I’ve had to troubleshoot a number of network related issues recently.  I love WireShark, but I don’t want to install it on every server.  I’m still a bit hesitant on installing the WinPcap drivers on servers as well, but when you need to grab network traffic on the Windows platform, it is one of the easier ways.

(Yes.. I know I should have a monitoring box on a span port that I could do this off of, but it becomes a bit more complicated in a virtual environment.)

So, I’ve compromised a bit.  I’ve been using the WinPcap drivers and WinDump from the command line to create the network captures.  Then I can use WireShark on my desktop to analyze the traffic.

The command line I used for WinDump was something like:

C:\WinDump.exe -n -s 0 -vvv -w mynetworkcapture.pcap

The “–n” skips the DNS resolution (which makes it a bit more consistent to read through).The “–s 0” captures the full packet.  “-vvv” captures additional packet details.  And last, but not least, “-w mynetworkcapture.pcap” is the file name (and relative path) to where the capture could be saved.

There are many, many other options, but this got me a quick grab of traffic that let me isolate my problem in WireShark and get to the resolution I needed.



Comments

  1. 1
    Jerome
    April 7th, 2011 at 9:22 pm

    PICC Early Bird Pricing Extended to Tuesday April 12th. My son and I will be attending PICC I’ll do PowerShell Fundamentals” while my son does “Grokking Python”. See you there.

  2. 2
    Steve
    April 8th, 2011 at 6:52 am

    Jerome, thanks for the note. I’m looking forward to the session. Thanks for picking PowerShell fundamentals, there are definitely great options in course selection during that time.

Leave a Comment

You must be logged in to post a comment.

blank