It can sniff any interface including loopback, WiFi, PPP interfaces.
Personally, I use it for 2 purposes: penetration testing and incident response:
- Sniff additional credential after break into remote machine (admin) without Winpcap or NDIS driver.
- Sniff loopback interface to detect data leakage via SSL tunnelling proxy.
- Sniff WiFi (WPA2) for any suspicious TCP connections.
RawCap is provided for free and can be downloaded from here:
- http://www.netresec.com/?page=RawCap