Let’s take a TCP Dump in Windows

There’re a lot of documentations available to take tcp dump in Linux based distributions but for windows, you may not find much. So I thought to write a story on how to take tcpdump in Windows.

For this purpose we can use a tool called ‘Windump’. Get more details from here.

Steps to Follow,

1. Download ‘Windump’ and install it

2. Download ‘WinPcap’ [3] and install it.

In order to run ‘windump’ you need to have this library called ‘WinPcap’. It includes a driver to support capturing packets.

3. Go to the downloaded location of ‘Windump’ through terminal and execute following command to print the available network interfaces on the system and on which tcpdump can capture packets.

windump -D

You will get an output just like this.

4. Now we are going to export a tcpdump to a file while following the scenario where we can observe an excpetion. To do that, execute the below command first,

windump -i {network_Interface_id} -w {filename}.pcap

network_Interface_id — the number of the network interface you’re printed in step 3 (if it listed only 1 interface, the number would be ‘1’. If multiple interfaces were returned, select a number from the list of interfaces and use itin here)

filename — you can give any name to the file and save with .pcap (packet capturing extension)

Sample command would be like below,

windump -i 1 -w tcpdump.pcap

5. Run a scenario which you need to capture tcpdump and press ‘ctrl’ + ‘c’ to stop the packet capturing after the scenario. The captured packets will save in above file (tcpdump.pcap)

Hope this will help you to take a tcpdump in Windows.

Don’t forget to Clap hard if this helps you. Also let me know in comment section if you have any questions to discuss. Bye Bye for now.