Archive for April 4th, 2011

Taking a WinDump

Scripting, Servers April 4th, 2011

I’ve had to troubleshoot a number of network related issues recently.  I love WireShark, but I don’t want to install it on every server.  I’m still a bit hesitant on installing the WinPcap drivers on servers as well, but when you need to grab network traffic on the Windows platform, it is one of the easier ways.

(Yes.. I know I should have a monitoring box on a span port that I could do this off of, but it becomes a bit more complicated in a virtual environment.)

So, I’ve compromised a bit.  I’ve been using the WinPcap drivers and WinDump from the command line to create the network captures.  Then I can use WireShark on my desktop to analyze the traffic.

The command line I used for WinDump was something like:

C:\WinDump.exe -n -s 0 -vvv -w mynetworkcapture.pcap

The “–n” skips the DNS resolution (which makes it a bit more consistent to read through).The “–s 0” captures the full packet.  “-vvv” captures additional packet details.  And last, but not least, “-w mynetworkcapture.pcap” is the file name (and relative path) to where the capture could be saved.

There are many, many other options, but this got me a quick grab of traffic that let me isolate my problem in WireShark and get to the resolution I needed.