From the course: Network Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
tcpdump and WinDump
- [Instructor] A majority of packet capture, or sniffing tools, use a software library called packet capture, or PCAP in short, to sniff network data. The Unix/Linux version of PCAP is called libpcap while its Windows version is referred to as WinPcap. There are two well-known tools relying on PCAP to capture and analyze packets. The first one is tcpdump, a simple command-line interface packet sniffer. The second one is Wireshark, which is a much more sophisticated and user-friendlier tool complete with a graphical user interface, or GUI. Tcpdump works on Unix/Linux operating systems. There's also a Windows port of tcpdump called WinDump, taking advantage of the WinPcap library. Both tcpdump and WinDump have a similar set of commands and options, but there are of course subtle differences between the two tools. Tcpdump is pre-installed on Ubuntu, but WinDump requires a new installation which includes setting up WinPcap. Let's try to run WinDump without installing WinPcap and see what…