Dec 22, 2021
Let’s take a TCP Dump in Windows
There’re a lot of documentations available to take tcp dump in Linux based distributions but for windows, there’s very less. So for this, I thought to write a blog article on how to take tcpdump in Windows.
For this purpose we can use a tool called ‘Windump’ [1] .
Steps to Follow,
1. Download ‘Windump’ [2]
2. Download ‘WinPcap’ [3] and install it.
In order to run ‘windump’ you need to have this library ‘WinPcap’. It includes a driver to support capturing packets.
3. Go to the downloaded location of ‘Windump’ through terminal and execute following command to print the available network interfaces on the system and on which tcpdump can capture packets.
You will get an output just like this.
4. Now we are going to export a tcpdump to a file while following the scenario of exception occurring. To do that, execute the below command first,
windump -i {network_Interface_id} -w {filename}.pcapnetwork_Interface_id — the number of the network interface you’re printed in step 3 (if it listed only 1 interface, the number would be ‘1’. If multiple interfaces were returned, select a number from the list of interfaces and use in here)
filename — you can give any name to the file and save with .pcap (packet capturing extension)
Sample command would be like below,
windump -i 1 -w tcpdump.pcap5. Run a scenario which you need to capture tcpdump and press ‘ctrl’ + ‘c’ to stop the packet capturing after the scenario. The captured packets will save in above file (tcpdump.pcap)
Hope this will help you to take a tcpdump in Windows.
[1] https://www.winpcap.org/windump/docs/default.htm
[2] https://www.winpcap.org/windump/install/default.htm
[3] https://www.winpcap.org/install/default.htm
