Getting the Local Traffic Report
It can be problematic and lead to headaches - and possibly even hair loss (your follicles may vary) - if you need to capture local network traffic (sent to your own device or PC) as many tools (even the venerable WireShark) aren't very helpful with that scenario. However, there is a way to do it using two free tools, namely RawCap and the aforementioned WireShark. Once you know how, it's (almost) as easy as pie -- that is, eating a pie, such as an apple pie - not memorizing 3.14....etc)
First, download RawCap here
Next (provided you don't already have it, of course), download Wireshark here
Once you have RawCap and Wireshark installed, open a command prompt and navigate to the folder where you downloaded RawCap.
Then, enter a command such as "rawcap.exe 127.0.0.1 platypus.pcap"
RawCap.exe [IP Address you want to monitor] [name of file].pcap
Actually, you don't need the ".exe" appended to "rawcap" as shown above; unless your pinkies love tickling the plastics, you can omit those bits. In fact:
Don't Bogart Your Joints
You can practice preventive maintenance on your joints and possibly elude the nefarious carpal tunnel syndrome agitator by reducing keystrokes when entering the rawcap command line values. For example, instead of a command line such as:
rawcap.exe 127.0.0.1 someFilename.pcap
...you can omit the ".exe" jazz and use the interface id like so:
rawcap 1 141223.pcap
So the interface is "1". But what is "1"? Find out what's available to you by entering this at the command line:
You will then be given a list of interface IDs and what they refer to. For example, in my case I see this:
So, for me, 0 is my PC's IP address, and 1 is localhost/loopback/127.0.0.1. YIMV (Your Interfaces May Vary).
TIME OUT! Two ways to run RawCap
You can run RawCap one of two ways:
Run cmd as Administrator Proactively
Select Start > All Programs > Accessories > Command Prompt > r-click > Run as Administrator
Run cmd as "Normal" User and Respond to Prompt
Select Start > "cmd" > [ enter command line for rawcap to use ] > accept "User Account Dialog" dialog
If you use the latter option, the feedback (how many packets have been received) will display in a separate command prompt window:
IOW, the difference between the two ways of running it is: Do you want to get and dismiss the "User Account Control" dialog before you enter the command line verbiage or after you enter it?
Now, perform the procedure that generates the network traffic you want to capture. Once it is finished, you can go back to the command prompt and mash Ctrl+C. Alternatively, you can specify the count of packets you want it to capture, or the number of seconds for which you want it to capture. Enter "rawcap ?" and mash the Enter key for the syntax for doing either of these. Or, you can take my word for it that it is:
"-c [packet count]<count>" to "stop sniffing after receiving a specified count of <count>packets
"-s [number of seconds]<sec>" to "stop sniffing after a specified number of<sec> seconds
rawcap.exe -c 42 meaningOfLifeEtc.pcap
...to capture 42 packets
rawcap.exe -s 8 rodeo.pcap
...to capture packets until the cowboy either gets bucked off or outlasts the beast.
After mashing the Enter key to start rawcap capturing, then performing the operation to send/receive packets, and finally mashing Ctrl+C at the command prompt to stop capturing, you will see something like this (where the folder to which you downloaded rawcap replaces "MiscInWindows7") there at the command line:
After the capture is complete using any of the methodologies delineated above (manually stopping capturing, or setting it to capture a number of packets or for a specified number of seconds), open Wireshark and select File > Open..., navigate to the .pcap file, and open it.
You will then cast your beaming and/or gleaming peepers upon a magnificent cornucopia of information about the network traffic captured. You can now search through this overgrown forest for individual trees you want to find by select Edit > Find Packet... and then entering what is of interest to you; in my case, I'm expecting some traffic to/from port 7727 on my PC, so I enter that:
...and it takes me to the first line with such; Selecting Find > Next (Ctrl+N) takes me to the next one (etc.)
Once you narrow the network traffic down to a specific port, you can then right-click any of the "records" in Wireshark and select "Follow TCP Stream"; you will then get the nitty gritty on the whole back-and-forth between the sender and receiver. The sender's data is in red, the receiver's in blue:
Ain't that purty! Don't answer that - I hear tell the Wireshark GUI cat is more sensitive than a weak and weary Edgar Allan Poe on a mere 3 hours of slumber.
Note, again, the very handy color-coding feature provided by Wireshark, which makes it obvious "who said wait": the Client's transmission being in red, and the server's response being represented in blue helps you to see what both sides are expecting from each other, and how they respond when they get various packets of data.
And so you have it: a couple of free tools and a modicum of work, and you've got more network traffic information than your local television stations' traffic reporter ever dreamed of having.
Be Kind to Your Fellow Mammals
If you find this tip useful, "pay it forward" by being nice to the next Duckbilled Platypus you come across (Platypi R People, too, you know!) - but beware the poisonous claw on his hind foot! These furry and fluffy critters may look cute and cuddly, but if you're not careful, they will put a world of hurt on you by puncturing your pinky with their poison paw - or even worse, another body member beginning with "p", such as "patellar tendon."
A Word to the Wise: Beware the Seaside Police!
Unless you are a perfect programmer, and can prove such in a court of law, you'd best avoid Seaside, California, where coding mistakes have apparently been criminalized, as can be seen by this photo I shot yesterday in the City Hall parking lot:
AFAIK, it's still safe to visit Monterey, Carmel, Big Sur, etc., but if you are prone to writing problematic code, Seaside would best be avoided, unless you want to wind up in the slammer/calaboose.
I have been writing these splendiferous tips that have helped millions of people save trillions of dollars, and have not as yet received a choctypus (a chocolate duckbilled platypus, of course) from anyone (I know - hard to believe!). Note: now that y'all are aware of the choctypus shortage at my domicile, I'm sure you will know what to do. Please, though, if you drone it in, make sure to pack it with some shock-absorbing material, like peanuts (not the fake ones - real ones!)
No need to worry about subterfuge leading to litigiousness: I HAVE NO PEANUT ALLERGIES!!!