在調試SSL時要抓包,通過tcpview和minisniffer等工具明明看到tcp連接已經建立並開始收發數據了,但wireshark卻總是無法抓到相應的數據包。
今天早上,HQ的高工告訴我“wireshark在windows下無法抓取localhost數據包”,得使用其他工具。
http://stackoverflow.com/questions/5847168/wireshark-localhost-traffic-capture
you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows.
最終使用RawCap搞定了:http://www.netresec.com/?page=RawCap
使用還是蠻簡單的,就不多說了。