Using RawCap to Sniff localhost on Windows XP, SP3
Asked Answered
H

1

5

I am attempting to use RawCap to sniff Windows localhost. However, contrary to its billed ability to do so, it is not working. I am starting it as follows:

rawcap 127.0.0.1 echo.pcap

I then run a little echo TCP client / server test app I wrote. I use the client to send some data over 127.0.0.1, and it indeed gets printed on the server and sent back to the client, where it is also printed. Howver, the packet capture file is empty.

I am running under Windows XP, SP3.

Is anybody aware of any other steps I need to take to get this to work?

Additional information added on 7/20/2011: I contacted the company that produces RawCap, and they suggested making sure that I have administrator privilege, that I try sniffing ping 127.0.0.1, and that I try enabling telnet and sniffing telnet 127.0.0.1. I do indeed have administrator privilege, RawCap sees ping packets, but it did not see telnet packets. I also tried sniffing 127.0.0.1 on another machine, and I failed there also.

Best, Dave

Hawkinson answered 15/7, 2011 at 19:32 Comment(0)
H
7

I've been in contact with the author of RawCap, and he indicated that I found a bug where Windows XP SP 3 can't sniff TCP on localhost. He does not seem hopeful that he can fix it. If any more useful information comes along, I will, in an attempt to help the community, comment on this answer.

Hawkinson answered 21/7, 2011 at 19:36 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.