在调试SSL时要抓包,通过tcpview和minisniffer等工具明明看到tcp连接已经建立并开始收发数据了,但wireshark却总是无法抓到相应的数据包。
今天早上,HQ的高工告诉我“wireshark在windows下无法抓取localhost数据包”,得使用其他工具。
http://stackoverflow.com/questions/5847168/wireshark-localhost-traffic-capture
you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows.
最终使用RawCap搞定了:http://www.netresec.com/?page=RawCap
使用还是蛮简单的,就不多说了。