Jump to content

How to use WinDump


wildweaselmi
 Share

Recommended Posts

Have you ever been in the situation where a ping and traceroute doesn't show any issues with the network and yet users are complaining an application or site is slow.



An option you can use for Windows is a program called WinDump (this is similar to tcpdump, Wireshark or Ethereal but no installation, just running the windump.exe file) Pre-Req is the WinPcap installation



The command line looks as follows;



windump



[ -C file_size ] [ -F file ]



[ -i interface ] [ -m module ] [ -M secret ]



[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]



[ -W filecount ]



[ -E spi@ipaddr algo:secret,... ]



[ -y datalinktype ] [ -Z user ]


[ expression ]


tcpdump_trial_license.zip

Link to comment
Share on other sites

To capture data based on destination run



tcpdump -nnvvXSs 1514 dst mywiseguys.com (you could use IP address instead if you want)





Many of us will capture to an output file like



tcpdump -w mwgoutput.pcap





You can view the file using tcpdump



tcpdump -nnr mwgoutput.pcap





If you look at this file in notepad or wordpad you probably won't make much sense of it so convert it to txt file by running



tcpdump -nnr mwgoutput.pcap > mwgoutput.pcap.txt





If you want a detailed (ascii and hex) output you will use



tcpdump -nvvXSs 1514 dst mywiseguys.com > mwgtest.txt





A pretty common capture with a filter on destination



tcpdump -nnvvS dst mywiseguys.com



19:03:56.725037 IP (tos 0x0, ttl 128, id 22285, offset 0, flags , proto TCP (6), length 40)


0.0.0.0.49778 > 74.220.207.116.80: Flags , cksum 0x3837 (correct), seq 1400, ack 5393, win 32768, length 0


19:03:56.725046 IP (tos 0x0, ttl 128, id 22285, offset 0, flags , proto TCP (6), length 40)


0.0.0.0.49778 > 74.220.207.116.80: Flags , cksum 0x3836 (correct), seq 1401, ack 5394, win 32768, length 0[/code]

tcpdump_trial_license.zip



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...