On Windows, I know that Wireshark doesn't capture packets sent through the loopback interface, so I downloaded RawCap. Unfortunately, it only works on one of the four Windows machines that I'm testing on. On the one machine where it works, I'm able to capture 127.0.0.1, including all the DDS messages and view the resulting capture file in Wireshark. For the three machines that don't work, RawCap says that its unable to enter promiscuous mode with the following message, "Unable to enter promiscuous mode (RCVALL_ON), using RCVALL_SOCKETLEVELONLY."
Does anybody know of an alternative to RawCap for capturing localhost traffic on Windows that is compatible with more NICs?
Nate,
Did you run RawCap in administrator or user mode?
Andre
Unfortunately, running in administrator mode doesn't make a difference. I'm assuming some NICs can't be put into promiscuous mode while including the RCVALL_SOCKETLEVELONLY option? Not sure how up-to-date this Windows dev page is http://msdn.microsoft.com/en-us/library/windows/desktop/ee309610(v=vs.85).aspx but it says that option isn't even supported yet.
All the network capture tools I know use promiscuous mode. You definitely need to run the tools as administrator to enter the promiscuous mode. Not all NICs do support promiscuous mode. Do you know if the NICs are different between the Windows machines and what the differences are between the one that is working and the ones that aren’t?
All four of the machines actually have different cards. Below is the list:
The NIC that works with RawCap is the Atheros card. When I use RawCap with the Atheros NIC, I see all the RTPS2 packets sent by my Connext application, including DATA, NACK, discovery, HEARTBEAT. With the other three cards, the only RTPS2 packets captured are the DomainParticipant discovery packets.