{"id":3126,"date":"2014-06-11T21:39:55","date_gmt":"2014-06-11T13:39:55","guid":{"rendered":"http:\/\/rmohan.com\/?p=3126"},"modified":"2014-06-11T23:55:01","modified_gmt":"2014-06-11T15:55:01","slug":"windump","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=3126","title":{"rendered":"windump"},"content":{"rendered":"

windows environment.<\/p>\n

Its exactly the same as tcpdump for linux.<\/p>\n

http:\/\/www.winpcap.org\/windump\/<\/span><\/a><\/p>\n

However to get this working you will need WinPcap<\/p>\n

http:\/\/www.winpcap.org\/default.htm<\/span><\/a><\/p>\n

Once installed this is a great tool to watch network traffic.<\/p>\n

You can specify IP addresses, subnets, ports, interfaces and combinations of. I provide a few examples, but the documentation is great. And as I said its the equivalent of tcpdump, so commands should work the same.<\/p>\n

Watch a particular subnet<\/strong>
\nwindump -n net 192.168.11.0 mask 255.255.255.0<\/span><\/p>\n

Watch a particular IP and port
\n<\/strong>windump -n host 192.168.1.226 and tcp port 443<\/span><\/p>\n

Watch two particular IPs<\/strong>
\nwindump -n host 192.168.11.10 or host 192.168.1.226<\/span><\/p>\n

Watch a two particular IPs on ports 80 and 443
\n<\/strong>windump -n (host 192.168.11.10 and (tcp port 80 or 443)) or (host 192.168.1.226 and (tcp port 80 or 443))<\/span><\/p>\n

List interface and numbers. You need the number to specify an interface to listen on.<\/strong>
\nwindump \u2013D<\/p>\n

Watch a particular IP on a particular interface.
\n<\/strong>windump -i 4 -n host 192.168.17.35<\/p>\n

To exclude parameters just append with an exclamation<\/p>\n

Watch a particular IP and all traffic except on a specific port <\/strong><\/p>\n

windump -n host 192.168.1.226 and tcp port !443<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

windows environment.<\/p>\n

Its exactly the same as tcpdump for linux.<\/p>\n

http:\/\/www.winpcap.org\/windump\/<\/p>\n

However to get this working you will need WinPcap<\/p>\n

http:\/\/www.winpcap.org\/default.htm<\/p>\n

Once installed this is a great tool to watch network traffic.<\/p>\n

You can specify IP addresses, subnets, ports, interfaces and combinations of. I provide a few examples, but the documentation is great. And as […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3126"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3126"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3126\/revisions"}],"predecessor-version":[{"id":3127,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3126\/revisions\/3127"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}