It’s no secret that I’m not a Windows fan. There are many reasons I don’t like windows including idealogical disagreements with MicroSoft, a lack of faith and trust in MS, security concerns, usability issues etc.. I could go on but for this post only one reason matters, I feel very vulnerable on a Windows machine because I can’t see what it’s doing as easily as I can on Linux, Unix or OS X. There are many Linux command-line tools missing from Windows but now there is one fewer missing from my Windows machine in work. TCPDump is a Linux/Unix command for analyzing all the network traffic that is going to or from your machine. Errand network traffic is a good indicator that you have some form of spyware and being able to monitor traffic can be very useful for debugging network problems. There is a Windows port of TCPDump called WinDump. It’s not entirely straight forward so I’ll just go through how to install it and how to make it work. This will not be a tutorial on how to use TCPDump, for that go here. This is very much a tool for power-users, not regular Windows users.

[tags]Windows, Security, WinDump, TCPDump[/tags]

When it comes to installing WinDump I’m reminded a lot of installing the GIMP on Windows, it’s a two step process. First you have to install some libraries (the WinPcap libraries in this case), and then you can install WinDump. The install is actually very simple but you have to go to two sites and install two things which seems a little counter intuitive to me. Surely WinDump whould also offer an all-in-one bundled download?

Once you have it installed WinDump behaves exactly like TCP Dump. The only messy bit is figuroing out the names of your various network interfaces. On *nix you would just use ifconfig -a but that won’t work on Windows. What you have to do here is get a list of the interfaces with the command WinDump –D. Once you have the adapter name of the interface you’re interested in you can get WinDump to use that interface with the regular -i flag.