Sniffer for localhost (Windows OS)

WindowsDebuggingTcpPacket Sniffers

Windows Problem Overview

I am looking for a sniffer that can work with the loopback address in Windows.

So far, I found Microsoft Network Monitor which is a nice tool, but for localhost it's useless because on Windows, localhost packets don't pass through the regular network stack, so they're invisible to an ethernet sniffer like MS Network Monitor.

How do you debug applications that send data in the loopback mechanism? Any good (open source) sniffers that can work with localhost?

UPDATE: If you have experience with a tool, it would be nice to have a short description for future reference

Windows Solutions

Solution 1 - Windows

I was faced with this issue and got nowhere after a lot of research. Basically all available sniffers rely on the network driver stack, and Windows don't expose localhost calls through it.

What I ended up using was a tool called SocketSniffer, that peeks at Winsock's calls and monitor TCP, UDP socket connections. It helped me debug an application problem that only occurred in win 2k3.

Its download site is at http://www.nirsoft.net/utils/socket_sniffer.html

Note that this no longer works in Windows 8. Microsoft Message Analyzer is now capable of sniffing loopback traffic out of the box. Official blog post here: http://blogs.msdn.com/b/winsdk/archive/2014/08/15/rejoice-we-can-now-capture-loopback-traffic.aspx

Solution 2 - Windows

There is a new tool available for Windows that can capture looback / localhost network traffic. It is called RawCap and is available here: http://www.netresec.com/?page=RawCap

Just start RawCap like this to sniff the loopback interface: RawCap.exe 127.0.0.1 localhost.pcap

You can then open localhost.pcap in Wireshark or any other pcap analyzer to look at the capured traffic.

Btw. not only is RawCap able to sniff loopback traffic on Windows, it can also sniff your WiFi interface as well as PPP interfaces such as 3G/UMTS connections.

Solution 3 - Windows

I believe you can do http://localhost./ (note the period at the end) to force localhost packets through the regular network stack.

This works for getting http to be recognized by a tool like fiddler - not sure about other protocols.

Solution 4 - Windows

I have had such a issue when I want to monitor traffic on localhost after setting up SelfSSL on it. After searching about other useful tools, I found fidllre somehow suitable for my issue you should try this Fiddler for Http and Https

Hope this help you!

Solution 5 - Windows

I would recommend Wireshark, it can attach to any network device and offers some nice utilities to analize the traffic, plus it is free software.

Categories
Recommended Windows Solutions
Recommended Debugging Solutions
Recommended Tcp Solutions
Recommended Packet Sniffers Solutions

Previous Solution:

Windows Service not appearing in services list after install

C#Visual Studio-2008Windows ServicesSetup Deployment

Next Solution:

How much faster is it to use inline/base64 images for a web site than just linking to the hard file?

HtmlImageRenderingInlineBase64

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestioncitnView Question on Stackoverflow
Solution 1 - WindowsRafael NobreView Answer on Stackoverflow
Solution 2 - WindowsErikView Answer on Stackoverflow
Solution 3 - WindowsMichael GattusoView Answer on Stackoverflow
Solution 4 - WindowsGholamreza FathpourView Answer on Stackoverflow
Solution 5 - WindowspsychoschlumpfView Answer on Stackoverflow