Search This Blog

Thursday, January 27, 2011

windump (the windows version of tcpdump (linux)

I have had to look at some networking issues, and have found a great utility for the windows environment.

Its exactly the same as tcpdump for linux.

http://www.winpcap.org/windump/

However to get this working you will need WinPcap

http://www.winpcap.org/default.htm

Once installed this is a great tool to watch network traffic.

You can specify IP addresses, subnets, ports, interfaces and combinations of. I provide a few examples, but the documentation is great. And as I said its the equivalent of tcpdump, so commands should work the same.

Watch a particular subnet
windump -n net 192.168.11.0 mask 255.255.255.0

Watch a particular IP and port
windump -n host 192.168.1.226 and tcp port 443

Watch two particular IPs
windump -n host 192.168.11.10 or host 192.168.1.226

Watch a two particular IPs on ports 80 and 443
windump -n (host 192.168.11.10 and (tcp port 80 or 443)) or (host 192.168.1.226 and (tcp port 80 or 443))

List interface and numbers. You need the number to specify an interface to listen on.
windump –D

Watch a particular IP on a particular interface.
windump -i 4 -n host 192.168.17.35

To exclude parameters just append with an exclamation

Watch a particular IP and all traffic except on a specific port

windump -n host 192.168.1.226 and tcp port !443


Share/Bookmark

No comments:

Post a Comment