A user-mode packet dump software based on Npcap. It's a fork of the original WinDump.
- Get the latest Npcap SDK.
- Build
win32\prj\WinDump.sln
with Visual Studio 2013 or later. - Note: in this MSVC project, the Npcap SDK is pointing to
J:\npcap\npcap-sdk
, you may need to adjust this setting to your own Npcap SDK location.
https://github.com/hsluoyz/WinDump/releases
Get the list of interfaces:
J:\github_repos\WinDump\win32\prj\Win32\Release>WinDump.exe -D
1.\Device\NPF_{9ADACD44-ECFF-45E2-BD5E-3491DEBA711F} (NdisWan Adapter)
2.\Device\NPF_{8A300A14-CA5A-4A3C-B52B-7516661B4CDA} (NdisWan Adapter)
3.\Device\NPF_{44DB6B7A-661D-4FA3-925E-6287EA48D3F6} (NdisWan Adapter)
4.\Device\NPF_{F0353155-69D0-4611-AB2A-EE864BE0ADD9} (Microsoft)
5.\Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} (Microsoft)
Capture on an interface:
J:\github_repos\WinDump\win32\prj\Win32\Release>WinDump.exe -i5
WinDump.exe: listening on \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9}
23:09:29.711696 IP AkiSn0w-PC.14468 > 125.33.6.205.2123: UDP, length 37
23:09:29.711801 IP AkiSn0w-PC.14468 > 125.33.6.205.2123: UDP, length 1428
23:09:29.711867 IP AkiSn0w-PC.14468 > 125.33.6.205.2123: UDP, length 1428
23:09:29.711893 IP AkiSn0w-PC.14468 > 125.33.6.205.2123: UDP, length 1428
23:09:29.715645 IP AkiSn0w-PC.60784 > AkiSn0w-PC.53: 45922+ PTR? 205.6.33.125.in-addr.arpa. (43)
23:09:29.721960 IP AkiSn0w-PC.61696 > AkiSn0w-PC.53: 2523+ A? dc.services.visualstudio.com. (46)
23:09:29.722197 IP AkiSn0w-PC.53 > AkiSn0w-PC.60784: 45922 NXDomain 0/1/0 (97)
23:09:29.722198 IP 105.92.9.221.adsl-pool.jlccptt.net.cn.46313 > AkiSn0w-PC.14468: UDP, length 48
23:09:29.722198 IP 105.92.9.221.adsl-pool.jlccptt.net.cn.46313 > AkiSn0w-PC.14468: UDP, length 100
23:09:29.722198 IP 105.92.9.221.adsl-pool.jlccptt.net.cn.46313 > AkiSn0w-PC.14468: UDP, length 99
23:09:29.722464 IP AkiSn0w-PC.14468 > 105.92.9.221.adsl-pool.jlccptt.net.cn.46313: UDP, length 322
23:09:29.722546 IP AkiSn0w-PC.14468 > 105.92.9.221.adsl-pool.jlccptt.net.cn.46313: UDP, length 1439
23:09:29.722564 IP
For other advanced usage, please refer to WinDump docs.
Please refer to Npcap docs.