![]() ![]() 7z/.PCAP storage system figured out and you're thinking of something crazy like, what else could i stuff in those PCAP files? Using Task scheduler and running daily, this will delete any *.7z files older than 29 days. Identify which NIC interface to listen on:Ĭode: Select all forfiles /p "C:\PCAP" /m *.7z /c "cmd /c Del & echo Removing: >C:\PCAP\SEVEN.TXT" /d -29 You need to figure out which Windows Network Interface to listen on, and Windows SOMETIMES likes to play musical chairs if you have multiple NICs (but not too often) - so keep an eye on it particularly when inserting or disconnecting NICS or full Windows version upgrades. ![]() When capturing anything more specific than just a simple sniff tzsp prerouting, you kinda have to think ahead as to what might end up missing. When it comes to anticipated large file transfers on a windows network, for example, you could specify tcp, but avoid port !445 - you then might also want to capture UDP with its own prerouting sniff rule etc. This is the simplest to get started, but in some cases you might want to avoid capturing certain things, and things can get a little more tricky. Sniff target: .x - (IP of dedicated workstation) ![]() ![]() Dedicated (Windows) workstation for captures This is super handy, and when it's 24/7 you can always watch it live without referring to stored PCAP files too. On one of the networks i manage i use a few simple, free things to keep packet storage going. If anyone wants to contribute or convert anything into powershell here that's fine. These are re-written samples and not exactly what i use, so hopefully there aren't any mistakes. I apologize in advance for any mistake here and will attempt to edit/correct if needed. No one ever seems to talk about TZSP or getting in the weeds a little bit, so I figured I'd share thisĭisclaimer: I'm not the best at scripting, i'm old and literally started on DOS before Windows, can sometimes pull things off in powershell but sometimes still avoid it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |