Need help with WinDump

[Romm]

How to interact WinDump and AutoIT? :/ (how to "read" WinDump in AutoIt)

And for example how this will look in AutoIt?

tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

Im new here

[Romm]

Guys please help

[erezlevi]

Guys please help

well I tried to use windump but the file attached is the output result, can't see how to convert it to ASCII.

[Romm]

I got something like this...

ФГІЎ яя §G_ < < яяяяяя 1шЎ3 1шЎ3

Ь!

Ь- §GД k k 1шЎ3 lйю№ E ]/u ЂХTе}ГФЙ·"№ I !_±W тj^ы ajiМv:·Q%лJбСёО8#ёoY

6ІQyЛЩ?

#ШЖх

ћџ`#¦Хє;ВeMt~§Gt¶ > > 1шЎ3 lйю№ E 0/v ЂХGTе}ГФЙ·"№ +А! УЫ §GИ < < lйю№ 1шЎ3 E &

Can you just copy/past script here?

[Romm]

bump

[erezlevi]

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

[Romm]

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

Run(@ComSpec & " /c windump.exe")

All is ok, but i need write to log.

[erezlevi]

Ok now i use this

Run(@ComSpec & " /c windump.exe > erezlog.txt")

The problem is that WinDump stops

WinDump.exe : Listening on \Device.....

If i use

All is ok, but i need write to log.

well I don't think it will work that way, this is why I used "Send" commands.

[Romm]

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

[erezlevi]

I got same result using

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

well did you read the windump.exe help file? start with: Windump.exe -D to see where is your interface, and then use -X -x -s 400 to get 400 bytes of data payload including TCP header and then put your IP address like "ip host 9.164.185.11 > erezlog.txt" and the filename at the end.

[DeepakVimalnath]

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

hi Romm, sorry for not answering, I saw your private message...

here:

first use this:

http://wiki.tibbo.net/doku.php/windump

autoit:

run ("cmd")
sleep (500)
send ("cd\")
send ("{enter}")
send ("c:\windump.exe -i 5 -X -x -s 400 ip host 9.164.185.11 > erezlog.txt")
send ("{enter}")
sleep (10000)
send ("{^c}")
sleep (500)
Run ("notepad C:\erezlog.txt")

output of file attached!

[lsakizada]

Hi Bro,

PLease can u explain my the commands once again, as i cant able to obtain results when I used the below commands... i just a want a output of windump in areadable format...

windump -X -x 500 IP host 192.168.1.109 > filename.txt

Cheers,

Deepak.

Read the manual here:

http://www.winpcap.org/windump/docs/manual.htm