File tree Expand file tree Collapse file tree 1 file changed +27
-0
lines changed
Expand file tree Collapse file tree 1 file changed +27
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ Name : Nmcap.exe
3+ Description : Command-line packet capture utility from Microsoft Network Monitor 3.x.
4+ Author : Avihay Eldad
5+ Created : 2025-09-16
6+ Commands :
7+ - Command : nmcap.exe /network * /capture /file {PATH_ABSOLUTE:.cap}
8+ Description : |
9+ Start capture on all network adapters and save to specified .cap (circular) file.
10+ Optionally, one can add:
11+ - `/TerminateWhen /TimeAfter 30 seconds` to auto-terminate after a relative times (e.g. 30 seconds);
12+ - `/TerminateWhen /Time 04:52:00 AM 9/17/2025` to auto-terminate after a specific date/time;
13+ - `/TerminateWhen /KeyPress x` to terminate when a specific key is pressed.
14+ Usecase : Capture network traffic on windows to collect sensitive data.
15+ Category : Reconnaissance
16+ Privileges : Administrator
17+ MitreID : T1040
18+ OperatingSystem : Windows
19+ Full_Path :
20+ - Path : C:\Program Files\Microsoft Network Monitor 3\nmcap.exe
21+ - Path : C:\Program Files (x86)\Microsoft Network Monitor 3\nmcap.exe
22+ Resources :
23+ - Link : https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/network-monitor-3
24+ Acknowledgement :
25+ - Person : Avihay Eldad
26+ Handle : ' @AvihayEldad'
27+ ---
You can’t perform that action at this time.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments