Results 1 to 4 of 4

Thread: windump

  1. #1
    Senior Member
    Join Date
    Nov 2001


    trying to set up windump on my computer at home (win2k). unfortuanatly i have a dial up connection and im having a heck of a time trying to get windump to recognize my modem as an interface.

    winpcap is installed

    i tryed using the system name:


    to no avail....any ideas? ethereal has the same prob.

    or can anybody recomend a packet capture device that will work with a modem and capture outgoing packets?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Q-6: Can I use WinPcap on a PPP connection?

    A: We have tested WinPcap on PPP connections under Windows 95, Windows 98 and
    Windows ME. In Windows 95, due to a bug in NDIS, WinPcap sometimes resets the
    PPP connection. In Windows 98/ME this bug appears to be corrected, and WinPcap
    seems to receive correctly, however it is not able to send packets. Under
    Windows NT/2000/XP there are problems with the binding process, that prevent a
    protocol driver from working properly on the WAN adapter. The problem is caused
    by the PPP driver of WinNTx, ndiswan, that doesn't provide a standard interface
    to capture.

    I had thought that tk2k had gotten it to work in the past... but I can't find the thread on it ATM....
    OK! I found it... read through the whole thread....

    To correctly install capture driver in Windows 2000 operating systems you must follow these steps.

    1. Open Windows 2000 Control Panel.
    2. From Windows Control Panel make a double click on "Network and Dial-up Connections" icon. Then double click "Local Area Connection". In the new window click on the 'properties' button.
    3. Click on the Install button in the window where you can install new network components.
    4. In the next window choose the line labeled Protocol...
    5. . . . and click on Add button.
    Then click on the Have Disk button and on following window choose the full path where you have uncompressed the network device driver (this folder must contain the files packet.inf and packet.sys). Click on the OK button.

    6. Choose the voice BPF Packet capture Driver v X.XX (where X.XX is the number of the version you are installing). Follow instructions displayed on your monitor (Note: this installation can ask you the CD containing Windows 2000).
    7. In the list containing network components, you can now see a line labeled BPF Packet capture driver vX.XX.
    The driver creates the binding on all the network interface installed on your computer. If some interface must not be used to capture packets you can remove the binding for that specified interface.

    At this point select OK and reboot the machine.
    Then you should be able to use windump... according to (V)/\>< it works...

    Oh, BTW: You might want to see if ethereal will work after installing the packet capture driver on 2k too...


    http://www.sniff-em.com/ claims to be able to do it...
    Dialup support for Windows XP, 2000, NT4 added.

    » Stealth Sniff'em™ doesn't generate any Network Traffic making it virtualy indetecable.
    » Dial-up support Sniff'em™ is the only sniffer that supports Dialup adapters on windows 2000 and XP! Sniff'em™ does not rely on normal freely available Packet drivers and can as such offer more features and is more flexible then any other competitor.
    » Compability Others droped Windows 95 aswell as Windows 98, we don't. We support Windows 95(abc),98(SE),ME,NT4,2000 and XP.
    I have never used it... but after much searching a while ago (before I got dsl) thats all I could find....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Then you should be able to use windump... according to (V)/\>< it works...
    Yes, it works. I've been using windump since I used w2k (I am using xp). After default install of winpcap, I always find it works. I don't remember installing or configuring anything else. But you may want to try phishphreek80 suggestion to manually install the packet driver.

    Ok I just checked out the winpcap site, and tho they removed support for ndiswan adapters since Version 3.0 beta, 10 feb 03 (http://winpcap.polito.it/misc/changelog.htm), ...
    * NdisWan support:
    o due to the large number of messages reporting problems (blue screens) with VPNs, PPTP and such connections, we have disabled the support for NdisWan adapters. As a consequence, it is not possible to capture from PPP (neither NdisWanIp, nor NdisWanBh, nor NdisWanBfIn/Out...). At the moment we have no plans to fix the problem with VPNs, PPTP, PPP unless we get a generous sponsorship.
    ... I'm still able to detect and capture traffic from my dial up adapter using the good ol' winpcap 2.3 and windump 3.6.2.

    Here's the current list of my adapters (ethereal will show the same list):
    D:\>windump -D
    1.\Device\Packet_NdisWanIp (NdisWan Adapter)
    2.\Device\Packet_{78076988-F351-4BB7-A713-AB52C3CBE7D9} (Intel 8255x-based Integrated Fast Ethernet)

    Now if I want to capture my wan adapter traffic, I would either type:
    D:\>windump -i 1
    D:\>windump -i \Device\Packet_NdisWanIp (NdisWan Adapter)

    Here's the sample output:
    D:\>windump -i 1
    WinDump_3_6_2: listening on\Device\Packet_NdisWanIp
    WinDump_3_6_2: WARNING: The operation completed successfully.

    18:48:38.186217 > jdenny.mydomain.1967: . ack 1186444085 win 6432 (DF)
    18:48:38.186227 > jdenny.mydomain.1967: . ack 1 win 6432 (DF)
    18:48:38.226195 > jdenny.mydomain.1967: P 0:131(131) ack 1 win 6432 (DF)
    18:48:38.226201 > jdenny.mydomain.1967: P 0:131(131) ack 1 win 6432 (DF)
    18:48:38.637017 > jdenny.mydomain.1968: . ack 1186689360 win 15213

    Peace always,
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds

  4. #4
    Senior Member
    Join Date
    Nov 2001
    thanks you guys!

    its time to set up a gateway box anyway so i can get RH on line but ill try your suggestions first...hate to be defeated!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts