invoke-psdump is a windows command-line packet capture and analysis tool.

invoke-psdump is a windows command-line packet capture and analysis tool.

Invoke-PSDump is essentially a PowerShell wrapper for WinDump.
WinDump, derived from tcpdump (for Linux), is a command-line packet capture and analysis tool. WinDump and tcpdump have been around for a long time and have been commonplace in security analysts’ toolkits. However, these tools require a deeper understanding of BPF filters, byte offsets, bit masking, and binary arithmetic to unleash their full power. Invoke-PSDump seeks to unleash the same power with a few added benefits:
+ Extraordinarily easy syntax
+ Elimination of byte offsets, hexadecimal and bit masking
+ Searchable text patterns
+ Lightning fast processing

invoke-psdump

Here’s an example scenario. You want to search through a packet capture looking for packets that have the “Don’t Fragment” bit set. WinDump can achieve this with:
– .\WinDump.exe -r C:\Tools\PSDump\Captures\SkypeIRC.cap -nt (ip) and (ip[6]=64)

The same can be achieved, with additional text searching, with Invoke-WinDump:
– .\Invoke-WinDump -File $skypeIRCPCAP -DF $true -Pattern “freenode.net”

Pre-Reqs
1.Download/clone the project. Navigate to the primary project directory, i.e., C:\Tools\invoke-psdump-master\Invoke-PSDump
2.Install WinPcap: https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe
3.Make sure you download and put a copy of “WinDump.exe” in the “Invoke-PSDump\Tools” directory https://www.winpcap.org/windump/install/bin/windump_3_9_5/WinDump.exe

Download: Invoke.zip
Source: https://github.com/Robicus