Sometimes, when the intarweb-connection (da tubez) is crippled, I just fire up some ssh-connection and use SOCKS over that ssh-connection tunneled through that ssh-connection. In that case I can tell all my local applications to use a SOCKS-proxy at 127.0.0.1:$some_port – nifty nifty!
However, one application on that Windows-laptop simply refuses to work today (although it used to work yesterday) so I fired up Wireshark to figure out what could be wrong.
Started, went to “Capture -> Interfaces” and gazed. Where’s the loopback-device? You know, 127.0.0.1. Gazed again. S’not there. Hu. Started to read the Wireshark documentation, then started to read the Winpcap FAQ where I found that:
Q-13: Does WinPcap support the loopback device?
A: No. Only physical interfaces are supported. This is a limitation of Windows and not of WinPcap.
WTF? Argh…
Blog of too many things 
That’s odd. I’m positive that VMware Workstation uses a loopback device for networking. Perhaps the loopback has to be installed by other software?
John: No, there is a loopback device in Windows, but you can’t hook your sniffer to it. It’s a Windows limitation which has impact on Wireshark.
Cheers, Alex.
Hi,
Contrary to linux, there is actually no loopback interface on windows. Instead they did a very nasty trick in the TCP/IP layer, ie. there is nothing underneath. Hence there is no loopback adapter.
On way around this is to setup a “mirror” tcp application on another machine (or a vmware), for example using socat. This will force the traffic to go through an actual adapter, allowing it to be capture with wireshark.
Christophe:
Well that’s an interesting concept; but does that also mean that you’ll find the “loopback”-traffic on some other regular interface? Or is this simply not sniffeable?
Alex.