Anyone know a good self contained packet sniffer?
Solution 1
TCPDUMP for Windows works. I can vouch for the trial version, as it's 99% the same as the NIX version (it's compiled from the same source I believe); doesn't require installation either. Pricing's on their site and isn't unreasonable if you're using it alot.
Solution 2
SmartSniff supports packet capture without libpcap; however, it only supports (TCP|UDP|ICMP)v4.
Solution 3
I use ngrep and make a static executable. It works great for those instances, I also use nmap and make a static executable as well. These tools together can help troubleshoot instances where the network is not under your control.
Solution 4
For a completey install-less sniffer there's SmartSniff as grawity posted or IpTools.
Solution 5
I understand your dilemma. We currently have a guest in our Production facility that is dedicated to network troubleshooting that has WireShark on it. We will port span on our router as needed to tap into the traffic of the server that we need to research and then remove the port span when we are done with our research. This does require the ability to change your router configuration while capturing network traffic, which may or may not be an option for you depending on your network policy regarding change requests. I have researched and am not aware of a truly zero-footprint packet sniffer as you are requesting. Port spanning is the least intrusive method we have found to tap into a server's traffic without changing the configuration of the server. However, it does introduce the risk of making a router configuration, which also must be weighed.
Related videos on Youtube
10 : 38
37 : 34
01 : 04 : 16
19 : 03
02 : 55
Comments
-
Christopher Karel over 1 year
In the course of my sysadmin/network administration duties, I need to packet sniff for connectivity issues. Unfortunately, this often occurs on machines I don't 'own'. Servers under the purview of other administrators, end users' home machines, or simply servers we'd like to avoid installing new software on. So I'd like something that can be used without a proper 'install'.
I personally use WireShark for my local desktop. Works great. But it obviously doesn't cut it for the above scenarios. I know they have U3 and portable apps versions, but that is dependent on physical access to plug in a USB stick. That's also not something I can count on.
So, does anyone know a packet sniffing tool that can be used without a true installation? Something that is just contained in a folder that can be dumped on a target machine, used, then easily deleted? If it's just a CLI, that's perfectly fine. I can always move the .cap files back to my desktop for analysis.
I would personally prefer something that was free (as in libre) and free (as in beer). However, proprietary and paid for products are perfectly valid suggestions.