I have a local host webserver c++ code which runs on port 8080 on windows 10.
My first task is to test http requests and responses, and it's done properly with Postman.
But I have another task which is to capture those requests and responses via Wireshark(No other packet sniffing application).
Now, as far as I know it's no possible doing it unless one installs a loopback adapter, so I did it. But Wireshark still doesn't capture packets from and to port 8080.
Can sombedy please tell me what other configurations need to be done so it will be possible?
Probably your best option is to install and use Npcap instead of WinPcap. Be sure to install npcap's loopback adapter and capture on that interface and not on the Microsoft Loopback Adapter interface.
Another very good and simple option (if you're not required to use Wireshark) is to use RawCap instead of Wireshark.
Refer to the Wireshark Loopback capture setup wiki page for more details.
Related
I need to write my first socket program involving TCP connections. In the program I have created there is a client and server, both of which are the machine I am coding on.However,it requires that I pass the port number as a command line argument. How do I accomplish this?
The answer is simple : Make sure your server and your client agree on the port to use. As long as the port is available and can be used, set up the connected so that the client and server use that same port.
Here's a link that explain the different ranges available for TCP and UDP ports.
As an exemple, the port 3074 is used by microsoft for its Xbox live service. Making an application using this port might interfere with the service.
The port used will be defined either in a configuration file or hard-coded in the source code of both the server and the client. You should easily be able to find it with a quick look at the code or the directory which contains the application.
I want monitor HTTP traffic from BlueStacks so that I can debug web analytics tracking - any idea how?
For example, my application calles my server. I want to know what actual API my application actually called during testing.
I do not see any HTTP requests in Fidller even when using the BlueStacks.
I thought fiddler capture all internet request done by any software.
Actually you can use fiddler. You see, fiddler configures the winINET proxy to go through it (the one used by internet explorer and all other microsoft software, but sometimes even third pary software uses winINET proxy config - that is why some programs just magically work with fiddle). Some programs ignore wininet config completly and have their own method of setting a proxy (like firefox, chrome). And other programs, like bluestacks, have no support for proxy at all.
But you can force BlueStacks to go through the fiddler proxy. A tool which can do that, and which has a tutorial on this, is ProxyCap:
http://www.proxycap.com/bluestacks.html
Just use 127.0.0.1 as server and 8888 as port number in configuration of the proxies in proxycap. You must also add HD-Agent and HD-Frontend executables in the rules, as specified in the last part of the step-by-step guide.
Unfortunately, proxycap is a 30 day trial. You can use free proxifiers out there. Find something that supports http.
http://en.wikipedia.org/wiki/Comparison_of_proxifiers
I did manage to make this work with proxyCap myself and haven't tried anything else yet.
I think this is better for http traffic sniffing than wireshark which is for lower level network sniffing
Use ProxyCap to let Fiddler capture the trafic.
ProxyCap forwards all Bluestack communication to HTTP proxy (in this case our proxy is Fiddler).
The full step-by-step guide, how to redirect the Bluestack application traffic through proxy, is HERE.
Use 127.0.0.1:8888 as proxy address. That is the address of Fiddler on the local computer.
Today I tried Fiddler - ProxyCap - BlueStacks. It didn't work at first. After I added "HD-Plus-Service.exe" everything was Okay. It seems like new bluestacks versions don't use HD-Network.exe? Anyway my program list includes:
HD-Service.exe
HD-Agent.exe
HD-Frontend.exe
HD-Network.exe
HD-Plus-Service.exe
HD-LogRotatorService.exe
In 2019, Fiddler has been updated to support Proxy, just set up your BlueStacks to use Fiddler's proxy and you can capture all HTTP/HTTPS traffic going out from it.
In addition, for latest Bluestacks3 version here are the list of apps you need to add to your both program lists:
HD-Agent.exe ( from "C:\Program Files\Bluestacks\" )
HD-Player.exe ( from "C:\Program Files\Bluestacks\" )
Bluestacks.exe ( from where you installed Bluestacks )
Fiddler has a documentation regarding how to capture traffic of Android devices: https://docs.telerik.com/fiddler/configure-fiddler/tasks/ConfigureForAndroid. You can use the same config for bluestack
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this
I have written a small client server socket application. It is a proof of concept for some socket programming that I want to apply to a much bigger project.
For the moment I want to user wireshark to analyse the traffic that goes between them. They are both running on my local machine.
I have installed a loopback interface, and have tried to use wireshark with it.
No joy. Any ideas?
I have successfully analysed traffic between my machine and other machines no problems.
I have had a look here,
http://wiki.wireshark.org/CaptureSetup/Loopback
And I am not using the address 127.0.0.1 which they mention saying you can't capture traffic on 127.0.0.1
Thanks.
You might try creating a virtual machine to run your application and using wireshark on it.
Save yourself some grief and download Microsoft Network Monitor.
As good as Wireshark is on Unixen, Windows is a "special" case :)
How do I get command line utilities like ping to use the default proxy in Windows XP.
proxycfg -u sets the proxy to the default (IE) proxy alright, but it doesn't seem to be working.
Update: I am behind a proxy and would like a way to check if a site is up or not hence trying to use ping! Also would like a way to telnet (without using Putty) to a specific site and port to check connectivity.
A proxy is usually used for web (HTTP) traffic, ping uses ICMP, which is a completely separate protocol. What, exactly are you trying to do?
So, standard ping doesn't go via an HTTP proxy, as everyone's already mentioned. What you probably want is to tunnel your TCP connections (e.g., HTTP, telnet, ssh) via your HTTP proxy using the CONNECT method. For instance, using netcat (telnet will also work, but netcat's better) you'll do the following:
$ nc yourproxy 3128
CONNECT yourtelnetserver:23 HTTP/1.0
then press enter twice.
There are also tools that can do this for you. Keep in mind that some HTTP proxies are configured to allow CONNECT connections only to certain destinations, for example, to port 443 ony (for TLS/SSL/HTTPS).
Ping doesn't use TCP - it uses ICMP, so using a proxy doesn't really make sense.
Do you have another command line utility in mind?
Your best bet will probably be a command line browser for Windows.
You can try out lynx, which is nearly a full browser, or you can go something simpler and use wget. I would recommend wget myself.
Both programs have some way of configuring a proxy, and the documentation should be the same for both Linux and Windows versions.