[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] capturing traffic on a virtual interface
From: Brian K <knairb01 () yahoo ! com>
Date: 2009-07-30 16:30:16
Message-ID: 945758.12524.qm () web110314 ! mail ! gq1 ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks for the help, Sake and Guy.
________________________________
From: Guy Harris <guy@alum.mit.edu>
To: Community support list for Wireshark <wireshark-users@wireshark.org>
Sent: Thursday, July 30, 2009 12:53:01 AM
Subject: Re: [Wireshark-users] capturing traffic on a virtual interface
On Jul 29, 2009, at 10:49 PM, Sake Blok wrote:
> No, if you are browsing the site (which is hoted on the VM) from
> within
> the VM,
...or if you are browsing a site hosted on *any* machine (real or
virtual) from the same machine...
> then the traffic won't pass the NIC driver and won't pass the
> WinPcap capture engine.
This is a limitation of the way the Windows networking stack works.
Solaris has a similar problem; on some other UN*Xes, you can capture
that traffic, *but* you have to capture on the OS's "loopback" device
("lo" on Linux, "lo0" on *BSD, Mac OS X, and Digital/Tru64 UNIX).
See
http://wiki.wireshark.org/CaptureSetup/Loopback
for details.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[Attachment #5 (text/html)]
<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:times new roman,new \
york,times,serif;font-size:12pt"><div>Thanks for the help, Sake and \
Guy.<br></div><div style="font-family: times new roman,new york,times,serif; \
font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: \
13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: \
bold;">From:</span></b> Guy Harris <guy@alum.mit.edu><br><b><span \
style="font-weight: bold;">To:</span></b> Community support list for Wireshark \
<wireshark-users@wireshark.org><br><b><span style="font-weight: \
bold;">Sent:</span></b> Thursday, July 30, 2009 12:53:01 AM<br><b><span \
style="font-weight: bold;">Subject:</span></b> Re: [Wireshark-users] capturing \
traffic on a virtual interface<br></font><br> <br>On Jul 29, 2009, at 10:49 PM, Sake \
Blok wrote:<br><br>> No, if you are browsing the site (which is hoted on the VM) \
from <br>> within<br>> the VM,<br><br>...or if you are browsing a site \
hosted on *any* machine (real or <br>virtual) from the same \
machine...<br><br>> then the traffic won't pass the NIC driver and won't pass \
the<br>> WinPcap capture engine.<br><br>This is a limitation of the way the \
Windows networking stack works. <br>Solaris has a similar problem; on some \
other UN*Xes, you can capture <br>that traffic, *but* you have to capture on \
the OS's "loopback" device <br>("lo" on Linux, "lo0" on *BSD, Mac OS X, and \
Digital/Tru64 UNIX).<br><br>See<br><br><span> <a target="_blank" \
href="http://wiki.wireshark.org/CaptureSetup/Loopback">http://wiki.wireshark.org/CaptureSetup/Loopback</a></span><br><br>for
details.<br>___________________________________________________________________________<br>Sent \
via: Wireshark-users mailing list <<a \
ymailto="mailto:wireshark-users@wireshark.org" \
href="mailto:wireshark-users@wireshark.org">wireshark-users@wireshark.org</a>><br><span>Archives: \
<a target="_blank" \
href="http://www.wireshark.org/lists/wireshark-users">http://www.wireshark.org/lists/wireshark-users</a></span><br>Unsubscribe: \
<a href="https://wireshark.org/mailman/options/wireshark-users" \
target="_blank">https://wireshark.org/mailman/options/wireshark-users</a><br> \
mailto:<a \
ymailto="mailto:wireshark-users-request@wireshark.org" \
href="mailto:wireshark-users-request@wireshark.org">wireshark-users-request@wireshark.org</a>?subject=unsubscribe<br></div></div></div><br>
</body></html>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic