1
Working with basic windump commands when capturing all packets its working in window 7
windump -i 1 -w file
But when filtering port its not working
windump -i 1 -w file port 80
showing
0 packet captured
843 packet recieved by filter
0 packets dropped by kernel
npf and remote packet capturing protgocol are running
Also same command working on window XP virtual machine
user162098
Posted 2013-02-27T15:47:32.703
Reputation: 21
1
The best way to validate this is to run wireshark with the filter tcp.port==80 also check if you have permission for the file.
I have seen the screen-shot basically whats wrong is the order of switches in the command you should use port 80 like this windump -i 1 port 80 > port.txt
asadz
Posted 2013-02-27T15:47:32.703
Reputation: 174
Yes wireshark works well,but was learning tcpdump usage and this problem rised – None – 2013-02-28T03:32:24.140
Thats great to learn to multiple tools; but you should know what information you are looking for as almost all sniffing software have the same functionality its just comes to reliability. I have the win 7 64 bit and the commands works for me the way its done is the i look at the windump -i 1 -A port 8080 > file1.txt – asadz – 2013-02-28T05:35:50.993
@azadz :thanks for reply but the problem is that if not defining any filtering (like here port 80) its captuuring data but after applying filter its recieving packets but not capturing.I also tried your command but got same problem. – None – 2013-02-28T11:18:04.877
can you explain what you mean by capturing ? is the filter capturing traffic related to port 80, if not try seeing if your are behind proxy in that case the port would be different. Try to see if the firewall is open, disable it. – asadz – 2013-02-28T12:07:29.860
here is the image of two different commands one with filter and one without filter.Later one is working like charm and capturing packets and saving to a file image
– None – 2013-02-28T12:43:45.227see the updated answer. – asadz – 2013-02-28T13:17:54.517
Thanks bro but problem remained unsolved.I dont think their is anything wrong with the command.Their might be something wrong with daemons running. – None – 2013-03-01T14:58:54.140
There is everything wrong with the command , look its simple programing concepts windump -i 1 > port.txt port 80 by issuing this command you are saying the program to save the results port.txt and then filter port 80 it doesn't work this. That part is never executed the output is never redirected to a file. – asadz – 2013-03-01T18:08:33.443
Yea you are right, but i tried both ways.None of them worked.Do you know any other filtering command. And does both windump -i 1 -w file port 80 and windump -i 1 port 80 > port.txt command work with your system? – None – 2013-03-02T04:56:50.650
windump -i 1 -w file didn't work as the file was writing garbage values so i used >. – asadz – 2013-03-02T07:28:58.060
Check your firewall (Firewall service should be started, but disabled in Control panels) Any other config on Server 2008 and newer is unpredictable. – goodguys_activate – 2013-03-02T18:53:15.260