Monday, April 11, 2011

Sniff Network without WinPcap - RawCap

NETRESEC has announced the release of a tool RawCap, which is a free raw sockets sniffer for Windows. What does this mean to incident responders and Pentesters. This means:
  • Can sniff on any interface that has got an IP address, including loopback addresses
  • No external Libraries or DLLs needed
  • No installation required. the executable is self-sufficient and only 17kB.
  • Can sniff most interface types including WiFi and PPP interfaces
  • Minimal memory and CPU load
For now RawCap takes two arguments;
  • First argument is the IP address or interface number to sniff from
  • Second argument is the path/file to write the captured packets to
Piping this output to other filters turns on a endless array of possibilities. You can read more about this tool here.