Jump to content
Sign in to follow this  
Romm

Need help with WinDump

Recommended Posts

Romm

How to interact WinDump and AutoIT? :/ (how to "read" WinDump in AutoIt)

And for example how this will look in AutoIt?

tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

Im new here :)

Share this post


Link to post
Share on other sites
erezlevi

Guys please help :)

well I tried to use windump but the file attached is the output result, can't see how to convert it to ASCII.

Share this post


Link to post
Share on other sites
Romm

I got something like this...

ФГІЎ яя §G_ < < яяяяяя 1шЎ3 1шЎ3

Ь!

Ь- §GД k k 1шЎ3 lйю№ E ]/u ЂХTе}ГФЙ·"№ I !_±W тj^ы ajiМv:·Q%лJбСёО8#ёoY

6ІQyЛЩ?

#ШЖх

ћџ`#¦Хє;ВeMt~§Gt¶ > > 1шЎ3 lйю№ E 0/v ЂХGTе}ГФЙ·"№ +А! УЫ §GИ < < lйю№ 1шЎ3 E &

Can you just copy/past script here?

Share this post


Link to post
Share on other sites
erezlevi

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

Share this post


Link to post
Share on other sites
Romm

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

Run(@ComSpec & " /c windump.exe")

All is ok, but i need write to log.

Share this post


Link to post
Share on other sites
erezlevi

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

All is ok, but i need write to log.

well I don't think it will work that way, this is why I used "Send" commands.

Share this post


Link to post
Share on other sites
Romm

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

Share this post


Link to post
Share on other sites
erezlevi

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")
well did you read the windump.exe help file? start with: Windump.exe -D to see where is your interface, and then use -X -x -s 400 to get 400 bytes of data payload including TCP header and then put your IP address like "ip host 9.164.185.11 > erezlog.txt" and the filename at the end.

Share this post


Link to post
Share on other sites
DeepakVimalnath

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

Share this post


Link to post
Share on other sites
lsakizada

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

Read the manual here:

http://www.winpcap.org/windump/docs/manual.htm


Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.