Home page logo
/

wireshark logo Wireshark mailing list archives

Re: my traffic not captured
From: Anne Blankert <anne.blankert () geodan nl>
Date: Wed, 19 Mar 2014 15:52:25 +0100

On 19-3-2014 15:08, David Sheats, Friendly Computer Service wrote:
Hi folks,
I am writing a program that makes use of Windows Sockets, and I thought I might use Wireshark to watch the traffic go back and forth across my network. However, the Shark doesn't seem to capture the packets generated by my program. I send data from the client computer to the server computer using a regular TCP connection onto port 2022 of the server. I know the server is receiving the information, because it is able to print it on the screen. Wireshark seems to be capturing other data just fine, such as HTTP traffic on port 80, and VNC traffic (I use that to fiddle with my server so I don't have to walk back and forth between my computers). Switching promiscuous mode on or off doesn't seem to help. Also, it doesn't seem to make a difference whether I'm running Wireshark on the client or the server side of the connection. I am wondering if maybe it's the API call I'm using. I am using send() and recv() found in winsock2.h. Does this API call somehow bypass the driver that Shark uses to capture traffic? I'm a bit stymied, and would like to see my bytes flowing :-P
It would surprise me if your software would be able to bypass Wireshark. Are you sure you are capturing on the same interface as your client or server is listening on?

If client and server on the same host and you are using 'localhost', you should capture the loopback interface. If client and server are on different machines, you should capture on the same interface that client (or server) is using. Maybe you have multiple network cards (wifi + ethernet?) and traffice is flowing on the other card? If wireshark is on a seperate machine attached to the network between client and server, you may not see the traffic, because, by default, network switches will only send out packets on the client and server connections. You need to configure traffic mirroring from the client and server connections to the wireshark connection (only possible on managed switches).

Does any of the above apply to your case?

Anne
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]