Re: tcpdump for NT

["Ryan Russell" <ryanr () sybase com>]

The shareware version of L0phtcrack has a promiscous mode
packet capture tool.  A similar one is available in the
pre-release versions of Asmodeus, which might still
be available.

Neither of those has decodes anywhere close to tcpdump
or snoop or commercial tools.  You do get the raw packets,
though.  Perhaps you could make your own decode module
if you're trying to monitor something in particular, or find
a way to convert it so tcpdump or snoop would decode
it after the fact.

Available for Win9x (not NT) is Buttsniffer, which is interesting.
It has a reasonable vt telnet decode.

You can find links to L0phtcrack and Buttsniffer on
http://www.l0pht.com

Asmodeus used to be availabe at
http://www.asmodeus.com
Which now forwards to the company that acquired the
rights to Asmodeus, but the new version doesn't seem
to be there, you can poke around.

> From speaking with Mudge and Greg, their sniffers
were done from sample code out of the DDK, and in
fact were compatible with each-other.

                         Ryan




> does anyone know of a tcpdump utility for NT (freeware)?