Wireshark-bugs: [Wireshark-bugs] [Bug 1721] New: FAQ addition: capturing local traffic on Window
Date Prev · Date Next · Thread Prev · Thread Next
Date: Wed, 1 Aug 2007 16:56:08 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1721

           Summary: FAQ addition: capturing local traffic on Windows
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Documentation
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: greg.fenton@xxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The following post from the WinPcap user list gives details on how to configure
a Windows box to capture local traffic (i.e. traffic between two entities
running on the same machine).

    http://winpcap.cs.pu.edu.tw/pipermail/winpcap-users/2006-March/000803.html

I have used this in a few scenarios and the instructions seem to work in a
typical machine configuration.  I am SURE there are lots of people who can
benefit from this info, so I recommend it get added to the Windows-specific
section of the FAQ.

The instructions can be simplified to:

------------------------------
Get your {IP} and {MAC} addresses from the command:

ipconfig /all

Using those two bits of info, use the following two commands to change your
local routing rules to force packets "on to the wire" where Wireshark can sniff
them:

route add {IP} {IP}
arp -s {IP} {MAC}

For example:

c:\> ipconfig /all
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : mydomain.com
   Description . . . . . . . . . . . : Some Network Controller
   Physical Address. . . . . . . . . : AA-15-CC-AA-BB-42
   Dhcp Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 192.168.10.105
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   [...]

c:\> route add 192.168.10.105 192.168.10.105
c:\> arp -s 192.168.10.105 AA-15-CC-AA-BB-42
------------------------------


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.