Sniff localhost

My WCF services are using basic authentication over https. To prove this is a safe combination I wanted to sniff the trafic between client and host. Problem is a tool like Wireshark cannot sniff localhost. You’ll find good explanation why here.

The solution is to use the Microsoft Loopback adapter. Below the steps I took to get it working on my Windows 7 machine:

  1. install the loopback adapter (not working link)
    install the loopback adapter
  2. assign ip address to the loopback adapter
  3. in WCF use (C# Sample):
    • “localhost” for hosting the service
    • “” to connect from clients
  4. download rawcap
  5. start commandline rawcap to capture trafic over to loopback.cap file
    rawcap loopback.cap
  6. Do your testing. You’ll see the number of rawcap Packets increase
  7. <CTRL> + c to stop rawcap
  8. Load the loopback.cap file in Wireshark for viewing
  9. Select the first packet with source and destination and pick context menu “Follow TCP stream”

Left the unencrypted messages with the Authorization header in the black box. Right the captured SSL trafic, not actual readble. Conversation is about twice the size though.

edit: Added C# Sample

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.
This entry was posted in Tooling and tagged , , , , , , , , . Bookmark the permalink.

1 Response to Sniff localhost

  1. Pingback: Best Off .NET development by Eric | .NET Development by Eric

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.