Wednesday, July 24, 2013

WinDump: TCPDump for windows

WinDump: TCPDump for windows 


WinDump is TCPDump for windows.

What is TCPDUMP?

                        TCPDUMP is command for capturing TCP/IP packet on unix/linux platform i.e. it is command line network analyzer for UNIX. 
For more detail about TCPDUMP visit Click Here

What is WinDump?

                      WinDump is TCPDump command line packet analyzer for windows. WinDump is fully compatible with TCPDUMP have same commands and features available on windows. WinDump. If you want to traces the packets for some analysis purpose. We can easily capture packets on a particular network interface card  as well as trace route of packet using Win Dump. 

Installation of WinDump :

Step 1: Installation of WinPcap

For installation of WinDump we first require to install WinPcap. WinPcap is a set of network capture drivers require to WinDump to capture packets.

Download WinPcap from http://www.winpcap.org/install/default.htm then the following page appears in browser click on red circle icon then the WinPcap starts downloading


Once the download is completed start installation by double clicking the winPcap.exe file as shown below


Click on next button to start the installation of winPcap.


Then click on I Agree button as shown in above picture. 


Click on install to install winPcap in your computer



So click on finish button to complete installation of WinPcap.

Step 2:  Installation of WinDump
To download windump Click Here


Then above click downloads the windump.exe
then goto folder where the windump.exe is present.

Step 3: WinDump tutorial

                 Open the command prompt and then change the directory to path where windump.exe is present.
Here in my example i have put the downloaded windump.exe in  D drive
then follow the steps shown below,

Open command prompt by clicking (windows+R) button and type cmd in run window as shown below then click on ok


Then the comand prompt apperas as shown below


place the downloaded windump.exe in D drive as shown below


The red circle shown in above picture denotes  the drive D and windump.exe
 Then change the directory in command prompt to drive D as shown below


Now our environment is ready to capture packets.

To see the available options for windump enter  WinDump.exe -help in command prompt



Windump commands:

Enter the following command to capture packets in above open command prompt.
  • WinDump.exe -D  This command give us the list of available interfaces for capturing packets.

So there are two interfaces available first one for capturing packets over Ethernet interface i.e when computers are connected using wired LAN and second one interface is for capturing packets when the computer connected using wireless LAN.


  • WinDump.exe : This command is to capture packets on all available interfaces in this example we are listening on both interfaces


 So after stopping the packet capture by (control+C) button the log is generated. The generated blog is circled with red as shown below,



  • WinDump.exe -i <interface number>  : This command listen on the particular interface defined by -i parameter. In this case there are only two interfaces so interface number can be 1 and 2.

          So example WinDump.exe -i 1 reads or capture packets from interface number 1. Below snapshot of read packets on interface 1,



  • WinDump.exe -i <interface number> -port <port number> :  This command give us the two options to specify the interface number and port number on which we have to capture packets. So we can capture the packets on a particular port number like 80 if we want to capture the http packets. 

 So WinDump.exe -i 1 -port 80 to capture http packets on first interface as shown below



  • WinDump.exe > <output file name>  : This command used to capture packets on available interfaces and store it into output file for further analysis.
The command WinDump.exe > packets store the captured packets in packets file as shown below.


The above snapshot captures packets and store it into the file name packets.
The captured packets file we can open in notepad and see the captured packet list as shown below


Thanks for reading WinDump tutorial.
We can find more commands related to windump using WinDump.exe -help


1 comment:

  1. Thank you very much for this post. how can i view the capture packets with wireshark from the command prompt?

    ReplyDelete