Skip to content

Windump – How to use Windump (tcpdump) on Windows 7 – The Visual Guide

26/05/2014

Tcpdump is the classic tool for monitoring packets.  There is a windows version.

Step 1 – Download and install Windump

http://www.winpcap.org/windump/

win download

You will need to place your network card into promiscuous mode – for this, install WinPcap.

Step 2 – Download and install WinPcap

http://www.winpcap.org/install/default.htm

winpcap download

Step 3 – Open a Command Prompt with Administrator Rights

Start > Accessories > Command Prompt

Right Click > Run As Administrator

Change the directory to your download directory – normally in windows this is:

cd c:\Users\Smile\Downloads

Smile will be replaced with your username eg cd c:\Users\your username\Downloads

Step 4 – Run windump to locate your network adapter

windump -D

cloud2

Windump will list your adapter with a number.

You may have several adapters listed.  You select the interface to start running windump (as shown in step 5 using interface number 2).

Step 5 – Run windump to collect packets and write out to a file

windump -i 2 -q -w C:\perflogs\diagTraces -n -C 30 -W 10 -U -s 0

cloud

This will create a directory c:\perflogs\ and a file called diagTrace0.

The switches mean this:

    • -i is the number of NIC selected in the previous step
    • -q is quiet mode
    • -w <name> is the prefix of the files to create
    • -n  the logging will not resolve host names, all data will be in IP address format
    • -C the size in Millions of Bytes the logs files so grow to before moving to the next file
    • -W the number of circular log files to retain in addition to the current log file, specify in <path> where the files are to be stored
    • -U as each packet is saved, it will be written to the output file
    • -s decreases the amount of packet buffering, set this to zero

Step 6 – Use Wireshark to Open your file

If you don’t have wireshark installed, download it from here:

http://www.wireshark.org/download.html

File > Open > C:\perflogs > diagTraces0

arrow

Wireshark will reveal all the packet data.  Double click on each event, to drill down to more data.

Or click on the “Protocol” Column, to sort by Arp, TCP, UDP or DNS etc.

protocol

That’s it!!

******

Wireshark is a powerful tool, which is open source, and it’s ideal to examine and filter your tcpdump/windump data capture files.

To give you an example of the “drilling down” effect, here is a windump/wireshark DNS packet for WordPress.com

arrow2

References:

http://www.symantec.com/business/support/index?page=content&id=TECH86409

****

Cracking passwords and understanding encryption is an essential skill for Cyber Security, Penetration Testing, Computer Security, Information Security and Cryptology. This prep guide, will take you step by step through hashing algorithms in a visual format. The aim is that you will learn through seeing and doing – and will understand hashing algorithms at an intuitive level.

 

****

 

kindle book cover

https://www.amazon.co.uk/KALI-LINUX-passwords-Hashcat-Visual-ebook/dp/B072YVDHS5

 

****

 

If the License sticker has worn out, or come off the pc, you can extract the license keys manually.  *Do this before you reinstall your OS not after it

How to find Windows 7 License keys – including Windows 10, Exchange, SQL Server and OFFICE keys

https://uwnthesis.wordpress.com/2016/01/01/how-to-find-windows-7-license-keys-windows-10-all-windows-server-sql-products/

 

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: