The Ethical Hacker Network

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 2442

Editor-In-Chief

WinDump

« on: December 13, 2006, 03:03:54 PM »

Quote

WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista.

DL Here:
http://www.winpcap.org/windump/install/

Share your thoughts and experiences as well as comparisons to tcpdump.

Don


	Logged

CISSP, MCSE, CEH, Security+ SME

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1049

Re: WinDump

« Reply #1 on: December 13, 2006, 03:11:11 PM »

i have a fair amount of experience with it and it works just as well as tcpdump.

most people are lazy though and wont use windump/tcpdump...they'll cling to their GUI and use wireshark/ethereal.


	Logged

...tests i took go here...

http://carnal0wnage.blogspot.com/

Cutaway

Jr. Member

Offline

Posts: 96

Cutaway

Re: WinDump

« Reply #2 on: December 25, 2006, 01:12:53 PM »

ChrisG,
I don't think that you are being very fair. Yes, knowing how to use windump/tcpdump from the command line is very helpful if you want to see what is going on very quickly. But to say people are lazy because they use wireshark/ethereal just doesn't fit. These tools should really be classified separately. Windump/tcpdump are packet sniffers and wireshark/ethereal are protocol analyzers. Protocol analyzers utilize packet sniffers to get their information.

Here are my points.

1) The strength of Wireshark/Ethereal is in their protocol analysis. They easily let you isolate a conversation between hosts and then let you determine what the hosts are really saying to each other without having to do it all by hand or eye. My favorite is the ability to decrypt a WEP conversation.

2) Just because people like GUIs does not make them lazy. Some people are visual and being able to click through the information lets them break it down to something that makes sense. Heck, it is great from the pure educational standpoint of when you select a field the tool highlights the bytes of the packet you have selected. Very hand education and demonstration aid.

If you want to use a protocol analyzer from the command line you should actually look into tethereal/tshark. As I have not used these I really cannot provide any guidance. But the option is there.

I hope this helps.


	Logged

Go forth and do good things,
Cutaway

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1049

Re: WinDump

« Reply #3 on: December 25, 2006, 09:33:45 PM »

i stand by my statement...most people are too lazy to move away from the GUI and use the command line.

i say that because if you get a shell on a box, you arent going to have a big fat GUI to play with you are (most of the time) going to have a command shell.

i have run enough rootwars to know that most people are lost when all you give them is a shell, where is the nmap gui, where is the MSF web interface, the list goes on.

I'll even say that wireshark is a great tool, i use it all the time, but i can also use tcpdump/windump. since the post asked about what i thought about windump/tcpdump i think my post is fair. we didnt ask about my thoughts on wireshark.

cheers

-Chris


	Logged

...tests i took go here...

http://carnal0wnage.blogspot.com/

Cutaway

Jr. Member

Offline

Posts: 96

Cutaway

Re: WinDump

« Reply #4 on: December 26, 2006, 02:22:06 AM »

Here is a timely post http://taosecurity.blogspot.com/2006/12/wireshark-substitute-encourages.html about a Wireshark replacement called GUI Sniffer/Network Night Vision http://www.networknightvision.com/. No apparent command line version.


	Logged

Go forth and do good things,
Cutaway

oleDB

Full Member

Offline

Posts: 231

Re: WinDump

« Reply #5 on: December 26, 2006, 11:08:28 AM »

I think Wireshark/Ethereal is superior to tcpdump in terms of analysis. If I could choose between the two, I would take Wireshark/Ethereal everytime for analysis. I think tcpdump is a little more efficient at captures so thats really all I use it for.


	Logged

Kev

Guest

Re: WinDump

« Reply #6 on: December 27, 2006, 08:14:21 AM »

I have to admit that I agree with the statement Chris made. Many people do pick GUI over Command line programs even if in some instances the command line was superior. There are a lot of reasons for that ranging from lack of knowledge of the command line, laziness, a misconception that GUI programs are superior, etc... All I can say is that has been my honest experience with people. Does that mean if you ever use a GUI that must mean you’re lazy? Of course not!

Don’t get me wrong, I prefer wireshark over tcpdump most of the time, buts that’s not the point. To be a hacker, you must have a reasonable amount of skill with the command line. That’s just the nature of hacking and has been since day one. When you first breach a system you are usually trying to get a shell. If you don’t know your way around it, then you are dead in the water.


	Logged

slimjim100

EH-Net Columnist
Sr. Member

Offline

Posts: 365

Re: WinDump

« Reply #7 on: December 27, 2006, 09:48:09 AM »

I like WireShark due to its filters for DOCSIS and other fun not well known protocols but I am in a nitch field so I happen to use the filters.

My 2 cents....

Slimjim100


	Logged

CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1049

Re: WinDump

« Reply #8 on: December 27, 2006, 12:45:47 PM »

ok, maybe lazy was a bad choice for a description...

but what do you call someone that COULD do somethig but doesnt? Huh

its not that some people are incapable or too technically inept to use the command line they just choose not too...i'm open to suggestions on other words.


	Logged

...tests i took go here...

http://carnal0wnage.blogspot.com/

mn_kthompson

Jr. Member

Offline

Posts: 58

Re: WinDump

« Reply #9 on: December 27, 2006, 02:00:45 PM »

Quote

but what do you call someone that COULD do somethig but doesnt?

How about efficient?

I have the ability to walk or bike everywhere I go, but most of the time I use my car. Even though it costs me money and walking would be healthier for me, I choose to use my car and save some time.

If someone knows how to use tcpdump but they choose to use wireshark because the GUI makes things easier on them then they are simply choosing the most efficient way of doing things for them.

This thread is starting to reek like a holy war over what operating system is best. The best tool is the one that allows you to accomplish your goal in the most efficient way. For some that will be tcpdump, for others that will be wireshark.


	Logged

Cutaway

Jr. Member

Offline

Posts: 96

Cutaway

Re: WinDump

« Reply #10 on: December 27, 2006, 02:42:01 PM »

Well said, Kevin. I was trying to avoid the whole "I think my tool is better." So far I think we have done a fairly good job of pointing out the strengths of both and where to use them.

I personally am a right tool for the job kind of guy. So I see, and stand on, both sides.

I do think that the point ChrisG is trying to make is to be prepared to do either. By knowing how to use the command line tools you will be able to save time and effort. And I imagine that in the pentest world these are very important issues.

All told though, this has been a good thread but I think we are starting to push the limits.


	Logged

Go forth and do good things,
Cutaway

Kev

Guest

Re: WinDump

« Reply #11 on: December 27, 2006, 03:56:50 PM »

So GUI tools are more efficient than command line tools? Damn, I guess I better go back to my NmapFe! How efficient is it if you can’t use it in a hack and many times you can’t use GUI tools in such an environment. I would rather ride a bike if it gets me there if my car won’t start. I didn’t think this was a discussion of wireshark vs tcpdump but more about how many people avoid a tool if its command line. If you have done any real hacking you know there are times you have to use a command line tool, regardless of its efficiency. Any real hacker reading this knows this so perhaps this thread has run it’s coarse.


« Last Edit: December 27, 2006, 04:00:24 PM by Kev »	Logged

mn_kthompson

Jr. Member

Offline

Posts: 58

Re: WinDump

« Reply #12 on: December 27, 2006, 04:39:44 PM »

if product_(console) and product_(gui) can both accomplish task_(x) AND
product_(gui) produces results faster, or results that are easier to understand and work with then yes, the gui tool is more efficient.

If, on the other hand, product_(gui) can't be used in a hack then by definition it wont be more efficient. The thing is, sometimes you use programs like wireshark or tcpdump when you're not working on a hack. Sometimes you're working on a hack and you want to see what traffic is hitting your machine. The idea that someone is being lazy if they choose to use wireshark in these instances is just elitism. People should use the tool that works best for them and accomplishes the task at hand.


	Logged

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1049

Re: WinDump

« Reply #13 on: December 27, 2006, 08:14:59 PM »

Quote from: mn_kthompson on December 27, 2006, 02:00:45 PM

Quote

but what do you call someone that COULD do somethig but doesnt?

how about everytime you need to go a block away you drive your car, when you could get there faster by walking? is that still being "efficient" or is that being lazy?

a good security professional will choose the right tool for the right job and should be able to use both depending on the circumstances. my point is that many people when they start out (because they are trying to be more efficent) will use wireshark when they could do the same function with tcpdump/windump just as easily or faster but avoid it because they are too efficient to learn how to do things on the command line.

in my opinion this mentality should be avoided, not that people should avoid GUI tools, but that they should be able to use both. thats really all i am saying.

to me its rewarding to be able to quickly check something out with tcpdump, specially since i dont have to start xwindows and wait for wireshark to load or be able to just edit a file with vi to change one thing in the code versus firing up a gui to edit the file. now do i compose a whole paper using vi, of course not, but in some cases its much much faster to vi file.c, make the change and be on my way.


	Logged

...tests i took go here...

http://carnal0wnage.blogspot.com/

Kev

Guest

Re: WinDump

« Reply #14 on: December 27, 2006, 08:25:21 PM »

So you don’t like to wait for xwindows to load so you can jump right into using your tools? Now who is being lazy? Haha, just kidding.
Wink


	Logged

Pages: [1] 2 Go Up

« previous next »

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!