Déc 272018
 

Working in IT, I use Wireshark almost every day.
This software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it.

However, there are times where you need a driverless and standalone software i.e a software which does not require any installation on your production server.
Indeed, I have seen cases where network may be interrupted for a short while or even worse, cases where the server would BSOD (on old winpcap versions thus).
Furthermore, in some situation you may wish to capture traffic over a VPN interface or over localhost : both actions which wireshark (or rather winpcap) can not perform.

That’s where the windows raw socket feature comes in handy : built in windows feature and can snif over VPN or localhost.
Read more about windows raw sockets here.

Raw sniffer is a command line tool meant to capture IP traffic built around windows raw sockets..
You can pipe out to a text file (and later parse it in excel) or generate a cap file which you can later open with wireshark.
Source code is on github.

It takes simple command line parameters : snif [localip] [proto] [port] [0:1]

Some possible usage :
-snif 127.0.0.1 * * 1 : will capture all traffic on localhost to the console AND dump all traffic to a cap file
-snif 127.0.0.1 tcp 80 1 : will filter on http traffic on localhost to the console AND dump all traffic to to a cap file
-snif * udp * 0 : will filter on udp traffic on selected interface to the console

note : if you dont see your incoming traffic, allow snif.exe on your windows firewall – this could do the trick.

Download here

Poster un Commentaire

avatar
  S’abonner  
Notifier de