KB Article | Forcepoint Support

Problem Description

Capturing traffic on the loopback interface (127.0.0.1) may be desired for testing or troubleshooting purposes.

Resolution

These instruction are native to Windows and uses a third party product named RawCap.
  1. Download RawCap.
  2. Open Command Prompt and navigate to the directory where RawCap.exe is located. 
  3. Type the following command to start the capture: RawCap.exe 127.0.0.1 localhost_capture.pcap
    • A separate window will pop up showing the packet count increasing:
User-added image
  1. To stop the capture, press CTRL+C.
  2. The localhost_capture.pcap will be saved in the same location where RawCap.exe is located. This pcap can then be opened in Wireshark for investigation. 


Keywords: capture loopback traffic; capture loopback; loopback; traffic capture; capture traffic; network traffic; Packet Capture Instructions; Loop Back Address; Wireshark; Rawcap;

Article Feedback



Thank you for the feedback and comments.