In the course of my sysadmin/network administration duties, I need to packet sniff for connectivity issues. Unfortunately, this often occurs on machines I don't 'own'. Servers under the purview of other administrators, end users' home machines, or simply servers we'd like to avoid installing new software on. So I'd like something that can be used without a proper 'install'.
I personally use WireShark for my local desktop. Works great. But it obviously doesn't cut it for the above scenarios. I know they have U3 and portable apps versions, but that is dependent on physical access to plug in a USB stick. That's also not something I can count on.
So, does anyone know a packet sniffing tool that can be used without a true installation? Something that is just contained in a folder that can be dumped on a target machine, used, then easily deleted? If it's just a CLI, that's perfectly fine. I can always move the .cap files back to my desktop for analysis.
I would personally prefer something that was free (as in libre) and free (as in beer). However, proprietary and paid for products are perfectly valid suggestions.
SmartSniff supports packet capture without
libpcap
; however, it only supports (TCP|UDP|ICMP)v4.TCPDUMP for Windows works. I can vouch for the trial version, as it's 99% the same as the NIX version (it's compiled from the same source I believe); doesn't require installation either. Pricing's on their site and isn't unreasonable if you're using it alot.
I understand your dilemma. We currently have a guest in our Production facility that is dedicated to network troubleshooting that has WireShark on it. We will port span on our router as needed to tap into the traffic of the server that we need to research and then remove the port span when we are done with our research. This does require the ability to change your router configuration while capturing network traffic, which may or may not be an option for you depending on your network policy regarding change requests. I have researched and am not aware of a truly zero-footprint packet sniffer as you are requesting. Port spanning is the least intrusive method we have found to tap into a server's traffic without changing the configuration of the server. However, it does introduce the risk of making a router configuration, which also must be weighed.
I use ngrep and make a static executable. It works great for those instances, I also use nmap and make a static executable as well. These tools together can help troubleshoot instances where the network is not under your control.
For a completey install-less sniffer there's SmartSniff as grawity posted or IpTools.
If you're stuck in windows... there's really only 1 good packet capture tool. Wireshark. Wireshark can run without being "installed" if you know what you're doing... but you MUST install the winpcap service. There are several apps all built on that winpcap framework... but none that don't require some sort of service (or application running as the "system" account) that accurately capture packets... which requires some sort of install or administrative privileges on that machine.
There is no escaping that one I'm afraid. Better than any of the above... (assuming you are the actual net-admin) ... most managed switches allow you to setup a monitor port to monitor the traffic on another interface. That should be more than sufficient to see what's going to & from a workstation. There are also in-line network tools in a variety of forms that will allow you to do the same job.
The best free network sniffers are Wireshark and Capsa Free. Both are very powerful.