Sometimes, on an indeterminate problem of using WFilter, we might need a packet dump file for diagnosis. WFilter has a packet dump tool named “dumpPacket.exe”, which will dump packets on the monitoring adapter.

This tutorial will guide you to generate a packet dump file using “dumpPacket.exe”.

First, lauch “dumpPacket.exe” from “Start”->”IMFirewall WFilter”->”Tools”. If you didn’t install WFilter shortcuts, you can find this tool in WFilter directory.


It will ask you to enter a testing ip address. For example, if
you need to check a monitoring problem for ip “192.168.1.20″, you can
input “192.168.1.20″ here. If you just want to capture some packet
samples, you may just press “enter” here! Press “enter” means dumping
packets for all computers.

Close the dumping window. If you’re doing a certain test, you need to wait until the test is done. For example, sending an email message.  If you’re dumping packets for all computers, you only need to wait for 3-5 seconds because the dump file can be very large. If the dumping file is too large, you can do the test again in a shorter time.

The dump.cap file can be found in “temp” directory of WFilter. The dump.cap file is pcap format, which can be opened by wireshark and other pcap applications.