Important: Please read the Qt Code of Conduct -

[Solved] [QNetWork] Packets sent with QTcpSocket/QTcpServer aren't captured by WireShark

  • Hello,

    I’m rather fresh with socket programming, and right now I needed some guidance as to where I should start tackling this problem.

    To put it short, are there any scenarios where WireShark can fail to capture packets from and to a local machine?

    We have a pair of Simple TCP Server/Client written with Qt5, using QTcpSocket and QTcpServer. These Qt server and client, both running locally on my own PC, can send strings of text to each other.

    The strange thing is, WireShark can’t seem to capture any packets exchanged between the Qt server and client. I’m pretty sure the packets are there if the server and client managed to receive data from each other, and I can use RawCap to sniff those packets as well.

    I’ve tried writing another server using a WinSock2 socket instead of the QTcpSocket , and still, WireShark can’t detect any packets when the server and client have successfully exchanged data with each other.

    I’ve seen many people using WireShark with their network apps on the Qt forum, so the possibility of WireShark not being compatible with Qt seems quite slim. I also made sure that I’m running with an Administrator account, and the server and client are allowed through my firewall as well. My Ethernet adapter is that of Realtek PCI GBE Family Controller, and the driver is up to date.

    I did read from the FAQ of WireShark, though, that WinPcap might not capture packets with erroneous CRC. Still, by my understanding (correct me if I’m wrong), the CRC is something handled by the Ethernet adapter hardware, and since I can capture mostly all other packets through this same Ethernet Interface with WireShark, that also seems unlikely.

    Is there anything else I can try to have WireShark capture the activities between my server and client?

    Update [2014/5/12]:
    I've tried running the server and client on separate machines this morning, and the packets can be captured now.

    As hskoglund and others on the Wireshark forum pointed out, WinPcap (used by Wireshark in Windows) cannot capture traffic that is not physically leaving/entering the system.

    For now, it looks like I'll have to settle with these work-arounds:

    Use Wireshark with the Server and Client running on different machines.

    Use RawCap whenever the Server and Client is running on the same machine. The dump file (.pcap) generated can be loaded into Wireshark later on for analysis as well.


  • Hi, perhaps you've run into the 127.x.x.x loopback bug? I.e. "Wireshark is blind": to that address on Windows :-(

  • [quote author="hskoglund" date="1399642981"]Hi, perhaps you've run into the 127.x.x.x loopback bug? I.e. "Wireshark is blind": to that address on Windows :-(


    That appears to be the case. I know Wireshark don't allow capturing on the loopback interface; I didn't realize that also means "any localhost traffic"... You learn something new everyday, I guess.

    Thanks for the response.

Log in to reply