Saturday, March 19, 2011

Powershell script to enable windows to capture localhost traffic in wireshark

If you want to understand why the following scripts work read this post. Otherwise just paste the following into an elevated powershell window:

Setup windows networking to allow localhost capturing in wireshark: 
# Find the network configuration that has the default gateway.
$defaultAdapter = Get-WMIObject Win32_NetworkAdapterConfiguration | ? {$_.DefaultIPGateway}
if (@($defaultAdapter).Length -ne 1) {throw "You don't have 1 default gateway, your network configuration is not supported" } 
# Route local IP address via the default gateway
route add $defaultAdapter.IPAddress[0] $defaultAdapter.DefaultIPGateway
Write-Host "Start capturing on localhost by connecting to $($defaultAdapter.IPAddress[0])"

Return windows networking to normal configuration:




# Find the network configuration that has the default gateway.
$defaultAdapter = Get-WMIObject Win32_NetworkAdapterConfiguration | ? {$_.DefaultIPGateway}
if (@($defaultAdapter).Length -ne 1) {throw "You don't have 1 default gateway, your network configuration is not supported" } 

# Stop routing localhost traffic to the router.
route delete $defaultAdapter.IPAddress[0]

Remember, you won’t see traffic to localhost (127.0.0.1) but traffic to your network adapter’s IP address as listed in the script.


Posted by at
Labels: ,

3 comments:

  1. venugopalOctober 15, 2011 at 1:48 AM

    Thanks for the sharing of such information. we will pass it on to our readers. This is a great reading. Thanking you.

    Windows Network Setup

    ReplyDelete
  2. Todaydownload.comJune 28, 2012 at 5:03 AM

    Resources like the one you mentioned here will be very useful to me ! I will post a
    link to this page on my blog. I am sure my visitors will find that very useful
    Get Wireshark

    ReplyDelete
  3. mthomasAugust 10, 2015 at 2:20 PM

    Thank you. This was pretty useful for my windows 7.

    ReplyDelete

Subscribe to: Post Comments (Atom)