Monitor data transmission on TCP/IP adress and/or Port using wireshark

Question

I made a C# program with a client and a server that comunicates fine between them. Information is received by the server and stored in a MySQL Database with no problems. However I wanted to use wireshark to monitor how safe/encrypted was the information and couldn't find the communication using wireshark. My program uses sockets to connect the server and client, on my test the server and client are running at adress 127.0.0.1 or local IP machine (something like 192.168.13.191), server listens/connects using port 3608 and client a much higher random port, and all the filters I used on wireshark return nothing. So far I tried:

• ip.addr == 127.0.0.1 (show only packages whose origin or destination are 127.0.0.1)
• ip.addr == 192.168.13.191 (same as above)
• tcp.port == 3608 (show only packages whose origin or destination is this port)
• tcp.port == client_port (same as above)
• tcp contains 01:00:00:3B (only packages with a few of the bytes I'm sending)

My idea was to find at least one message from the client to server and use the "Follow TCP stream" option from wireshark, but all these filters return a black screen when used individually. I have no idea why, because when I run netstat -a on a windows command I can see the program have a established connection and is also listening for new connections on port 3608. Anyone have any idea what is going on or what filter should I use? Operational system somehow is "redirecting" traffic from port 3608 to another?

Thanks!

Answer 1

Wireshark doesn't pick up loopback packets. You'll have to install the client or server on another machine and then try again.

EDIT: After doing some reading I've discovered that this really doesn't have anything to do with Wireshark but with the way WinPcap works. In any case, running the client or server on another machine will solve the problem.