{"id":1958,"date":"2018-12-27T19:01:14","date_gmt":"2018-12-27T18:01:14","guid":{"rendered":"http:\/\/labalec.fr\/erwan\/?p=1958"},"modified":"2018-12-29T19:14:10","modified_gmt":"2018-12-29T18:14:10","slug":"yet-another-raw-socket-capture-proggie","status":"publish","type":"post","link":"https:\/\/labalec.fr\/erwan\/?p=1958","title":{"rendered":"Yet another raw sockets capture proggie"},"content":{"rendered":"<p>Working in IT, I use <a href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\" rel=\"noopener\">Wireshark <\/a>almost every day.<br \/>\nThis software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it.<\/p>\n<p>However, there are times where you need a driverless and standalone software i.e a software which does not require any installation on your production server.<br \/>\nIndeed, I have seen cases where network may be interrupted for a short while or even worse, cases where the server would BSOD (on old winpcap versions thus).<br \/>\nFurthermore, in some situation you may wish to capture traffic over a VPN interface or over localhost : both actions which wireshark (or rather winpcap) can not perform.<\/p>\n<p>That&rsquo;s where the windows raw socket feature comes in handy : built in windows feature and can snif over VPN or localhost.<br \/>\nRead more about windows raw sockets <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/winsock\/tcp-ip-raw-sockets-2\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p>Raw sniffer is a command line tool meant to capture IP traffic built around windows raw sockets..<br \/>\nYou can pipe out to a text file (and later parse it in excel) or generate a cap file which you can later open with wireshark.<br \/>\nSource code is on <a href=\"https:\/\/github.com\/erwan2212\/rawsniffer\" target=\"_blank\" rel=\"noopener\">github<\/a>.<\/p>\n<p>It takes simple command line parameters : snif [localip] [proto] [port] [0:1]<\/p>\n<p>Some possible usage :<br \/>\n-snif 127.0.0.1 * * 1 : will capture all traffic on localhost to the console AND dump all traffic to a cap file<br \/>\n-snif 127.0.0.1 tcp 80 1 : will filter on http traffic on localhost to the console AND dump all traffic to to a cap file<br \/>\n-snif * udp * 0 : will filter on udp traffic on selected interface to the console<\/p>\n<p>note : if you dont see your incoming traffic, allow snif.exe on your windows firewall &#8211; this could do the trick.<\/p>\n<p><a href=\"https:\/\/imgur.com\/5MZaIJi\"><img decoding=\"async\" title=\"source: imgur.com\" src=\"https:\/\/i.imgur.com\/5MZaIJi.png\" \/><\/a><\/p>\n<p>Download <a href=\"https:\/\/erwan.labalec.fr\/other\/snif.zip\" target=\"_blank\" rel=\"noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Working in IT, I use Wireshark almost every day. This software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it. However, there are times where you need a driverless and standalone software i.e a software which <a href='https:\/\/labalec.fr\/erwan\/?p=1958' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37,5],"tags":[],"class_list":["post-1958","post","type-post","status-publish","format-standard","hentry","category-delphi","category-network","category-37-id","category-5-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1958"}],"version-history":[{"count":11,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1958\/revisions"}],"predecessor-version":[{"id":1976,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1958\/revisions\/1976"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}