{"id":375,"date":"2007-02-09T15:14:58","date_gmt":"2007-02-09T15:14:58","guid":{"rendered":"http:\/\/www.bartbusschots.ie\/blog\/?p=375"},"modified":"2014-08-04T20:37:57","modified_gmt":"2014-08-04T20:37:57","slug":"tcpdump-for-windows","status":"publish","type":"post","link":"https:\/\/www.bartbusschots.ie\/s\/2007\/02\/09\/tcpdump-for-windows\/","title":{"rendered":"TCPDump for Windows"},"content":{"rendered":"<p>It&#8217;s no secret that I&#8217;m not a Windows fan. There are many reasons I don&#8217;t like windows including  idealogical disagreements with MicroSoft, a lack of faith and trust in MS, security concerns, usability issues etc.. I could go on but for this post only one reason matters, I feel very vulnerable on a Windows machine because I can&#8217;t see what it&#8217;s doing as easily as I can on Linux, Unix or OS X. There are many Linux command-line tools missing from Windows but now there is one fewer missing from my Windows machine in work. TCPDump is a Linux\/Unix command for analyzing all the network traffic that is going to or from your machine. Errand network traffic is a good indicator that you have some form of spyware and being able to monitor traffic can be very useful for debugging network problems. There is a Windows port of TCPDump called <a href=\"http:\/\/www.winpcap.org\/windump\/\" target=\"_blank\">WinDump<\/a>. It&#8217;s not entirely straight forward so I&#8217;ll just go through how to install it and how to make it work. This will not be a tutorial on how to use TCPDump, for that go <a href=\"http:\/\/www.ethereal.com\/docs\/man-pages\/tcpdump.8.html\" target=\"_blank\">here<\/a>. This is very much a tool for power-users, not regular Windows users.<\/p>\n<p>[tags]Windows, Security, WinDump, TCPDump[\/tags]<\/p>\n<p><!--more--><\/p>\n<p>When it comes to installing WinDump I&#8217;m reminded a lot of installing the GIMP on Windows, it&#8217;s a two step process. First you have to install some libraries (the <a href=\"http:\/\/www.winpcap.org\/\" target=\"_blank\">WinPcap<\/a> libraries in this case), and then you can install WinDump. The install is actually very simple but you have to go to two sites and install two things which seems a little counter intuitive to me. Surely WinDump whould also offer an all-in-one bundled download?<\/p>\n<p>Once you have it installed WinDump behaves exactly like TCP Dump. The only messy bit is figuroing out the names of your various network interfaces. On *nix you would just use <code>ifconfig -a<\/code> but that won&#8217;t work on Windows. What you have to do here is get a list of the interfaces with the command <code>WinDump \u00e2\u20ac\u201cD<\/code>. Once you have the adapter name of the interface you&#8217;re interested in you can get WinDump to use that interface with the regular <code>-i<\/code> flag.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s no secret that I&#8217;m not a Windows fan. There are many reasons I don&#8217;t like windows including idealogical disagreements with MicroSoft, a lack of faith and trust in MS, security concerns, usability issues etc.. I could go on but for this post only one reason matters, I feel very vulnerable on a Windows machine [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12,446],"tags":[485,139,188,19],"series":[],"class_list":["post-375","post","type-post","status-publish","format-standard","hentry","category-computers-tech","category-sysadmin","tag-networks-canner","tag-review","tag-software","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p7t9xK-63","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/comments?post=375"}],"version-history":[{"count":1,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/375\/revisions"}],"predecessor-version":[{"id":7662,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/posts\/375\/revisions\/7662"}],"wp:attachment":[{"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/media?parent=375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/categories?post=375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/tags?post=375"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.bartbusschots.ie\/s\/wp-json\/wp\/v2\/series?post=375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}