8-2-2005

  One free Windows iptrace equivalent program is windump,
which requires winpcap (Protocol CAPture).

To download winpcap, go to http://www.winpcap.org
and follow the "Downloads" link.  When I installed this on
cadev03, I got WinPcap 3.1 beta 4, which simply installed
6 files in the C:\Program Files\WinPcap directory.

-------------------------------------------------------------

To get windump, start at http://www.winpcap.org/windump and
and follow the Windump "download" link (not the WinPcap one)

Today, I got Windump 3.8.3 beta, which is simply one file.
Windows liked defaulting it to downloading this file to my
"desktop", which on cadev03 since I was logged in as jasper,
equates to C:\Documents and Settings\jasper\Desktop.

-------------------------------------------------------------

The documentation for windump can be found at
    http://www.winpcap.org/windump/docs/manual.htm

-------------------------------------------------------------

One simple way to run this is to get a DOS Command Prompt
window, and

  cd "C:\Documents and Settings\jasper\Desktop"
  windump -t port 1433

but I couldn't make sense of the output I got, eg

70:0a:20:52:41:53 802.1b-gsap > 03:00:00:00:00:02 802.1b-isap ui/C len=180

Those 70 & 03 numbers look like MAC addresses, but 70:0a:20 isn't a
known/assigned MAC address manufacturer (according to
http://www.coffer.com/mac_find), and that 03-all zeros MAC address
looks phony.

I couldn't find what 802.1b was.  There was something about it
on google, but it was inside code & didn't make much sense.

-------------------------------------------------------------

Another tool that is probably better that Mike downloaded, is
BillSniff.  It's presentation is more like what I'm used to. 

It requires WinPCap from http://winpcap.polito.it/install/bin/WinPcap_3_0.exe