through the link. Can I use same system as client and server to capture those packets in other system? if so what are all the settings required in wireshark or how can i do that?

thanks for ur time sana

(16 Jun '13, 23:57) sana

Can I use same system as client and server to capture those packets in other system?

??? same system or other system?

(17 Jun '13, 06:20) Kurt Knochner ♦

ya like single system(system 1)works as both server and client and one more system(system 2) to capture packets(from system 1) using wireshark

(17 Jun '13, 22:12) sana

ya like single system(system 1)works as both server and client and one more system(system 2) to capture packets(from system 1) using wireshark

Can't work and won't work. System 1 is communicating with system 1 (i.e., with itself) over an internal connection within the operating system software, NOT over an Ethernet or Wi-Fi network or anything else to which system 2 has any access whatsoever, and, unfortunately, unlike many UN*Xes, that internal network can't be sniffed using the same mechanism that is used to sniff external networks, so Wireshark can't see the traffic even on system 1 itself.

See my answer.

(17 Jun '13, 23:04) Guy Harris ♦♦

1

If the same computer is being used as both a client and a server, and that computer is using itself as a server, so that all the messages are sent from the computer to itself, you cannot capture them by using some other system; those packets are NOT transmitted on ANY network, much less a network that some other computer can sniff on.

On Windows, about all you can do in that case is run RawCap and have it write out to a file, and then read the file in Wireshark (or TShark or tcpdump/WinDump or...).

answered 17 Jun '13, 17:23

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%