KB Article | Forcepoint Support

Problem Description

Capturing traffic on the Loopback interface may be desired for testing or troubleshooting purposes.


These instruction are native to Windows and uses a third party product named RawCap.
  1. Download RawCap.
  2. Open Command Prompt and navigate to the directory where RawCap.exe is located. 
  3. Type the following command to start the capture: RawCap.exe localhost_capture.pcap
    • A separate window will pop up showing the packet count increasing:
User-added image
  1. To stop the capture, press CTRL+C.
  2. The localhost_capture.pcap will be saved in the same location where RawCap.exe is located. This pcap can then be opened in Wireshark for investigation. 

Article Feedback

Thank you for the feedback and comments.