Sniffer for localhost (Windows OS)

Issue

I am looking for a sniffer that can work with the loopback address in Windows.

So far, I found Microsoft Network Monitor which is a nice tool, but for localhost it’s useless because on Windows, localhost packets don’t pass through the regular network stack, so they’re invisible to an ethernet sniffer like MS Network Monitor.

How do you debug applications that send data in the loopback mechanism? Any good (open source) sniffers that can work with localhost?

UPDATE: If you have experience with a tool, it would be nice to have a short description for future reference

Solution

I was faced with this issue and got nowhere after a lot of research. Basically all available sniffers rely on the network driver stack, and Windows don’t expose localhost calls through it.

What I ended up using was a tool called SocketSniffer, that peeks at Winsock’s calls and monitor TCP, UDP socket connections. It helped me debug an application problem that only occurred in win 2k3.

Its download site is at http://www.nirsoft.net/utils/socket_sniffer.html

Note that this no longer works in Windows 8. Microsoft Message Analyzer is now capable of sniffing loopback traffic out of the box. Official blog post here: Link

Answered By – Rafael Nobre

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published