Powershell: IP Packet Sniffer Script
I came across a wicked PowerShell script (Trends in Technology: Powershell: IP Packet Sniffer Script ) that is essentially a PowerShell packet sniffer. How cool is that! It certainly won’t replace full blown sniffers like WireShark but I love having a PowerShell window open watching packets. Yea, I need to get out more.
After you start the script, press Ctrl-C to break. Which is probably why this:
PS C:\> $sniff=c:\scripts\posh\get-packet.ps1 -local 172.16.10.102
fails. However, this works:
PS C:\> c:\scripts\posh\get-packet.ps1 -local 172.16.10.102 | out-file c:\test\sniff.txt
When I press Ctrl-C I can open the file. This will also work:
PS C:\> c:\scripts\posh\get-packet.ps1 -local 172.16.10.102 | export-clixml c:\test\sniff.xml
Even better because now I can work with objects and so sorting, filtering or other stuff. Although, the import is not perfect and may need some tweaking. I’m glad Robbie figured out all the hard networking pieces. Give it a shot and let me know what you think.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Tags: Network, Packet, powershell, scripting, Trace
July 10th, 2008 at 6:31 am
[...] few days ago I blogged about packet sniffer PowerShell script. Needless to say I was intrigued and spent some time dissecting to better understand it. [...]
August 9th, 2008 at 4:30 am
[...] – bookmarked by 3 members originally found by DBGlass on 2008-07-19 Powershell: IP Packet Sniffer Script http://blog.sapien.com/index.php/2008/07/03/powershell-ip-packet-sniffer-script/ – bookmarked by 4 [...]
August 18th, 2008 at 3:11 pm
Thanks for the link! I’ve been wanting to add support to export/import into a standard format but haven’t gotten around to it. Maybe one of these days in my spare time…