TCPDUMP (command-line sniffer/analyzer) for Windows
Get notified of new versions

Microolap TCPDUMP for Windows® 4.9.2 build 5072

Command-line sniffer (packet capture tool) for Windows®

It is not a joke:
UEFI and Secure Boot compatible version of TCPDUMP for Windows, signed with every imaginable certificate (SHA-1, SHA-256, EV) and verified by Microsoft.

TCPDUMP for Windows® is a clone of TCPDUMP, the most used network sniffer/analyzer for UNIX, compiled with the original tcpdump code (, and our own packet capture technology Microolap Packet Sniffer SDK (no libpcap/WinPcap/npcap).

What is under the hood?
TCPDUMP for Windows® uses almost the same stack of network traffic capture technologies as EtherSensor, the network traffic analysis platform that helps our customers solve many Security Operation Center tasks in combination with DLP, SIEM, U(E)BA, eDiscovery, Enterprise Archiving, etc.

How much?
TCPDUMP for Windows® is free for non-commercial/educational use, and you can use it indefinitely.

But if you're going to use it for business purposes, welcome to order Commercial license — TCPDUMP for Windows® will save for you tons of your nerves and time if you are working in Unix/Windows heterogeneous environment.

What does it look like?

Nothing unusual: it looks the same as on Unix-like operating systems.

The main features of the TCPDUMP for Windows®

Microolap TCPDUMP for Windows® accurately reproduces all features of the original tcpdump by LBNL's Network Research Group, developed for the UNIX systems.

Since Microolap TCPDUMP for Windows® is compiled with the Packet Sniffer SDK, it has the following advantages:

It is portable

Microolap TCPDUMP for Windows® does not require installation and could be ran from any removable device: it is compiled with Packet Sniffer SDK, so no pre-installed third-party packet capture drivers are required. Just run tcpdump.exe, and use original tcpdump command-line interface you're already familiar with.


Microolap TCPDUMP for Windows® is fully UEFI and Secure Boot compatible.
Here is a list of the Windows family operating systems supported by Microolap TCPDUMP for Windows®: Windows XP, WinXP x64, Windows Vista, Vista x64, Windows 2003, Win2003 x64, Windows 2008, Windows 2012, Windows 8, Windows 10, Windows Server 2016, Windows server 2019, and various Windows PE versions. Please let us know if any of the Windows updates shortens this list.

Small footprint

Microolap TCPDUMP for Windows® comes as a single 600Kb .EXE file, that could be uploaded to a remote Windows PC box network traffic of which you need to analyze, and then run it using any remote administration tool.

What is the difference between trial and commercial versions?

Both Trial and Commercial versions of TCPDUMP for Windows® don't include any license management or DRM components. The trial version automatically checks the availability of a newer version on one of our web servers, and may open corresponding web page with the default browser.

The commercial version does not need to do this: we notify registered users of the new version via email.

In addition, registered users receive both 32-bit and 64-bit versions, as well as the version compatible with Windows PE.

TCPDUMP for Windows version 4.9.2 build 5072

TCPDUMP for Windows version 4.9.2 build 5072

TCPDUMP for Windows version 4.9.2

TCPDUMP for Windows version 4.9.2

TCPDUMP for Windows version 4.5.1

TCPDUMP for Windows version 4.5.1 (PSSDK 6.1): Loopback adapter support is disabled.

TCPDUMP for Windows version 3.9.8

TCPDUMP for Windows version 3.9.8 (PSSDK 4.1)

TCPDUMP for Windows version 3.9.8

TCPDUMP for Windows version 3.9.8 (PSSDK 4.0).

More news ›


Site map | Search | Privacy Policy | Terms of Use | Contact Us
Copyright © 2000—2024 Microolap Technologies LTD. All Rights Reserved.
All trademarks are the sole property of their respective owners.