Tech Tips

Windump

Windump (back to basics)

Sometimes I like to go back to the basics, for network troubleshooting a good packet analyzer is what I need. I use Wireshark and Tshark if I can, but sometimes I get everything I need out of TCPDUMP. Sometimes I find myself staring at a Windows machine and not at a Linux command line. No problem, Windows has a couple of useful shells to work with, and it can run something very very close to TCPDUMP.

So, if you are also looking for a simple alternative to Message Analyzer, Wireshark, or Tshark than WinDump – (a port of LibPcap ) may be just what you’re looking for. If you are familiar with TCPDUMP on Linux or UNIX, than you will find WinDump works very much the same.

Download windump here

verify your download:

SHA1: d59bc54721951dec855cbb4bbc000f9a71ea4d95

MD5: 7b50683722d9efd3dccbb9e65ec0f2df

You can use Sigcheck to verify the file:

https://download.sysinternals.com/files/Sigcheck.zip

Also available is the entire suite of System Internal Tools which also contains SigCheck

https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

Another available but currently unsupported command line utility that computes MD5 or SHA1 cryptographic hashes for files that works with Windows 10:

Microsoft File Checksum Integrity Verifier tool

(Windows-KB841290-x86-ENU.exe)

https://www.microsoft.com/en-us/download/details.aspx?id=11533

 

I find it easier to place both WinDump and fciv in the same folder.

You may choose to move WinDump after you scan your download with an antivirus and/or Malware detection tool and verify the file integrity

 

 

 

Windump

 

Windump

 

 

Using “-both” to see both the SHA1 and MD5  output together

Windump

 

You can find the manual for WinDump (actually its also the TcpDump manual) at:

https://www.winpcap.org/windump/docs/manual.htm

 

windump.exe version 3.9.5, based on tcpdump version 3.9.5

WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)

Usage: windump.exe [-aAdDeflLnNOpqRStuUvxX] [ -B size ] [-c count] [ -C file_size ]

                [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]

                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]

                [ -W filecount ] [ -y datalinktype ] [ -Z user ]

                [ expression ]

 

 

If you’re interested in whats new with Tcpdump and LibPcap check out the latest releases:

http://www.tcpdump.org/#latest-releases

 

If all you want to do is collect packet data (with low overhead) so that you can examine the capture later in Tshark or Wireshark, and you have Wireshark tools installed, than Dumpcap is another useful option. I believe on Linux, TcpDump may drop fewer packets than Dumpcap (and Tcpdump can parse data in near real time for viewing), so I would lean more toward using WinPcap on Windows machines if available. You may find that Tshark and Dumpcap work better for your system, but I tend to use either Tcpdump/WinDump or Wireshark. I will use Tshark on occasion, but rarely would I limit my use to Dumpcap only.

 

Library studying

College Tech Tips

Be Ready for College with these Tips!

 

1. How to Save Money for College

Going away to college is expensive! However being a college student with a .edu email address allows you access to a 6-month free trial of Amazon Prime Student

This is a great opportunity for those of you who haven’t yet been a member of Prime and want to try.

Living on your own or in a dorm is much easier when you can simply buy just about anything and have it shipped to you for free within 2 days.  

Have time to kill between classes? With Amazon Prime, you have access to Prime video which gives you a collection of movies and TV to watch from all your devices. 

 

2. Decide on what you need to be successful in school

Depending on your major and what your hobbies are will dictate how much tech hardware you will be bringing to school. Students entering into a tech-related major will usually bring more than a student not in a tech major. For example, I was a Computer Information System major and I bought multiple computers both laptops and a desktop. I might have done a little overkill but I liked to have my operating systems on separate machines and when I had to do heavy processing…or when I would play games I’d use my desktop. Students in other fields of study might only need a laptop that can run word processing to create reports. 

 

3. Dorm WiFi

College dorms are notorious for having WiFi issues and slow speeds. You will start to notice that during class hours, the internet is blazing fast. Then when you try to download your course’s syllabus at 7 pm and the download crawls to a finish.

 To be prepared: Bring an Ethernet cable to connect to the wall, this should provide a boost during heavy traffic hours. If your laptop or even phone or tablet doesn’t have an Ethernet port you can buy a Network Adapter to use.

 

Have_Gun–Will_Travel

Have laptop, will work remotely

Have_Gun–Will_Travel

“Have laptop, will work remotely”

Anyone still remember  Have Gun, Will Travel ?

from 1957 – 1963? Starring Richard Boone as Paladin? It was basically a show about a good guy gunfighter for hire – paid by those who could afford his services, and often working for free for those who could not. (but needed someone to help when no one else could or would).

Do you find yourself helping some people for free with their network or computer system problems, – spending time advising and or troubleshooting over the phone, or remotely across the Internet? I know time is money, and sometimes we forget that. Is it wrong? No, sometimes it’s worth it. If you like to help people out because you can, maybe that’s reward enough.

If you plan on consulting or contracting your services, working for free not only gets your name out, but it can be good practice to help sharpen your skills. Solving issues, teaching others or troubleshooting problems often results in you learning things from a different angle. You might see a problem and figure out a solution to something you may have not thought of or seen before. This is all interestingly noble and everything, but I’m more interested how you go about troubleshooting. Can you solve problems without your computer or looking over someone’s shoulder? Can you answer any problem off the top of your head? If you’ve been doing this long enough, you probably can for anything you’ve worked on before.

Experience is gold

The idea of “Have gun , will travel” conveys the message that you can solve almost any problem with the “gun” that you have. In the West just after the Civil War, that might have been true – at least it was on the screen in the early days of Television.

Today you might think of your laptop as your “problem solver” Of choice. As on the old television shows it still took some skill to know how to use a gun, and the same is true today for your “computer” A laptop doesn’t do a lot if you don’t have the skills to use it. How do we hone and develop these skills? Well we don’t throw data bits at glass bottles on a log for target practice, but we still have to practice to gain experience. Consider the help you give others to solve computer or networking problems as your target practice.

Windows 10 command line

Windows 10 Command Line Tips and Info

If you like to work at the command line with nothing more than a curser and some text, but you’re not really into PowerShell, have no fear the “Administrative Command Prompt” is here. Ok, so that’s really nothing new to you. You probably even use netsh to check your firewall status

netsh advfirewall>show currentprofile

 or survey your wireless LAN.

netsh wlan show all  

Maybe all you need to do is check your “ipconfig /all” status every so often. If you just want to know what your computer’s name is on the network all you need to do is run the “hostname” command. “net users” command to see who is on the network. Very basic but useful things you can do from the command line or shell.
Well let’s see, maybe you already know about the Windows Management Instrumentation Command line (WMIC), but you really don’t use it that much. Maybe you’ve never known about it. It tends to be a mystery to many, but why should it be. It’s not like it’s hidden or anything. I believe that when it comes to working efficiently it’s sometimes very productive to venture into territories that are not often traveled by most. Let’s see if we can find something here to make our work a little simpler.
At your command line type what’s in between the quotes: “wmic /?” (enter)

Terminal Output:

[global switches] <command>

The following global switches are available:

/NAMESPACE Path for the namespace the alias operate against.

/ROLE Path for the role containing the alias definitions.

/NODE Servers the alias will operate against.

/IMPLEVEL Client impersonation level.

/AUTHLEVEL Client authentication level.

/LOCALE Language id the client should use.

/PRIVILEGES Enable or disable all privileges.

/TRACE Outputs debugging information to stderr.

/RECORD Logs all input commands and output.

/INTERACTIVE Sets or resets the interactive mode.

/FAILFAST Sets or resets the FailFast mode.

/USER User to be used during the session.

/PASSWORD Password to be used for session login.

/OUTPUT Specifies the mode for output redirection.

/APPEND Specifies the mode for output redirection.

/AGGREGATE Sets or resets aggregate mode.

/AUTHORITY Specifies the <authority type> for the connection.

/?[:<BRIEF|FULL>] Usage information.

For more information on a specific global switch, type: switch-name /?

The following alias/es are available in the current role:

ALIAS – Access to the aliases available on the local system

BASEBOARD – Base board (also known as a motherboard or system board) management.

BIOS – Basic input/output services (BIOS) management.

BOOTCONFIG – Boot configuration management.

CDROM – CD-ROM management.

COMPUTERSYSTEM – Computer system management.

CPU – CPU management.

CSPRODUCT – Computer system product information from SMBIOS.

DATAFILE – DataFile Management.

DCOMAPP – DCOM Application management.

DESKTOP – User’s Desktop management.

DESKTOPMONITOR – Desktop Monitor management.

DEVICEMEMORYADDRESS – Device memory addresses management.

DISKDRIVE – Physical disk drive management.

DISKQUOTA – Disk space usage for NTFS volumes.

DMACHANNEL – Direct memory access (DMA) channel management.

ENVIRONMENT – System environment settings management.

FSDIR – Filesystem directory entry management.

GROUP – Group account management.

IDECONTROLLER – IDE Controller management.

IRQ – Interrupt request line (IRQ) management.

JOB – Provides access to the jobs scheduled using the schedule service.

LOADORDER – Management of system services that define execution dependencies.

LOGICALDISK – Local storage device management.

LOGON – LOGON Sessions.

MEMCACHE – Cache memory management.

MEMORYCHIP – Memory chip information.

MEMPHYSICAL – Computer system’s physical memory management.

NETCLIENT – Network Client management.

NETLOGIN – Network login information (of a particular user) management.

NETPROTOCOL – Protocols (and their network characteristics) management.

NETUSE – Active network connection management.

NIC – Network Interface Controller (NIC) management.

NICCONFIG – Network adapter management.

NTDOMAIN – NT Domain management.

NTEVENT – Entries in the NT Event Log.

NTEVENTLOG – NT eventlog file management.

ONBOARDDEVICE – Management of common adapter devices built into the motherboard (system board).

OS – Installed Operating System/s management.

PAGEFILE – Virtual memory file swapping management.

PAGEFILESET – Page file settings management.

PARTITION – Management of partitioned areas of a physical disk.

PORT – I/O port management.

PORTCONNECTOR – Physical connection ports management.

PRINTER – Printer device management.

PRINTERCONFIG – Printer device configuration management.

PRINTJOB – Print job management.

PROCESS – Process management.

PRODUCT – Installation package task management.

QFE – Quick Fix Engineering.

QUOTASETTING – Setting information for disk quotas on a volume.

RDACCOUNT – Remote Desktop connection permission management.

RDNIC – Remote Desktop connection management on a specific network adapter.

RDPERMISSIONS – Permissions to a specific Remote Desktop connection.

RDTOGGLE – Turning Remote Desktop listener on or off remotely.

RECOVEROS – Information that will be gathered from memory when the operating system fails.

REGISTRY – Computer system registry management.

SCSICONTROLLER – SCSI Controller management.

SERVER – Server information management.

SERVICE – Service application management.

SHADOWCOPY – Shadow copy management.

SHADOWSTORAGE – Shadow copy storage area management.

SHARE – Shared resource management.

SOFTWAREELEMENT – Management of the elements of a software product installed on a system.

SOFTWAREFEATURE – Management of software product subsets of SoftwareElement.

SOUNDDEV – Sound Device management.

STARTUP – Management of commands that run automatically when users log onto the computer system.

SYSACCOUNT – System account management.

SYSDRIVER – Management of the system driver for a base service.

SYSTEMENCLOSURE – Physical system enclosure management.

SYSTEMSLOT – Management of physical connection points including ports, slots and peripherals, and propr
ietary connections points.

TAPEDRIVE – Tape drive management.

TEMPERATURE – Data management of a temperature sensor (electronic thermometer).

TIMEZONE – Time zone data management.

UPS – Uninterruptible power supply (UPS) management.

USERACCOUNT – User account management.

VOLTAGE – Voltage sensor (electronic voltmeter) data management.

VOLUME – Local storage volume management.

VOLUMEQUOTASETTING – Associates the disk quota setting with a specific disk volume.

VOLUMEUSERQUOTA – Per user storage volume quota management.

WMISET – WMI service operational parameters management.

For more information on a specific alias, type: alias /?

CLASS – Escapes to full WMI schema.

PATH – Escapes to full WMI object paths.

CONTEXT – Displays the state of all the global switches.

QUIT/EXIT – Exits the program.

well now what do you see?

There should be some global switches, available aliases.
There’s a lot of useful commands here to explore and learn about.
The last alias in the list should tell you how to exit the program by typing QUIT/EXIT.
and finally an info line that states:”For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?”
Now if you want to do all this in PowerShell’s ISE, you can – it should work. It might even be a little easier to read depending on how your current shell is set up, but I’ll stay in the good old Administrator: Command Prompt for now.
To demonstrate that there are usually more ways to get the information or results you’re looking for we’ll do one thing two different ways.
One of the things I like to check in powershell is the current status of any recently installed hotfixes.
In Powershell it’s fairly simple. I even sort them in order of when they were installed:
Get-hotfix | sort “InstalledOn”
In WMIC it’s even easier to see what HotFixes are installed and list some info about the operating System.
C:\Windows\system32>WMIC
wmic:root\cli>os assoc
You should see your Operating System info, Computer system name, and all your security updates. You could get even more data by just running “systeminfo” at the regular command prompt or if all you really want is to look at a simple GUI for information about your system you can always just type in “msinfo32.exe“, but that’s no fun. There’s lots of useful commands that you can run from the command line. Powershell is very powerful, but the regular cmd or netsh prompts still have a lot to offer.