Knowledge Base
Showing results for 
Search instead for 
Did you mean: 

How to capture localhost traffic with Wireshark to help troubleshoot EWS communication issues.


When the EWS is installed on the same machine using the service then all packets will be going to the localhost and will not hit the NIC so will not be captured in a Wireshark packet capture.


Security Expert


Packets sent between services on the same machine (like SOAP and EWS) do not hit the NIC and therefore cannot be captured with the default configuration of Wireshark using the WinPcap packet sniffing library. 


Replace WinPcap with Npcap to emulate a loopback NIC for packet capture.

  1. Go to for details on the library.
  2. Download the library installer from
  3. Uninstall WinPcap.
  4. Install Npcap.
  5. Npcap will create an adapter named Npcap Loopback Adapter for you. In Wireshark choose this adapter to capture, you will see all loopback traffic the same way as other non-loopback adapters.
  6. You can test this out by typing in commands like "ping" (IPv4)  or "ping ::1" (IPv6).
Tags (1)
Version history
Revision #:
2 of 2
Last update:
a week ago
Updated by: