Windump – How to use Windump (tcpdump) on Windows 7 – The Visual Guide
Tcpdump is the classic tool for monitoring packets. There is a windows version.
Step 1 – Download and install Windump
http://www.winpcap.org/windump/
You will need to place your network card into promiscuous mode – for this, install WinPcap.
Step 2 – Download and install WinPcap
http://www.winpcap.org/install/default.htm
Step 3 – Open a Command Prompt with Administrator Rights
Start > Accessories > Command Prompt
Right Click > Run As Administrator
Change the directory to your download directory – normally in windows this is:
cd c:\Users\Smile\Downloads
Smile will be replaced with your username eg cd c:\Users\your username\Downloads
Step 4 – Run windump to locate your network adapter
windump -D
Windump will list your adapter with a number.
You may have several adapters listed. You select the interface to start running windump (as shown in step 5 using interface number 2).
Step 5 – Run windump to collect packets and write out to a file
windump -i 2 -q -w C:\perflogs\diagTraces -n -C 30 -W 10 -U -s 0
This will create a directory c:\perflogs\ and a file called diagTrace0.
The switches mean this:
-
- -i is the number of NIC selected in the previous step
-
- -q is quiet mode
-
- -w <name> is the prefix of the files to create
-
- -n the logging will not resolve host names, all data will be in IP address format
-
- -C the size in Millions of Bytes the logs files so grow to before moving to the next file
-
- -W the number of circular log files to retain in addition to the current log file, specify in <path> where the files are to be stored
-
- -U as each packet is saved, it will be written to the output file
-
- -s decreases the amount of packet buffering, set this to zero
Step 6 – Use Wireshark to Open your file
If you don’t have wireshark installed, download it from here:
http://www.wireshark.org/download.html
File > Open > C:\perflogs > diagTraces0
Wireshark will reveal all the packet data. Double click on each event, to drill down to more data.
Or click on the “Protocol” Column, to sort by Arp, TCP, UDP or DNS etc.
That’s it!!
******
Wireshark is a powerful tool, which is open source, and it’s ideal to examine and filter your tcpdump/windump data capture files.
To give you an example of the “drilling down” effect, here is a windump/wireshark DNS packet for WordPress.com
References:
http://www.symantec.com/business/support/index?page=content&id=TECH86409
****
Cracking passwords and understanding encryption is an essential skill for Cyber Security, Penetration Testing, Computer Security, Information Security and Cryptology. This prep guide, will take you step by step through hashing algorithms in a visual format. The aim is that you will learn through seeing and doing – and will understand hashing algorithms at an intuitive level.
****
https://www.amazon.co.uk/KALI-LINUX-passwords-Hashcat-Visual-ebook/dp/B072YVDHS5
****
If the License sticker has worn out, or come off the pc, you can extract the license keys manually. *Do this before you reinstall your OS not after it
How to find Windows 7 License keys – including Windows 10, Exchange, SQL Server and OFFICE keys