Tonight I took the plunge: I moved from winpcap and windump from Riverbed (formerly from CACE and before that from Politecnico di Torino) to npcap. There are lots of great reasons discussed on the npcap page, not to mention that winpcap hasn't had an update since 2013.
Even though I installed it with winpcap compatibility, I still got an error when running windump. That was fixed by installing WinDump for Npcap (see the Releases section for pre-compiled binaries).
It has always bothered me that enumerating interfaces using windump -D was more luck and trial-and-error than actually being able to see which interface you want to dump. So I wrote a little batch file called listif.cmd that will give me a nice list so I can run windump -i # to dump my packets. Besides windump itself, it doesn't require anything that doesn't come with Windows.
Even though I installed it with winpcap compatibility, I still got an error when running windump. That was fixed by installing WinDump for Npcap (see the Releases section for pre-compiled binaries).
It has always bothered me that enumerating interfaces using windump -D was more luck and trial-and-error than actually being able to see which interface you want to dump. So I wrote a little batch file called listif.cmd that will give me a nice list so I can run windump -i # to dump my packets. Besides windump itself, it doesn't require anything that doesn't come with Windows.
@echo off
setlocal ENABLEDELAYEDEXPANSION
set LIST=%temp%\getmac-list.txt
echo Getting available adapter list...
getmac /fo csv /v > %LIST%
echo Resolving available adapter list...
for /f "tokens=1,3 delims=.{}" %%a in ('windump -D') do (
for /f "tokens=1,2 delims=," %%m in ('findstr "%%b" %LIST% 2^>nul') do (
set CONN_NAME=%%m
set ADAPTER_NAME=%%n
echo %%a. !CONN_NAME:"=! (!ADAPTER_NAME:"=!^)
)
)
No comments:
Post a Comment