Rawcap

One. But you’re probably not aware that RawCap is our second most popular tool in terms of downloads, with around 100 unique downloads every day. RawCap started out as just being a quick hack that we released for free to the community in 2011 without expecting it to gain much attention. However, it quickly gained popularity, maybe due to the fact that it’s just a tiny .exe file and that it doesn’t require any external libraries or DLL’s to sniff network traffic (other than the .NET Framework). RawCap embraces the Unix philosophy to do only one thing, and do it well. Thanks to RawCap’s simplicity we have only needed to make a few minor updates of the tool since its first release 9 years ago. However, today we’re finally adding some new features that have been requested by users over the years. One such feature is that RawCap now automatically creates a Windows firewall rule when the tool is started. Before this feature was introduced users would have to run wf.msc (i.e. the "Windows Defender Firewall with Advanced Security") and manually create an inbound rule to allow RawCap.exe to receive incoming traffic. Without such a firewall rule RawCap would only be able to capture outgoing traffic. RawCap can be started in two different modes. Either as an interactive console application, or as a “normal” command line utility. Run RawCap.exe without any arguments, or simply double click the RawCap.exe icon to use the interactive mode. You will then be asked which

Interface to capture packets from and what filename you’d like to save them to. F:\Tools>RawCap.exe Network interfaces: 0. 192.168.0.17 Local Area Connection 1. 192.168.0.47 Wireless Network Connection 2. 90.130.211.54 3G UMTS Internet 3. 192.168.111.1 VMware Network Adapter VMnet1 4. 192.168.222.1 VMware Network Adapter VMnet2 5. 127.0.0.1 Loopback Pseudo-Interface Select network interface to sniff [default '0']: 1 Output path or filename [default 'dumpfile.pcap']: Sniffing IP : 192.168.0.47 Output File : dumpfile.pcap --- Press [Ctrl]+C to stop --- Packets : 1337 The other alternative is to supply all the arguments to RawCap when it is started. Use “RawCap --help” to show which arguments you can use. You’ll need to use this mode if you want to write the captured traffic to standard output (stdout) or a named pipe, or if you want RawCap to automatically stop capturing after a certain time or packet count. F:\Tools>RawCap.exe --help NETRESEC RawCap version 0.2.0.0 Usage: RawCap.exe [OPTIONS] can be an interface number or IP address can be filename, stdout (-) or named pipe (starting with \\.\pipe\) OPTIONS: -f Flush data to file after each packet (no buffer) -c Stop sniffing after receiving packets -s Stop sniffing after seconds -m Disable automatic creation of RawCap firewall entry -q Quiet, don't print packet count to standard out INTERFACES: 0. IP : 169.254.63.243 NIC Name : Local Area Connection NIC Type : Ethernet 1. IP : 192.168.1.129 NIC Name : WiFi NIC Type : Wireless80211 2. IP : 127.0.0.1 NIC Name : Loopback Pseudo-Interface 1 NIC Type : Loopback

3. IP : 10.165.240.132 NIC Name : Mobile 12 NIC Type : Wwanpp Example 1: RawCap.exe 0 dumpfile.pcap Example 2: RawCap.exe -s 60 127.0.0.1 localhost.pcap Example 3: RawCap.exe 127.0.0.1 \\.\pipe\RawCap Example 4: RawCap.exe -q 127.0.0.1 - | Wireshark.exe -i - -k As you can see, running “RawCap.exe -s 60 127.0.0.1 localhost.pcap” will capture packets from localhost to a file called “localhost.pcap” for 60 seconds and then exit. There are a couple of drawbacks with the new RawCap version though, it is a larger binary (48kB instead of 23kB) and it uses more CPU and RAM compared to the old version. We will therefore continue making the old RawCap version available to anyone who might need it. Visit the RawCap product page to download this tool and learn more. Posted by Erik Hjelmvik on Thursday, 30 January 2020 14:32:00 (UTC/GMT) Tags: #Netresec​ #RawCap​ #sniffer​ #PCAP​ #named pipe​ #Wireshark​ #WiFi​ #loopback​ #127.0.0.1​ Short URL: Erik Hjelmvik , Wednesday, 28 September 2016 11:45:00 (UTC/GMT) PacketCache lets you Go Back in Time Have you ever wanted to go back in time to get a PCAP of something strange that just happened on a PC? I sure have, many times, which is why we are now releasing a new tool called PacketCache. PacketCache maintains a hive of the most important and recent packets, so that they can be retrieved later on, if there is a need. Network forensics and incident response is performed post-event, but requires that packet have already been captured during the event

Port 57008. Go back to the Mikrotik router, where you start the sniffer with “/tool sniffer start” or by clicking the “Start” button in the WebFig. You should now see the Frames counter increasing in NetworkMiner's TZSP window. You’ll probably also notice that artifacts get added to the main NetworkMiner window in the background as more packets are received. Close the sniffer by running “/tool sniffer stop” or clicking the “Stop” button in WebFig, then click “Stop” in NetworkMiner. You can now close NetworkMiner’s TZSP window to view the artifacts that NeworkMiner has extracted from the captured traffic. Posted by Erik Hjelmvik on Thursday, 30 May 2024 13:05:00 (UTC/GMT) Tags: #TZSP​ #NetworkMiner​ #sniffer​ Short URL: Erik Hjelmvik , Thursday, 30 January 2020 14:32:00 (UTC/GMT) RawCap Redux A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to disk. We have also changed the target .NET Framework version from 2.0 to 4.7.2, so that you can run RawCap on a modern Windows OS without having to install a legacy .NET Framework. Here’s a summary of the improvements in the new RawCap version (0.2.0.0) compared to the old version (0.1.5.0): Uses .NET 4.7.2 instead of 2.0Support for writing to stdoutSupport for writing to named pipesLarge (64 MB) ring buffer to prevent packet dropsAutomatic firewall configuration Out of the software we develop and maintain here at Netresec, NetworkMiner is the most popular

Other devices. Dns Lock 1.5 [ 2023-01-09 | 1 MB | Freeware | 11|10|8|7 | 11456 | 5 ]Dns Lock is a portable utility that permits you to quickly change the address of your IPv4 DNS server and protect it from being changed.EMCO WakeOnLan is simply an advanced freeware Wake-on-LAN utility capable of performing in networks of any scale, to power up one or any number of remote PCs with one mouse click.NUTs - Network Utility Tools provides centralized access to several network tools without needing the Command Prompt.BURP is a network backup and restore program for Windows and Linux that attempts to reduce network traffic and the amount of space each backup uses.VOVSOFT Network Authenticator grants you the ability to remotely manage and control client computers in your local network.Opened Ports Viewer allows you to view all open ports on your machine.CloseTheDoor locates all TCP/UDP over IPv4/v6 listening ports and their associated files.NetworkCountersWatch can display the system counters for every network interface on your system.Internet Processes Viewer collects and displays active TCP and UDP network connections, including the owning processes and users, all from a portable app.IPPathTableView is a portable networking tool that displays the IP path table of your local machine. Termshark 2.4.0 [ 2022-07-11 | 6 MB | Open Source | 11|10|8|7|Linux | 5763 | 5 ]Termshark is a cross-platform terminal UI for tshark (part of Wireshark) that can intercept and analyze live interface traffic as well as read previously captured pcap files.Open DHCP Server is an Open Source multi-subnet DHCP Server that supports dynamic, static leases, relay agents, BOOTP, PXEBOOT, and global, range, and client-specific options.OverSite enables you to monitor your devices and internet connection easily.IP Finder is an efficient app that instantaneously locates and displays your internal/external IPs.Advanced IP Scanner is a fast, robust, and easy-to-use free IP scanner for Windows. Rawcap 0.2.1.0 [ 2022-06-17 | 47 KB | Freeware | 11|10|8|7 | 16665 | 4 ]RawCap is a free raw sockets sniffer for Windows. Rawcap can sniff any interface with an IP address, including 127.0.0.1 (localhost/loopback).By using 10 Strike Network Inventory you can get