Windows ports of the most powerful and widely used Unix command-line tools actually are fairly common. I've used various Windows versions of the search tool grep, for instance. Among the most useful is tcpdump, a tool for capturing and reporting packet headers in network traffic for further analysis. The folks at Cace Technologies have compiled a Windows port of the program named, with just about the entire feature set of its Unix-based brethren. The full source code for the program is also included, in the event that you want to compile a custom version.
![Tcpdump Tcpdump](/uploads/1/2/5/6/125623315/559348379.jpg)
As of Windows 7 and Windows Server 2008, they now include network capturing tools right out of the box! As this article explains, the netsh trace command can ellicit network traffic capture on a Windows device and then analyzed using the built in Event Tracing framework to view the traffic using the common Windows Event log interface. TCPDUMP for Windows is a clone of TCPDUMP for UNIX systems, the popular command-line packet capture tool. An advantage of TCPDUMP for Windows is that (1) it supports 1Gbit networks and (2) it is portable, i.e. It works from removable devices.
It’s no secret that I’m not a Windows fan. There are many reasons I don’t like windows including idealogical disagreements with MicroSoft, a lack of faith and trust in MS, security concerns, usability issues etc. I could go on but for this post only one reason matters, I feel very vulnerable on a Windows machine because I can’t see what it’s doing as easily as I can on Linux, Unix or OS X. There are many Linux command-line tools missing from Windows but now there is one fewer missing from my Windows machine in work. TCPDump is a Linux/Unix command for analyzing all the network traffic that is going to or from your machine. Errand network traffic is a good indicator that you have some form of spyware and being able to monitor traffic can be very useful for debugging network problems. There is a Windows port of TCPDump called.
It’s not entirely straight forward so I’ll just go through how to install it and how to make it work. This will not be a tutorial on how to use TCPDump, for that go. This is very much a tool for power-users, not regular Windows users.
tagsWindows, Security, WinDump, TCPDump/tags When it comes to installing WinDump I’m reminded a lot of installing the GIMP on Windows, it’s a two step process. First you have to install some libraries (the libraries in this case), and then you can install WinDump. The install is actually very simple but you have to go to two sites and install two things which seems a little counter intuitive to me.
Surely WinDump whould also offer an all-in-one bundled download? Once you have it installed WinDump behaves exactly like TCP Dump. The only messy bit is figuroing out the names of your various network interfaces. On.nix you would just use ifconfig -a but that won’t work on Windows. What you have to do here is get a list of the interfaces with the command WinDump –D. Once you have the adapter name of the interface you’re interested in you can get WinDump to use that interface with the regular -i flag.
Thanks for the info about command line options for WinDump I’ve tried these, but I still cannot figure out what WinDump is doing – it seems to have no output (other than listing the interfaces with the -D option)! Leave a Reply Name (required) Email Address(required) Notify me of followup comments via e-mail Website Before you post a comment please remember that commenting on my blog is a privilege not a right. I won't approve comments that are obscene, offensive or insulting. For more info please read.