Wireshark will not display traffic routed back to localhost by default. This is due to no loopback interface in Windows. There is a workaround. Run the following in DOS to route all your network traffic to the gateway..
route [your_ip] add mask 255.255.255.255 [gateway] metric 1
with [your_ip] being different from 127.0.0.1. It should (has to) be the result of ipconfig command (ip address field) [the_gateway] has to be the default gateway field taken from ipconfig /all result.
Doing so, every network traffic from your machine to itself will use the physical network interface, it will then go to the gateway, back to you. Therefor, you will see each packet twice, but it can be filtered on the view.
Be careful, since your machine will use the actual network to talk to itself, it may overload the network. It may be wise to remove the new route once you are done with the tests:
route delete [your_ip]
For more information see:
No comments:
Post a Comment