On Wed, Apr 11, 2012 at 3:59 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> Branko Čibej wrote on Wed, Apr 11, 2012 at 15:46:38 +0200:
>> On 11.04.2012 13:52, Daniel Shahaf wrote:
>> > Johan Corveleyn wrote on Wed, Apr 11, 2012 at 13:43:57 +0200:
>> >> If anyone has any suggestions on capturing network traffic on
>> >> localhost on Windows XP ... I'm all ears.
>> >>
>> >> Maybe the easiest thing to do is to set up Apache on a second machine,
>> >> so I don't have to go over the loopback device ...
>> >>
>> > One option: don't use the loopback device, use some other interface.
>> >
>> > That is, have httpd listen on 0.0.0.0 and pass --url=http://192.168.9.199
>> > to foo_tests.py, where 192.168.9.199 is your externally-visible
>> > IP address.
>>
>> The traffic will still get routed through the loopback device if it's on
>> the same machine. At least I hope so, though could be that Microsoft has
>> another "enhancement" in their TCP stack in this regard.
>>
>> brane_at_zulu:~$ ifconfig en0
>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
>> ether 34:15:9e:03:09:74
>> inet6 fe80::3615:9eff:fe03:974%en0 prefixlen 64 scopeid 0x4
>> inet 172.23.17.71 netmask 0xffffff00 broadcast 172.23.17.255
>> media: autoselect (1000baseT <full-duplex,flow-control>)
>> status: active
>> brane_at_zulu:~$ route get 172.23.17.71
>> route to: 172.23.17.71
>> destination: 172.23.17.71
>> interface: lo0
>> flags: <UP,HOST,DONE,STATIC>
>> recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
>> 49152 49152 0 0 0 0 16384 0
>>
>
> Good point. To avoid this I assume Johan could explicitly set the route
> for 172.23.17.71 to be a local router, or do the Windows equivalent of
> 'ifconfig lo0 down'.
For some reason, I couldn't get that to work. I added an explicit
route to my real ip address to go via the router. But somehow, all
requests going that way timed out.
However, I found another way to get it work, to be able to capture
from the loopback device. It was described on the Wireshark Wiki after
all [1], under "Windows", in the section "IP Other".
Summarizing here for posterity:
1) Install the virtual network card called "Microsoft Loopback
Adapter" (for XP: Add new hardware | Choose from a list | Choose
Network Adapters | Microsoft | Microsoft Loopback Adapter).
2) Go to the network settings of the new "Loopback Adapter". Set IP to
something like 10.0.0.10, netmask 255.255.255.0.
3) Reboot (this isn't mentioned anywhere, and Windows doesn't ask for
it, but if you don't then Wireshark will not see the new adapter).
4) ipconfig /all and look at the MAC-ID for your new adapter.
5) arp -s 10.0.0.10 <MAC-ID> (despite what the "arp" tool says, this
arp entry wasn't persistent in my case ... so you might have to redo
this after a reboot)
6) route add 10.0.0.10 10.0.0.10 mask 255.255.255.255 (add -p option
to make this persistent accross reboots)
7) Now fire up Apache, and test with "telnet 10.0.0.10 80" or something similar.
The "Microsoft Loopback Adapter" can be chosen from the available
Interfaces in Wireshark, so traffic can be captured.
Now, the actual captures will have to wait another day. It's getting a
bit late now ...
--
Johan
[1] http://wiki.wireshark.org/CaptureSetup/Loopback
Received on 2012-04-12 02:06:46 CEST