Wednesday, April 20, 2011

RawCap - Network Sniffer for Windows

RawCap (only 17kB)  is a free raw sockets network sniffer for Windows. It requires no external libraries or DLL, just standalone exe.

It can sniff any interface including loopback, WiFi, PPP interfaces.

Personally, I use it for 2 purposes: penetration testing and incident response:
  • Sniff additional credential after break into remote machine (admin) without Winpcap or NDIS driver.
  • Sniff loopback interface to detect data leakage via SSL tunnelling proxy.
  • Sniff WiFi (WPA2) for any suspicious TCP connections.

RawCap is provided for free and can be downloaded from here:
  • http://www.netresec.com/?page=RawCap