Skip to main content

Posts

Showing posts from July, 2007

Welcome to Mark Baggett - In Depth Defense

I am the course Author of SANS SEC573 Automating Information Security with Python. Check back frequently for updated tools and articles related to course material.




Windows TCPDUMP without installing WINPCAP!!!!!!!!

IMHO, This is a long time coming for Windows. I love this thing. You probably already know about it, but I haven't read much about it anywhere and Its been very useful to me. Its a version of tcpdump for windows that doesn't require I install the Winpcap drivers. I use it along with PSEXEC to start remote sniffing probes on Windows workstations. I'm sure its NOT forensically sound to do this in on a box that may contain evidence because of the swap file, but for information gathering something like this is very useful.

So with this..
http://www.microolap.com/downloads/tcpdump/tcpdump.zip

Something like this

\mytools\psexec.exe \\remotecomputer -c \mytools\tcpdump.exe -i 1 -s0 -w \\remotefileserver\share\capturename.cap

Lets me turn every node on my network into a remote Snort probe, or just capture anamolies!