Thursday, 17 November 2011


RawCap is a free command line network sniffer for Windows that users raw sockets. This means that you wont need external drivers such as WinPcap anymore! It can also sniff WiFi networks! All
this in a file that is just 17kb.

You might ask what good this might do to me. The answer is simple. If you find a way to compromise a perimeter devices running Windows, you can upload this small utility there and then view the dump file at your own leisure to sniff their internal traffic! Since it works at the raw sockets, you can sniff anything – right from a SSL connection to WPA2 encrypted WiFi conection. This can helpful to incident responders and penetration testers at the same time.
Features of RawCap:
Can sniff any interface that has got an IP address, including (localhost/loopback)
RawCap.exe is just 17 kB
No external libraries or DLL’s needed other than .NET Framework 2.0
No installation required, just download RawCap.exe and sniff
Can sniff most interface types, including WiFi and PPP interfaces
Minimal memory and CPU load
Reliable and simple to use
You will need to have administrator privileges to run RawCap. Additionally, it might not run on a Windows 7 or Windows Vista machine.

or simply run

RawCap.exe dumpfile.pcap

This tool has been currently tested on Windows XP.

Download RawCap from here: Rawcap


Post a Comment