How does wireshark capture local data packets?

In the windows system, the data packets sent to itself locally do not go through the real network interface, but are sent through the loopback interface, so it cannot be captured using winpcap which can only capture data from the real network interface. For local data packets, you need to use npcap. npcap is developed based on winpcap 4.1.3. The API is compatible with WinPcap and provides "npcap loopback adapter" to capture the data packets sent locally to itself.

Usage:

1. Download and install WireShark, the version number must be higher than 1.12.8 and 1.99.9, there is no need to install them if they are already installed. Please close them before installing npcap.

#wireshark download

# #2. Download and install npcap. If there is winpcap on this machine, please uninstall it first.

npcap下载

3. After the installation is complete, enter wireshark, open the menu "Capture->Options", and in the input interface of the pop-up dialog box, You can see the "npcap loopback adapter" interface, select the interface and start capturing.

End

The above is the detailed content of How does wireshark capture local data packets?. For more information, please follow other related articles on the PHP Chinese website!