PDA

View Full Version : Truly Portable Wireshark


Rodoom
10-09-2009, 10:22 PM
I would like to recommend a tool customized by a good friend of mine.

Truly Portable Wireshark - Is an special version of the already available "portable wireshark" which allows you to capture packages on a network for sniffing purposes (of course you must have permission to do so in that network). The main difference with the version already available is that this version doesnīt leave any traces in the computer where its executed. It configures Winpcap at startup and once you close the program it deletes everything from the host computer. You still need an administrator account to use it though.

This is a very useful tool for forensic research and security audits (which my friend does for a living), so if you are interested, please visit his blog (it is in spanish, but on the top you will find a link to translate it to english).

*well, apparently I need to have 15 posts or more to post URLs, but if you search for "truly portable wireshark H4CKarandas" in google you should find it, his blog is called "H4CKarandas" btw.*

He has some other very useful perl scripts and tools he has developed for his work here: *I canīt post the URL yet due to this forumīs restrictions, but you will find the link inside the blog post*, which I highly recommend if you are into the security/forensic fields.

Please leave your comments, suggestions and ideas here so that I can send it to him, or perhaps even convince him to register here and answer them directly.

Thank you and I hope you find this useful.

JosephLeo
10-09-2009, 10:30 PM
Translated in English (http://tinyurl.com/yl3oxuy)

I find this program pretty interesting. It will go in my toolkit after playing around with it for a while. Thanks for the link!