I have had to look at some networking issues, and have found a great utility for the windows environment.
Its exactly the same as tcpdump for linux.
http://www.winpcap.org/windump/
However to get this working you will need WinPcap
http://www.winpcap.org/default.htm
Once installed this is a great tool to watch network traffic.
You can specify IP addresses, subnets, ports, interfaces and combinations of. I provide a few examples, but the documentation is great. And as I said its the equivalent of tcpdump, so commands should work the same.
Watch a particular subnet
windump -n net 192.168.11.0 mask 255.255.255.0
Watch a particular IP and port
windump -n host 192.168.1.226 and tcp port 443
Watch two particular IPs
windump -n host 192.168.11.10 or host 192.168.1.226
Watch a two particular IPs on ports 80 and 443
windump -n (host 192.168.11.10 and (tcp port 80 or 443)) or (host 192.168.1.226 and (tcp port 80 or 443))
List interface and numbers. You need the number to specify an interface to listen on.
windump –D
Watch a particular IP on a particular interface.
windump -i 4 -n host 192.168.17.35
To exclude parameters just append with an exclamation
Watch a particular IP and all traffic except on a specific port
windump -n host 192.168.1.226 and tcp port !443
No comments:
Post a Comment