Capturing Internal Traffic with Virtual Loopback & Wireshark on XP

Posted: May 18th, 2010 | Author: admin | Filed under: networking | 1 Comment »

Create Loopback Interface on Windows XP

Select “Start”->“Settings”->”Control Panel”

$C:\dev\wireshark\images\Image-0000.png C:\dev\wireshark\images\Image-0000.png$

Double click “Add Hardware”

$C:\dev\wireshark\images\Image-0001.png C:\dev\wireshark\images\Image-0001.png$

Click “Next” and select “Yes, I have already connected to the hardware”.

$C:\dev\wireshark\images\Image-0003.png C:\dev\wireshark\images\Image-0003.png$

Select “Add a new hardware device” and click “Next”.�

$C:\dev\wireshark\images\Image-0005.png C:\dev\wireshark\images\Image-0005.png$

Click “Install the hardware that I manually select from a list(Advanced)” and then “Next”.

$C:\dev\wireshark\images\Image-0006.png C:\dev\wireshark\images\Image-0006.png$

Follow the following screenshots to finish installing the loopback device

$C:\dev\wireshark\images\Image-0007.png C:\dev\wireshark\images\Image-0007.png$

$C:\dev\wireshark\images\Image-0008.png C:\dev\wireshark\images\Image-0008.png$

$C:\dev\wireshark\images\Image-0009.png C:\dev\wireshark\images\Image-0009.png$ $C:\dev\wireshark\images\Image-0010.png C:\dev\wireshark\images\Image-0010.png$

Follow the following screenshots to configure the loopback device.� I give the device an IP of 192.168.100.2, with network mask of 255.255.255.0, and gateway of 192.168.100.1.

$C:\dev\wireshark\images\Image-0011.png C:\dev\wireshark\images\Image-0011.png$

$C:\dev\wireshark\images\Image-0012.png C:\dev\wireshark\images\Image-0012.png$

$C:\dev\wireshark\images\Image-0013.png C:\dev\wireshark\images\Image-0013.png$

Assign IP address, subnet mask, and default gateway.

$C:\dev\wireshark\images\Image-0014.png C:\dev\wireshark\images\Image-0014.png$

Run “ipconfig /all” to get the mac ID assigned to this loopback device . Windows assign 02-00-4C-4F-4F-50 for my MAC ID.

Add the ARP entry for this loopback device, using the MAC ID from last step.

$C:\dev\wireshark\images\Image-0016.png C:\dev\wireshark\images\Image-0016.png$

Testing this device by pinging it.

$C:\dev\wireshark\images\Image-0017.png C:\dev\wireshark\images\Image-0017.png$

Now you should be able to see this device and monitor traffic through this device from Wireshark.

$C:\dev\wireshark\images\Image-0018.png C:\dev\wireshark\images\Image-0018.png$

$C:\dev\wireshark\images\Image-0019.png C:\dev\wireshark\images\Image-0019.png$

Remove the Loopback Device

$C:\dev\wireshark\images\Image-0020.png C:\dev\wireshark\images\Image-0020.png$

$C:\dev\wireshark\images\Image-0021.png C:\dev\wireshark\images\Image-0021.png$

$C:\dev\wireshark\images\Image-0022.png C:\dev\wireshark\images\Image-0022.png$

Troubleshooting

Problem 1: WIreshark could not detect the loopback device

Solution: If you don’t see the loopback device after clicking the “List the available capture interfaces” button. Try restart your machine.

$C:\dev\wireshark\images\Image-0030.png C:\dev\wireshark\images\Image-0030.png$

When it works, Wireshark should detect the loopback device and display it in its Capture Interfaces list.

$C:\dev\wireshark\images\Image-0029.png C:\dev\wireshark\images\Image-0029.png$

Problem 2: The loopback interface does show in the Capture Interface list but there is no packets captured!!

Solution:

Check the ARP table

Make sure there is an entry for the loopback device in the ARP table. To check, type “arp –a” at the command prompt.

� $C:\dev\wireshark\images\Image-0033.png C:\dev\wireshark\images\Image-0033.png$

If there is no entry for the loopback device, add it as followed:

$C:\dev\wireshark\images\Image-0032.png C:\dev\wireshark\images\Image-0032.png$

Check the routing table

Make sure the packets for 192.168.100.2 is routed corrected to the loopback interface (with 192.168.100.2 IP address). A common mistake is that there is a route of higher priority to the real loopback interface(127.0.0.1).

$C:\dev\wireshark\images\Image-0034.png C:\dev\wireshark\images\Image-0034.png$

To add a static route for packets for 192.168.100.2 to the loopback device, do as followed:

$C:\dev\wireshark\images\Image-0031.png C:\dev\wireshark\images\Image-0031.png$

One Comment on “Capturing Internal Traffic with Virtual Loopback & Wireshark on XP”

1 Karla said at 5:51 pm on January 23rd, 2012:
Thanks for all of your work on this web page. I am looking forward to reading more of your posts in the future.

ShallWeLearn Tech Blog

Model-Driven Development, Eclipse, Google, Mobile Development, Networking, and Database

Capturing Internal Traffic with Virtual Loopback & Wireshark on XP

One Comment on “Capturing Internal Traffic with Virtual Loopback & Wireshark on XP”

Leave a Reply

Pages

Categories

Archives

Meta

ShallWeLearn Tech Blog

Model-Driven Development, Eclipse, Google, Mobile Development, Networking, and Database

Capturing Internal Traffic with Virtual Loopback & Wireshark on XP

One Comment on “Capturing Internal Traffic with Virtual Loopback & Wireshark on XP”

Leave a Reply

Pages

Categories

Archives

Tags

Meta