I have a machine with the Windows 10 preview installed and I want to capture all

Question

I have a machine with the Windows 10 preview installed and I want to capture all the traffic it sends for a day and then block all the MS hosts it sent data to without my direct permission.
I don't want to do this with Wireshark on that computer because Microsoft might have implemented their keylogger hidden on lower levels.
But I know that you can capture traffic from other computers on your LAN using a so called MITM attack. So I'm looking for a tool which can do that and some instructions.
Preferably a tool for Windows, but if it is easier on Linux or there simply is no tool for that for Windows then I would be okay with Linux (in a VM)..
How to capture the traffic of a computer in my LAN?

Explanation / Answer

If you want to capture traffic by using a second machine, then run a packet sniffer (Wireshark, for example) on that second machine while it is connected via a hub (or spanned/mirrored port) with the Win10 machine. It will capture all packets it sees being sent by the Win10 machine. You could do a packet forwarding scenario on the second machine, but that can be complicated.

Alternatively to blacklisting the Microsoft destinations, you could whitelist the destinations you want the Win10 machine to connect to. That way, you can ensure that only the destinations you specify receive communication, and if there is a large number of Microsoft destinations that Win10 might send to, you're still covered if they make a change.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.