'Re: [Wireshark-users] capturing traffic on a virtual interface'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] capturing traffic on a virtual interface
From:       Brian K <knairb01 () yahoo ! com>
Date:       2009-07-30 16:30:16
Message-ID: 945758.12524.qm () web110314 ! mail ! gq1 ! yahoo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Thanks for the help, Sake and Guy.




________________________________
From: Guy Harris <guy@alum.mit.edu>
To: Community support list for Wireshark <wireshark-users@wireshark.org>
Sent: Thursday, July 30, 2009 12:53:01 AM
Subject: Re: [Wireshark-users] capturing traffic on a virtual interface


On Jul 29, 2009, at 10:49 PM, Sake Blok wrote:

> No, if you are browsing the site (which is hoted on the VM) from  
> within
> the VM,

...or if you are browsing a site hosted on *any* machine (real or  
virtual) from the same machine...

> then the traffic won't pass the NIC driver and won't pass the
> WinPcap capture engine.

This is a limitation of the way the Windows networking stack works.  
Solaris has a similar problem; on some other UN*Xes, you can capture  
that traffic, *but* you have to capture on the OS's "loopback" device  
("lo" on Linux, "lo0" on *BSD, Mac OS X, and Digital/Tru64 UNIX).

See

    http://wiki.wireshark.org/CaptureSetup/Loopback

for details.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe



      
[Attachment #5 (text/html)]

<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:times new roman,new \
york,times,serif;font-size:12pt"><div>Thanks for the help, Sake and \
Guy.<br></div><div style="font-family: times new roman,new york,times,serif; \
font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: \
13px;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: \
bold;">From:</span></b> Guy Harris &lt;guy@alum.mit.edu&gt;<br><b><span \
style="font-weight: bold;">To:</span></b> Community support list for Wireshark \
&lt;wireshark-users@wireshark.org&gt;<br><b><span style="font-weight: \
bold;">Sent:</span></b> Thursday, July 30, 2009 12:53:01 AM<br><b><span \
style="font-weight: bold;">Subject:</span></b> Re: [Wireshark-users] capturing \
traffic on a virtual interface<br></font><br> <br>On Jul 29, 2009, at 10:49 PM, Sake \
Blok wrote:<br><br>&gt; No, if you are browsing the site (which is hoted on the VM) \
from&nbsp; <br>&gt; within<br>&gt; the VM,<br><br>...or if you are browsing a site \
hosted on *any* machine (real or&nbsp; <br>virtual) from the same \
machine...<br><br>&gt; then the traffic won't pass the NIC driver and won't pass \
the<br>&gt; WinPcap capture engine.<br><br>This is a limitation of the way the \
Windows networking stack works.&nbsp;  <br>Solaris has a similar problem; on some \
other UN*Xes, you can capture&nbsp; <br>that traffic, *but* you have to capture on \
the OS's "loopback" device&nbsp; <br>("lo" on Linux, "lo0" on *BSD, Mac OS X, and \
Digital/Tru64 UNIX).<br><br>See<br><br><span>&nbsp;&nbsp;&nbsp; <a target="_blank" \
href="http://wiki.wireshark.org/CaptureSetup/Loopback">http://wiki.wireshark.org/CaptureSetup/Loopback</a></span><br><br>for
  details.<br>___________________________________________________________________________<br>Sent \
via:&nbsp; &nbsp; Wireshark-users mailing list &lt;<a \
ymailto="mailto:wireshark-users@wireshark.org" \
href="mailto:wireshark-users@wireshark.org">wireshark-users@wireshark.org</a>&gt;<br><span>Archives:&nbsp; \
&nbsp; <a target="_blank" \
href="http://www.wireshark.org/lists/wireshark-users">http://www.wireshark.org/lists/wireshark-users</a></span><br>Unsubscribe: \
<a href="https://wireshark.org/mailman/options/wireshark-users" \
target="_blank">https://wireshark.org/mailman/options/wireshark-users</a><br>&nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;  mailto:<a \
ymailto="mailto:wireshark-users-request@wireshark.org" \
href="mailto:wireshark-users-request@wireshark.org">wireshark-users-request@wireshark.org</a>?subject=unsubscribe<br></div></div></div><br>


      </body></html>



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic