https://stackoverflow.com/questions/18164876
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou'll need a WFP callout to capture layer-3 loopback packets. TCPIP has a fast-path for loopback that never reaches layer-2 in NDIS.
Is it possible to capture localhost packets (127.0.0.1 as destination) in NDIS layer?
Question
I am developing an NDIS 6 filter driver of Win7 and Win8 for WinPcap and Nmap. As you know, Nmap is a network scanner. A requirement of Nmap is to capture localhost packets like "ping 127.0.0.1", so that Nmap can test the local machine itself, too. However, it seems that the localhost packets will just return in the TCP/IP stack and never comes to the NDIS layer. Is there any way to resolve this issue? Like adding a loopback adapter or what? Thanks.
Solution
OTHER TIPS
You can capture localhost (127.0.0.1) traffic in Windows by using raw sockets. There is a great tool called RawCap that sniffs localhost and saves the captured packets in the PCAP format. http://www.netresec.com/?page=RawCap
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
