Wireshark-dev: Re: [Wireshark-dev] Wireshark packet capture in simulations/emulations (e.g. Min
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 18 Oct 2015 23:25:22 -0700
On Oct 18, 2015, at 6:22 PM, Murat Karakus <muratkarakus60@xxxxxxxxx> wrote:

> As far as I know Wireshark captures real packets sent to/from your machine's network cards/interfaces like Ethernet, wireless etc.

Wireshark captures real packets sent over anything on which libpcap/WinPcap can capture traffic.

Not everything on which libpcap/WinPcap can capture corresponds to an actual hardware network interface.  For example, on UN*Xes, there's a network interface called the "loopback" interface, which doesn't correspond to any hardware; it has a host on it with the IPv4 address 127.0.0.1, and packets sent on it are received by the networking stack on the same machine.  That is done purely in software.  On most UN*Xes - Linux, *BSD, OS X, Solaris 11 and later, possibly others - libpcap can capture traffic on the loopback interface.

> I could not understand how Wireshark can capture packets in a simulated/emulated network created such as Mininet. At the end, it is a simulation/emulation and no real packet is sent from/to my laptop's network cards/interfaces!

Perhaps it's sent on a software interface similar to the loopback interface, in which case libpcap can probably capture on it.