LabVIEW Craftsmen
  • Blog
  • About
  • Contact
  • Tools
  • Resources

Simple Way to Monitor Localhost Network Traffic on Windows

8/21/2015

4 Comments

 
Jon McBee
I was recently writing a TCP connector for MySQL so that I could call it from both 64-bit LabVIEW and LabVIEW RT and I realized that I needed a way to spy on my localhost network traffic for debug purposes.  So I fired up WireShark, but it turns out that WireShark can't see localhost traffic because localhost traffic is not sent over a real network interface.
Picture
You can't capture on the local loopback address 127.0.0.1 with WinPcap because...
You can, however, use a raw socket sniffer like RawCap to capture localhost network traffic in Windows.  When you launch RawCap you will see this simple interface:
Picture
If you want to monitor your loopback address simply hit "5" on your keyboard to select the loopback pseudo-interface.
Picture
Give it a file to save the capture to, and be sure to give the file a *.pcap extension so that you can open it with WireShark.
Picture
As soon as you hit enter RawCap will start capturing traffic on the loopback interface.  You should be able to watch the "Packets" count grow.  Once RawCap is running go ahead and fire up the process you want to monitor.  Once you are done capturing data, hit "Ctrl+C" to stop your capture and close RawCap.
Picture
You can now open your Test.pcap file with wireshark, and you will see that every 5 seconds National Instruments is doing something over localhost...
Picture
Hope this is helpful!
Jon McBee is a Principal Software Engineer at Cambridge NanoTech and is a Certified LabVIEW Architect, Certified LabVIEW Embedded Developer, Certified TestStand Developer, an NI Certified Professional Instructor, and a LabVIEW Champion
4 Comments
Thoric
8/24/2015 01:11:26 am

Very useful, thanks Jon!

Reply
Jim Fowler
11/17/2015 11:50:47 am

This tool has so many uses - debugging HTTP headers when a server is picky, documenting and mimicking the protocol of a proprietary device (hypothetically speaking, of course), or maybe discovering which ports something is really using, regardless of its documentation.

Great post! Wishing I'd found your blog sooner.

Reply
Yang Luo link
3/24/2016 10:02:33 pm

Please try Npcap: https://github.com/nmap/npcap, it is based on WinPcap and supports loopback traffic capturing on Windows. Npcap is a subproject of Nmap (http://nmap.org/), so please report any issues on Nmap's development list (http://seclists.org/nmap-dev/).

Reply
Nikolai Safronov
5/25/2016 09:22:47 am

Thanks! Great post!

Reply



Leave a Reply.

    RSS Feed

    Tags

    All
    Abstract Messaging
    Actor Framework
    Agile
    AI
    Asynchronous Programming
    Best Practices
    C#
    Complexity
    Continuations
    Control Values By Index
    Craftsmanship
    Dependency Inversion
    Dependency Viewer
    Futures/Promises
    Genetic Algorithm
    Liskov Substitution
    Mediator Pattern
    .NET
    Object Oriented
    Object-Oriented
    Packed Project Library
    Parallelism
    Pub/Sub
    RawCap
    Root Loop
    Scrum
    Task Parallel Library
    TCP/IP
    TDD
    Test Engineering
    UML
    Unit Test
    VI Scripting
    VI Server
    WireShark

    Archives

    January 2017
    December 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    August 2015
    February 2015
    January 2015

    LabVIEW Blogs

    Eyes on VIs
    LabVIEW Hacker
    VI Shots
    LabVIEW Artisan
    Software Engineering for LabVIEW
    ​Wiresmith Techology
Picture
Powered by the Panda Ant
  • Blog
  • About
  • Contact
  • Tools
  • Resources