Friday, June 5, 2015

Monitoring localhost to localhost Restful calls in Windows 7 (Monitor Windows 7 localhost traffic in wireshark)

Easy way: Force all localhost traffic thru your network card.

If you run route print you would see something like this

Here is my local ipv4 address. As you can see any request to that ipaddress is short circuited by the operating system. It doesn't go thru my network card. To see the local host traffic in wireshark you need to perform these two steps

1>Modify routes to send all traffic for local ip address thru your default gateway (in this case

route delete
route ADD  MASK

(This change is temporary. These changes will be lost when you restart your machine. to make these chages persistent use route -p instead of route)

2>Instead of localhost use your local ipaddress in all urls.

There you are all set!

An Alternative way

1>  Install microsoft loopback adapter.

2>Make sure you can ping loop back adapter by its static ip address. Otherwise further steps would fail.

After successfully completing this step, restart the machine.

2>Install Wireshark. (with winpcap, when prompted)
 If wireshark is already installed, reinstall after restart. Otherwise Wireshark won't see this new network interface.

3>Install rawcap

4>Start rawcap by double clicking it. Select the  Loop back adapter when prompted.

5>After you have captured all the traffic you need, stop rawcap by pressing ctrl+c.

6>Now doubleclick and open dumpfile.pcap.

I tested this for tomcat and IIS. 

No comments:

Post a Comment

Comments will appear once they have been approved by the moderator