Knowledge Base
cancel
Showing results for 
Search instead for 
Did you mean: 

How to capture localhost traffic with Wireshark to help troubleshoot EWS communication issues.

Issue

When the EWS is installed on the same machine using the service then all packets will be going to the localhost and will not hit the NIC so will not be captured in a Wireshark packet capture.

Environment

Security Expert
EBO

Cause

Packets sent between services on the same machine (like SOAP and EWS) do not hit the NIC and therefore cannot be captured with the default configuration of Wireshark using the WinPcap packet sniffing library. 

Resolution

Replace WinPcap with Npcap to emulate a loopback NIC for packet capture.

  1. Go to https://nmap.org/npcap/ for details on the library.
  2. Download the library installer from https://nmap.org/npcap/#download
  3. Uninstall WinPcap.
  4. Install Npcap.
  5. Npcap will create an adapter named Npcap Loopback Adapter for you. In Wireshark choose this adapter to capture, you will see all loopback traffic the same way as other non-loopback adapters.
  6. You can test this out by typing in commands like "ping 127.0.0.1" (IPv4)  or "ping ::1" (IPv6).
Tags (1)
Version history
Revision #:
2 of 2
Last update:
a week ago
Updated by:
 
Contributors