Skip to content

Windump – How to use Windump (tcpdump) on Windows 7 – The Visual Guide


Tcpdump is the classic tool for monitoring packets.  There is a windows version.

Step 1 – Download and install Windump

win download

You will need to place your network card into promiscuous mode – for this, install WinPcap.

Step 2 – Download and install WinPcap

winpcap download

Step 3 – Open a Command Prompt with Administrator Rights

Start > Accessories > Command Prompt

Right Click > Run As Administrator

Change the directory to your download directory – normally in windows this is:

cd c:\Users\Smile\Downloads

Smile will be replaced with your username eg cd c:\Users\your username\Downloads

Step 4 – Run windump to locate your network adapter

windump -D


Windump will list your adapter with a number.

You may have several adapters listed.  You select the interface to start running windump (as shown in step 5 using interface number 2).

Step 5 – Run windump to collect packets and write out to a file

windump -i 2 -q -w C:\perflogs\diagTraces -n -C 30 -W 10 -U -s 0


This will create a directory c:\perflogs\ and a file called diagTrace0.

The switches mean this:

      -i is the number of NIC selected in the previous step
      -q is quiet mode
      -w <name> is the prefix of the files to create
      -n  the logging will not resolve host names, all data will be in IP address format
      -C the size in Millions of Bytes the logs files so grow to before moving to the next file
      -W the number of circular log files to retain in addition to the current log file, specify in <path> where the files are to be stored
      -U as each packet is saved, it will be written to the output file
      -s decreases the amount of packet buffering, set this to zero

Step 6 – Use Wireshark to Open your file

If you don’t have wireshark installed, download it from here:

File > Open > C:\perflogs > diagTraces0


Wireshark will reveal all the packet data.  Double click on each event, to drill down to more data.

Or click on the “Protocol” Column, to sort by Arp, TCP, UDP or DNS etc.


That’s it!!


Wireshark is a powerful tool, which is open source, and it’s ideal to examine and filter your tcpdump/windump data capture files.

To give you an example of the “drilling down” effect, here is a windump/wireshark DNS packet for




Which is the safest VPN on the market? Who do I use for a VPN?


Warrant Canary – can be found here:



If the License sticker has worn out, or come off the pc, you can extract the license keys manually.  *Do this before you reinstall your OS not after it

How to find Windows 7 License keys – including Windows 10, Exchange, SQL Server and OFFICE keys


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: