Sign in to follow this  
Followers 0
Romm

Need help with WinDump

12 posts in this topic

How to interact WinDump and AutoIT? :/ (how to "read" WinDump in AutoIt)

And for example how this will look in AutoIt?

tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

Im new here :)

Share this post


Link to post
Share on other sites



Guys please help :)

Share this post


Link to post
Share on other sites

Guys please help :)

well I tried to use windump but the file attached is the output result, can't see how to convert it to ASCII.

Share this post


Link to post
Share on other sites

I got something like this...

ФГІЎ яя §G_ < < яяяяяя 1шЎ3 1шЎ3

Ь!

Ь- §GД k k 1шЎ3 lйю№ E ]/u ЂХTе}ГФЙ·"№ I !_±W тj^ы ajiМv:·Q%лJбСёО8#ёoY

6ІQyЛЩ?

#ШЖх

ћџ`#¦Хє;ВeMt~§Gt¶ > > 1шЎ3 lйю№ E 0/v ЂХGTе}ГФЙ·"№ +А! УЫ §GИ < < lйю№ 1шЎ3 E &

Can you just copy/past script here?

Share this post


Link to post
Share on other sites

bump

Share this post


Link to post
Share on other sites

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

Share this post


Link to post
Share on other sites

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

Run(@ComSpec & " /c windump.exe")

All is ok, but i need write to log.

Share this post


Link to post
Share on other sites

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

All is ok, but i need write to log.

well I don't think it will work that way, this is why I used "Send" commands.

Share this post


Link to post
Share on other sites

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

Share this post


Link to post
Share on other sites

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")
well did you read the windump.exe help file? start with: Windump.exe -D to see where is your interface, and then use -X -x -s 400 to get 400 bytes of data payload including TCP header and then put your IP address like "ip host 9.164.185.11 > erezlog.txt" and the filename at the end.

Share this post


Link to post
Share on other sites

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

Share this post


Link to post
Share on other sites

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

Read the manual here:

http://www.winpcap.org/windump/docs/manual.htm


Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0