Search This Blog

Thursday, January 27, 2011

windump (the windows version of tcpdump (linux)

I have had to look at some networking issues, and have found a great utility for the windows environment.

Its exactly the same as tcpdump for linux.

However to get this working you will need WinPcap

Once installed this is a great tool to watch network traffic.

You can specify IP addresses, subnets, ports, interfaces and combinations of. I provide a few examples, but the documentation is great. And as I said its the equivalent of tcpdump, so commands should work the same.

Watch a particular subnet
windump -n net mask

Watch a particular IP and port
windump -n host and tcp port 443

Watch two particular IPs
windump -n host or host

Watch a two particular IPs on ports 80 and 443
windump -n (host and (tcp port 80 or 443)) or (host and (tcp port 80 or 443))

List interface and numbers. You need the number to specify an interface to listen on.
windump –D

Watch a particular IP on a particular interface.
windump -i 4 -n host

To exclude parameters just append with an exclamation

Watch a particular IP and all traffic except on a specific port

windump -n host and tcp port !443


No comments:

Post a Comment