Anyone ever done this, or heard rumors of people doing this?

Some MS consultant at work told us it could only be done in windows 7, but I need to do it in Server 2003. I keep finding obscure references on message boards suggesting you can add a new route to the routing table to redirect loopback traffic through a second NIC....but I can't find anything definitive about it.

I want to do it b/c we have an app server and IIS running on the same machine (this is all part of a third party app, so we have very little access to the inner workings) and it keeps having issues when communicating with IIS.

[Edited on April 6, 2010 at 10:32 PM. Reason : ,]

4/6/2010 10:31:47 PM

sorry i dont have any experience with servers

4/7/2010 1:42:19 AM

Quote :

"you can add a new route to the routing table to redirect loopback traffic through a second NIC"

You don't want to do this, trust me. You will likely break a ton of other applications and the OS itself is you do.

Quote :

"it keeps having issues when communicating with IIS."

Do you have a support contract for the third party app? Call them up and get them to help you debug this if it's not working.

Otherwise: Question ... wireshark capture can't do this?

4/7/2010 6:52:08 AM

I thought this was the whole point of Ethereal and Wireshark... They don't work in Server 2003?

4/7/2010 8:27:50 AM

yeah, but with wireshark, you select which interface you're capturing traffic on.

In this particular situation, I don't think communication between the third party app and IIS ever egress a NIC. Unless there is some funky virtual NIC that gets created. Then you could use wireshark as long as that virtual NIC is visible to wireshark...

I dunno, I'm not a server guy.

4/7/2010 8:49:39 AM

I've never seen loopback traffic in any wireshark traces. It makes it a pain in the ass to troubleshoot things like SIP servers locally. I always had to put one of the network pieces on another machine to see the traffic in wireshark.

I can't definitively say that means that loopback traffic doesn't hit the NIC, but it's a pretty good indication.

Read this:
http://wiki.wireshark.org/CaptureSetup/Loopback

Quote :

"Supported Platforms See CaptureSetup/NetworkMedia for Wireshark capturing support on various platforms. Summary: you can capture on the loopback interface on Linux, on various BSDs including Mac OS X, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows. Windows IP 127.0.0.1 You can't capture on the local loopback address 127.0.0.1! IP other You can add a virtual network card called Microsoft Loopback Adapter, but in most cases that might not give results as expected either. This adapter is available from Microsoft: Microsoft: How to install the Microsoft Loopback Adapter in Microsoft Windows Server 2003 Microsoft: How to install the Microsoft Loopback adapter in Windows XP Microsoft: How To Install Microsoft Loopback Adapter in Windows 2000 ... and is quite different than the ones available for various UN*X systems. This adapter is a virtual network adapter you can add, but it will not work on the 127.0.0.1 IP addresses; it will take its own IP address. BTW: You can only add one Loopback Adapter to the system! Beware: Capturing from this Loopback Adapter requires the WinPcap 3.1 release, 3.1 beta versions won't work! Let's suppose you have set the IP address of the loopback adapter to 10.0.0.10 and are capturing on that interface. If you ping to this 10.0.0.10 address the ping will get ping replies, but you won't see any of this traffic in Wireshark (much like the 127.0.0.1 problem). If you ping on 10.0.0.11, you won't get ping replies as there is obviously no remote host, but you will see the corresponding ARP requests in Wireshark. The only benefit I can see so far is if you use it with colinux (and probably other PC virtualization software) to capture the traffic between Windows and the virtual machine. - UlfLamping Recipe (to capture traffic on ms loopback adapter / Windows XP): --- by mitra 1. go to MS Loopback adapter properties, set IP 10.0.0.10, MASK 255.255.255.0 2. ipconfig /all and look at the MAC-ID for your new adapter. 3. arp -s 10.0.0.10 <MAC-ID> 4. route add 10.0.0.10 10.0.0.10 mask 255.255.255.255 5. to test: "telnet 10.0.0.10" I am now using the loopback adapter to capture traffic that I source into a Dyanmips/Dynagen virtual router network. This is a potentially very useful tool/feature that I will be testing further in the weeks to come. As it stands, I can connect my loopback adapter to a virtual router interface and capture ping, arp, etc. In the near future, I hope to tie a server w/ a loopback adapter to a virtual router and then capture a full client/server type of exchange across a Dynamips/Dynagen emulated network. -- Scott Vermillion NOTE: To get to the Microsoft Loopback Adapter Properties: Start -> Settings -> Control Panel -> System -> Device Manager -> Network Adapters and right click Microsoft Loopback Adapter to select Properties. -- saran"

[Edited on April 7, 2010 at 11:23 AM. Reason : stuff]

4/7/2010 11:20:49 AM

is there not a named pipe the process is using?

4/7/2010 12:37:50 PM

^^ Ive seen that done before with varied results, but more often than not it works if you will mess with it enough.

4/7/2010 12:50:54 PM

Quote :

"IP 127.0.0.1 You can't capture on the local loopback address 127.0.0.1!"

Well damn, thats the one I need

4/8/2010 8:55:23 PM

Ok, so we have a source and a destination. The source can't be (easily) sniffed ... can you bind the destination (IIS) to a specific network adapter and then sniff it?

Otherwise, you can try TCPView for a cruder tool to see the traffic, but not necessarily capture it.

4/8/2010 9:21:25 PM

Quote :

"The source can't be (easily) sniffed ... can you bind the destination (IIS) to a specific network adapter and then sniff it?"

I'm not sure I follow what you're suggesting...in this case the source and destination are both 127.0.0.1.

Quote :

"Otherwise, you can try TCPView for a cruder tool to see the traffic, but not necessarily capture it."

I'm actually already working on this . We have it, but the team that owns it doesn't want to share.

I'm also not sure TCPView will give me much info. Isn't it basically just a continuous version of netstat? Or does it give more in depth info?

Quote :

"Do you have a support contract for the third party app? Call them up and get them to help you debug this if it's not working."

We've engaged them, but their support is so end-user focused its painful. The last time we even got them to admit there was a technical problem I had to essentially shove their face in the crap their program was spitting out on our network (damned thing was getting stuck in a loop or something and hanging for like 5 minutes at a time).

[Edited on April 8, 2010 at 10:24 PM. Reason : .]

4/8/2010 10:16:13 PM

Quote :

"You can add a virtual network card called Microsoft Loopback Adapter, but in most cases that might not give results as expected either."

this has always worked for me
had almost the exact same problem with 2 apps running on the same system

4/8/2010 10:28:29 PM