How can I run tcpdump under Windows

Stefan's blog

It feels like an eternity since I wrote something about Windows here (apart from a rant maybe ;-) The discovery that morning was the information that you can record network traffic with Windows on-board tools. The whole thing works from Windows 7 or Windows Server 2008.

The charm of the whole thing is that you don't have to install separate software for the recording, especially in productive systems you don't like to see it ;-) And even Wireshark Portable has to run the winpcap installer, even if the installation is reversed immediately after closing becomes.

The key is the command. With you start the recording, with you finalize the recording. There are a lot of options (cyclical buffer, filtering based on certain criteria, etc.), these can be displayed with.

Unfortunately, the whole thing does not end up in a Wireshark-readable format, you need the Microsoft Message Analyzer to open it. The program makes a lame impression, but then it is surprisingly potent. But if you still prefer to use Wireshark, you can use the Message Analyzer to export the data to a pcap file.

Also of interest for diagnostic use: A cab file is generated together with the packet data, which collects a large amount of system information - for example, information about the network drivers used, the exact network configuration and the current firewall rules, along with a list of blocked / enabled applications can be found in it .