On Mar 19, 2014, at 7:52 AM, Anne Blankert <anne.blankert@xxxxxxxxx> wrote:
> If client and server on the same host and you are using 'localhost', you should capture the loopback interface.
If you're running Wireshark on Windows (which he's probably doing, given the "winsock2.h" in his comment), you might not *have* a loopback interface, or it might not do what somebody used to UN*Xes thinks it does:
http://wiki.wireshark.org/CaptureSetup/Loopback
However, I infer from
Also, it doesn't seem to make a difference whether I'm running Wireshark on the client or the server side of the connection.
that the client and server are separate machines.
> If wireshark is on a seperate machine attached to the network between client and server,
As per the above quote message, he's trying running on the server and running on the client, so he doesn't appear to be doing a "third-party" passive capture. If you are, however, then, if the traffic is going over a switched Ethernet, then:
> you may not see the traffic, because, by default, network switches will only send out packets on the client and server connections. You need to configure traffic mirroring from the client and server connections to the wireshark connection (only possible on managed switches).
see
http://wiki.wireshark.org/CaptureSetup/Ethernet
for information on that and, if it's going over a Wi-Fi network, see
http://wiki.wireshark.org/CaptureSetup/WLAN
(and note that it's not very encouraging about trying to do third-party Wi-Fi captures on Windows).
