December 02, 2010


A project I was working on required me to verify network traffic activity over specific ports.  I have not had much experience doing this but I knew Linux tcpdump would be my tool of choice.  Unfortunately, I was working in a Windows environment but it was easy enough to find a port of tcpdump for Windows.

I found MicroOlap had an easy to use port of tcpdump available for download.

Installation is simple, just unzip it.

Find Your Network Interface (Device)
Your computer may have more than one network interface.  A laptop will have an Ethernet card for a network cable but it will also have a wireless Ethernet card.  You need to know which one you are using and tell tcpdump to listen for network traffic on the device.  To get a list of devices on your computer, use the -D switch.

C:\Apps\tcpdump>tcpdump -D

**                                                               **
**        Tcpdump v4.0.0 (October 27, 2008) for Windows          **
**          Win 98/ME/NT4/2000/XP/2003/Vista/2008/Win7           **
**                                                               **
**      built with MicroOLAP Packet Sniffer SDK v4.2 and         **
**   MicroOLAP WinPCap to Packet Sniffer SDK migration module.   **
**                                                               **
**     Copyright (c) 1997 - 2009 MicroOLAP Technologies LTD,     **
**                  Khalturin A.P. & Naumov D.A.                 **
**                             **
**                                                               **
**                         Trial license.                        **
**                                                               **

1.\Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)
2.\Device\{8C8A81C7-D190-4A6D-88D9-7C83CF11BD1F} (VMware Virtual Ethernet Adapter for VMnet1)
3.\Device\{9AA64137-DCCD-4292-802D-7568D75004AA} (DW1520 Wireless-N WLAN Half-Mini Card)
4.\Device\{B58EA48A-BD5C-400D-94FD-02659C8B659A} (Intel(R) 82577LM Gigabit Network Connection)
5.\Device\{F61893D4-5284-48ED-960D-27A777C4D1DC} (Check Point Virtual Network Adapter For SecureClient)
6.\Device\{952066E8-9363-4AB5-8E8F-20F64C7DB32F} (VMware Virtual Ethernet Adapter for VMnet8)

Listen for Incoming Traffic on a Specific Port
After determining your interface, run the following command to listen for incoming traffic on a specific port.

C:\Apps\tcpdump>tcpdump -i 5 -nnvvXSs 1514 port %PORT_NUMBER%

-i 5  Specifies to which interface to use, which in this example is #5 above.
%PORT_NUMBER% Is replaced with the port number to listen for incoming traffic.

There is a lot more to tcpdump, but that is enough for now.

No comments:

Post a Comment