In one of my post earlier, I’ve strongly recommended using tcpdump portable in Windows OS. The main reasons why I choose this because it does not require any third-party packet capture drivers such as WinPcap, that’s why I call it tcpdump portable. Other significant features as describe by their official website are:
1. It is portable
MicroOLAP TCPDUMP for Windows® may be run from any removable device without installation on the user’s PC: it is compiled with Packet Sniffer SDK, so no any pre-installed third-party packet capture drivers are required. Just run tcpdump.exe, and use tcpdump command-line interface you’re already familiar with.2. Performance
Thanks to the traffic capture technology utilized in TCPDUMP for Windows®, this product has very high performance too.3. Small footprint
MicroOLAP TCPDUMP for Windows® comes as single 400Kb .EXE file, that allows to upload it to a remote Windows PC box to be analyzed, and then run it under Windows Terminal, Radmin, or other remote administration tool.
It’s also supports the following OS:
Windows NT 4.0; Windows 2000; Windows XP; Windows 2003; Windows Vista; Windows Longhorn; Windows 98; Windows ME, WinXP x64, Win2003 x64, Vista x64.
Apparently, this version of tcpdump only works in Windows Server 2003. I’ve tested it in Windows 2000 Professional & Windows 2000 Server and it didn’t work!
Take a look at the screenshot below taken in my VirtualBox lab.
It’s working fine in Windows Server 2003.
But it doesn’t work in Windows 2000
Therefore, I’ve decided to standardize my lab environment by using WinDump as a packet sniffer, which is another Windows version of tcpdump developed by WinPcap.org.
REFERENCE
http://www.microolap.com/products/network/tcpdump/
A Firewall Engineer 