tag:blogger.com,1999:blog-26480225.post7286966065792620073..comments2022-12-23T12:50:27.027+01:00Comments on newsoft's tech blog: Pentester trick #8: command-line sniffing made easynewsofthttp://www.blogger.com/profile/04331742158137961313noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-26480225.post-56971325325155764642009-08-26T13:01:20.530+01:002009-08-26T13:01:20.530+01:00Hi,
Thank you for your answer.
- Specifying the n...Hi,<br /><br />Thank you for your answer.<br />- Specifying the network interface did not make it work any better<br />- I tried the same "standalone test" on a real Windows workstation without anymore success, making the Virtualbox hypothesis irrelevant.<br /><br />I will continue to search, but thanks anyway for your ideas :)<br /><br />SebSebnoreply@blogger.comtag:blogger.com,1999:blog-26480225.post-41198012266114001932009-08-21T15:59:21.411+01:002009-08-21T15:59:21.411+01:00Sorry, no idea ...
Things to try:
- Specify the n...Sorry, no idea ...<br /><br />Things to try:<br />- Specify the network interface (hint: "nmcap /DisplayNetwork"). You might try to sniff on a non-TCP/IP interface.<br />- Check if the VirtualBox network driver allows you to enter promiscuous mode.<br /><br />Good luck!newsofthttps://www.blogger.com/profile/04331742158137961313noreply@blogger.comtag:blogger.com,1999:blog-26480225.post-19316489227396458812009-08-21T12:53:15.797+01:002009-08-21T12:53:15.797+01:00Hi,
I've tested NM3 as a standalone tool on a...Hi,<br /><br />I've tested NM3 as a standalone tool on a Windows XP SP2 workstation (on VirtualBox). It returns an error when any filter is given to /capture. <br /><br />C:\>nmcap.exe /network * /capture tcp /file tst.cap<br />Netmon Command Line Capture (nmcap) 3.3.1641.0<br />Loading Parsers ...<br />[INFO] sparser.npb:001.000 Successfully unserialized NPL parser 'C:\Documents and Settings\*****\Local Settings<br />etwork Monitor 3\sparser.npb. (0x83008006)<br />[ERROR] Unrecognized function or variable 'tcp'. (0x8100601C)<br />Error: '/Capture' - Invalid parameter 'tcp'<br /><br />However, it's only working if you don't provide any filter.<br /><br />Note : The "nmconfig /install" and "nmconfig /uninstall" commands do not return any output message.<br /><br />On the Windows XP SP3 'real' (not virtualized) workstation, i've installed the tool to get the two EXE files, everything is working well (filters as well).<br /><br />Do you have any idea what the problem is ?<br /><br />Thanks,<br />SebSebnoreply@blogger.com