Getting the Local Traffic Report

It can be problematic and lead to headaches – and possibly even hair loss (your follicles may vary) – if you need to capture local network traffic (sent to your own device or PC) as many tools (even the venerable WireShark) aren’t very helpful with that scenario. However, there is a way to do it using two free tools, namely RawCap and the aforementioned WireShark. Once you know how, it’s (almost) as easy as pie — that is, eating a pie, such as an apple pie – not memorizing 3.14….etc)

First, download RawCap here

Next (provided you don’t already have it, of course), download Wireshark here

Once you have RawCap and Wireshark installed, open a command prompt and navigate to the folder where you downloaded RawCap.

Then, enter a command such as “rawcap.exe 127.0.0.1 platypus.pcap

which is:

RawCap.exe [IP Address you want to monitor] [name of file].pcap

You can run RawCap one of two ways:

Run cmd as Administrator Proactively

Select Start > All Programs > Accessories > Command Prompt > r-click > Run as Administrator

Run cmd as “Normal” User and Respond to Prompt

Select Start > “cmd” > [ enter command line for rawcap to use ] > accept “User Account Dialog” dialog

If you use the latter option, the feedback (how many packets have been received) will display in a separate command prompt window:

IOW, the difference between the two ways of running it is: Do you want to get and dismiss the “User Account Control” dialog before you enter the command line verbiage or after you enter it?

Go

Now, perform the procedure that generates the network traffic you want to capture. Once it is finished, you can go back to the command prompt and mash Ctrl+C. Alternatively, you can specify the count of packets you want it to capture, or the number of seconds for which you want it to capture. Enter “rawcap ?” and mash the Enter key for the syntax for doing either of these. Or, you can take my word for it that it is:

-c [packet count]” to “stop sniffing after receiving a specified count of packets

-and

-s [number of seconds]” to “stop sniffing after a specified number of seconds

IOW:

rawcap.exe -c 42 meaningOfLifeEtc.pcap

…to capture 42 packets

-and:

rawcap.exe -s 8 rodeo.pcap

…to capture packets until the cowboy either gets bucked off or outlasts the beast.

After mashing the Enter key to start rawcap capturing, then performing the operation to send/receive packets, and finally mashing Ctrl+C at the command prompt to stop capturing, you will see something like this (where the folder to which you downloaded rawcap replaces “MiscInWindows7”) there at the command line:

After the capture is complete using any of the methodologies delineated above (manually stopping capturing, or setting it to capture a number of packets or for a specified number of seconds), open Wireshark and select File > Open…, navigate to the .pcap file, and open it.

You will then cast your beaming and/or gleaming peepers upon a magnificent cornucopia of information about the network  traffic captured. You can now search through this overgrown forest for individual trees you want to find by select Edit > Find Packet… and then entering what is of interest to you; in my case, I’m expecting some traffic to/from port 7727 on my PC, so I enter that:

…and it takes me to the first line with such; Selecting Find > Next (Ctrl+N) takes me to the next one (etc.)

And so you have it: a couple of free tools and a modicum of work, and you’ve got more network traffic information than your local television stations’ traffic reporter ever dreamed of having.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.