mailing list archives
Re: my traffic not captured
From: Anne Blankert <anne.blankert () geodan nl>
Date: Wed, 19 Mar 2014 15:52:25 +0100
On 19-3-2014 15:08, David Sheats, Friendly Computer Service wrote:
It would surprise me if your software would be able to bypass Wireshark.
Are you sure you are capturing on the same interface as your client or
server is listening on?
I am writing a program that makes use of Windows Sockets, and I
thought I might use Wireshark to watch the traffic go back and forth
across my network. However, the Shark doesn't seem to capture the
packets generated by my program.
I send data from the client computer to the server computer using
a regular TCP connection onto port 2022 of the server. I know the
server is receiving the information, because it is able to print it on
Wireshark seems to be capturing other data just fine, such as
HTTP traffic on port 80, and VNC traffic (I use that to fiddle with my
server so I don't have to walk back and forth between my computers).
Switching promiscuous mode on or off doesn't seem to help. Also, it
doesn't seem to make a difference whether I'm running Wireshark on the
client or the server side of the connection.
I am wondering if maybe it's the API call I'm using. I am using
send() and recv() found in winsock2.h. Does this API call somehow
bypass the driver that Shark uses to capture traffic? I'm a bit
stymied, and would like to see my bytes flowing :-P
If client and server on the same host and you are using 'localhost', you
should capture the loopback interface.
If client and server are on different machines, you should capture on
the same interface that client (or server) is using. Maybe you have
multiple network cards (wifi + ethernet?) and traffice is flowing on the
If wireshark is on a seperate machine attached to the network between
client and server, you may not see the traffic, because, by default,
network switches will only send out packets on the client and server
connections. You need to configure traffic mirroring from the client and
server connections to the wireshark connection (only possible on managed
Does any of the above apply to your case?
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe