I came across a wicked PowerShell script (Trends in Technology: Powershell: IP Packet Sniffer Script ) that is essentially a PowerShell packet sniffer. How cool is that! It certainly won’t replace full blown sniffers like WireShark but I love having a PowerShell window open watching packets. Yea, I need to get out more.
After you start the script, press Ctrl-C to break. Which is probably why this:
PS C:\> $sniff=c:\scripts\posh\get-packet.ps1 -local 172.16.10.102
fails. However, this works:
PS C:\> c:\scripts\posh\get-packet.ps1 -local 172.16.10.102 | out-file c:\test\sniff.txt
When I press Ctrl-C I can open the file. This will also work:
PS C:\> c:\scripts\posh\get-packet.ps1 -local 172.16.10.102 | export-clixml c:\test\sniff.xml
Even better because now I can work with objects and so sorting, filtering or other stuff. Although, the import is not perfect and may need some tweaking. I’m glad Robbie figured out all the hard networking pieces. Give it a shot and let me know what you think.
Thanks for the link! I’ve been wanting to add support to export/import into a standard format but haven’t gotten around to it. Maybe one of these days in my spare time… 🙂