Have you ever been in the situation where a ping and traceroute doesn't show any issues with the network and yet users are complaining an application or site is slow.

An option you can use for Windows is a program called WinDump (this is similar to tcpdump, Wireshark or Ethereal but no installation, just running the windump.exe file) Pre-Req is the WinPcap installation

The command line looks as follows;

windump

[ -C file_size ] [ -F file ]

[ -i interface ] [ -m module ] [ -M secret ]

[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]

[ -W filecount ]

[ -E spi@ipaddr algo:secret,... ]

[ -y datalinktype ] [ -Z user ]

[ expression ]

tcpdump_trial_license.zip

To capture data based on destination run

tcpdump -nnvvXSs 1514 dst mywiseguys.com (you could use IP address instead if you want)

Many of us will capture to an output file like

tcpdump -w mwgoutput.pcap

You can view the file using tcpdump

tcpdump -nnr mwgoutput.pcap

If you look at this file in notepad or wordpad you probably won't make much sense of it so convert it to txt file by running

tcpdump -nnr mwgoutput.pcap > mwgoutput.pcap.txt

If you want a detailed (ascii and hex) output you will use

tcpdump -nvvXSs 1514 dst mywiseguys.com > mwgtest.txt

A pretty common capture with a filter on destination

tcpdump -nnvvS dst mywiseguys.com

19:03:56.725037 IP (tos 0x0, ttl 128, id 22285, offset 0, flags , proto TCP (6), length 40)


    0.0.0.0.49778 > 74.220.207.116.80: Flags , cksum 0x3837 (correct), seq 1400, ack 5393, win 32768, length 0


19:03:56.725046 IP (tos 0x0, ttl 128, id 22285, offset 0, flags , proto TCP (6), length 40)


    0.0.0.0.49778 > 74.220.207.116.80: Flags , cksum 0x3836 (correct), seq 1401, ack 5394, win 32768, length 0[/code]

tcpdump_trial_license.zip