Skip to content
/ ndisdump Public

A no-dependencies network packet capture tool for Windows

License

MIT license
4 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avast/ndisdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 

Repository files navigation

ndisdump

A no-dependencies network packet capture tool for Windows.

Introduction

Windows systems come with a pre-installed network filter, ndiscap.sys, which is used by netsh trace command to perform network captures into an .etl file. The file which must then be converted to .pcapng with another tool.

This repository contains ndisdump, a tool that uses ndiscap.sys to perform network capture directly into .pcapng file.

Usage: ndisdump [-s SNAPLEN] -w FILE

-w FILE      The name of the output .pcapng file.
-s SNAPLEN   Truncate packets to SNAPLEN to save disk space.

You can terminate the capture with Ctrl+C.

TODO

The ultimate aim is for this tool to have the same command-line interface as tcpdump, including the filter language.

About

A no-dependencies network packet capture tool for Windows

Topics

windows pcapng network-capture

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases 1

v1.0.0 Latest
May 27, 2021

Languages