Ethereal-users: Re: [Ethereal-users] What I have to do in order to see locally sent packets ?
On Tue, Feb 03, 2004 at 06:53:46PM +0200, Igor Novoseltsev wrote:
> my application sends packets to itself (remote address is an IP of the
> computer, on which the application runs).
> What should I do in order to cause ethereal to capture such packets ?
The first thing you should do is run your application, and Ethereal, on
an OS capable of capturing packets on a UNIX-style loopback interface,
as packets sent from the machine to itself will be "looped back" inside
the networking stack, and only if that's done on a UNIX-style interface
and that interface supports packet capture will you be able to see that
traffic.
OSes I know of that support this:
Linux distributions
BSDs ({Free,Net,Open}BSD, BSD/OS, Darwin/Mac OS X)
Digital/Tru64 UNIX
possibly AIX (I *think* I tried it, with a libpcap built to use
BPF, and saw it work; it might not work with a libpcap built
to use DLPI, but those libpcaps have other problems as well)
OSes I know of that do *NOT* support this:
Solaris
HP-UX
Windows (OT, i.e. 95/98/Me, and NT, i.e. NT
4.0/W2K/WXP/W2K3Server)
(See the chart at
http://www.ethereal.com/media.html
and look in the "Loopback" column - and read the relevant footnote for
Windows.)
If you're running on one of thse OSes in the latter set, the first thing
you should do in order to cause Ethereal to capture those packets is,
unfortunately, to install another OS on that machine.
Once you've arranged to run your application, and Ethereal, on such an
OS, the next thing you should do is to capture on the loopback
interface, which will probably have a name like "lo" or "lo0", depending
on the OS on which you're running.