KB Article | Forcepoint Support

Problem Description

Capturing traffic on the Loopback interface may be desired for testing or troubleshooting purposes.

Resolution

These instruction are native to Windows and uses a third party product named RawCap.
  1. Download RawCap.
  2. Open Command Prompt and navigate to the directory where RawCap.exe is located. 
  3. Type the following command to start the capture: RawCap.exe 127.0.0.1 localhost_capture.pcap
    • A separate window will pop up showing the packet count increasing:
User-added image
  1. To stop the capture, press CTRL+C.
  2. The localhost_capture.pcap will be saved in the same location where RawCap.exe is located. This pcap can then be opened in Wireshark for investigation. 

Article Feedback



Thank you for the feedback and comments.