I’ve had to troubleshoot a number of network related issues recently. I love WireShark, but I don’t want to install it on every server. I’m still a bit hesitant on installing the WinPcap drivers on servers as well, but when you need to grab network traffic on the Windows platform, it is one of the easier ways.
(Yes.. I know I should have a monitoring box on a span port that I could do this off of, but it becomes a bit more complicated in a virtual environment.)
The command line I used for WinDump was something like:
C:\WinDump.exe -n -s 0 -vvv -w mynetworkcapture.pcap
The “–n” skips the DNS resolution (which makes it a bit more consistent to read through).The “–s 0” captures the full packet. “-vvv” captures additional packet details. And last, but not least, “-w mynetworkcapture.pcap” is the file name (and relative path) to where the capture could be saved.
There are many, many other options, but this got me a quick grab of traffic that let me isolate my problem in WireShark and get to the resolution I needed.