Skip to content
/ ndisdump Public

A no-dependencies network packet capture tool for Windows

License

MIT license
2 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avast/ndisdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

.github/workflows

.github/workflows

 
 

src

src

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

VERSION

VERSION

 
 

Repository files navigation

ndisdump

A no-dependencies network packet capture tool for Windows.

Introduction

Windows systems come with a pre-installed network filter, ndiscap.sys, which is used by netsh trace command to perform network captures into an .etl file. The file which must then be converted to .pcapng with another tool.

This repository contains ndisdump, a tool that uses ndiscap.sys to perform network capture directly into .pcapng file.

Usage: ndisdump [-s SNAPLEN] -w FILE

-w FILE      The name of the output .pcapng file.
-s SNAPLEN   Truncate packets to SNAPLEN to save disk space.

You can terminate the capture with Ctrl+C.

TODO

The ultimate aim is for this tool to have the same command-line interface as tcpdump, including the filter language.

About

A no-dependencies network packet capture tool for Windows

Topics

windows pcapng network-capture

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases 1

v1.0.0 Latest
May 27, 2021

Languages