What you say!

Sometimes, when the intarweb-connection (da tubez) is crippled, I just fire up some ssh-connection and use SOCKS over that ssh-connection tunneled through that ssh-connection. In that case I can tell all my local applications to use a SOCKS-proxy at 127.0.0.1:$some_port – nifty nifty!

However, one application on that Windows-laptop simply refuses to work today (although it used to work yesterday) so I fired up Wireshark to figure out what could be wrong.

Started, went to “Capture -> Interfaces” and gazed. Where’s the loopback-device? You know, 127.0.0.1. Gazed again. S’not there. Hu. Started to read the Wireshark documentation, then started to read the Winpcap FAQ where I found that:

Q-13: Does WinPcap support the loopback device?

A: No. Only physical interfaces are supported. This is a limitation of Windows and not of WinPcap.

WTF? Argh…

4 Responses to What you say!

  1. John says:

    That’s odd. I’m positive that VMware Workstation uses a loopback device for networking. Perhaps the loopback has to be installed by other software?

  2. John: No, there is a loopback device in Windows, but you can’t hook your sniffer to it. It’s a Windows limitation which has impact on Wireshark.

    Cheers, Alex.

  3. Christophe says:

    Hi,

    Contrary to linux, there is actually no loopback interface on windows. Instead they did a very nasty trick in the TCP/IP layer, ie. there is nothing underneath. Hence there is no loopback adapter.

    On way around this is to setup a “mirror” tcp application on another machine (or a vmware), for example using socat. This will force the traffic to go through an actual adapter, allowing it to be capture with wireshark.

  4. Christophe:
    Well that’s an interesting concept; but does that also mean that you’ll find the “loopback”-traffic on some other regular interface? Or is this simply not sniffeable?

    Alex.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: