查看报文工具（抓包工具）smsniff

SmartSniff v1.93 Copyright (c) 2004 - 2012 Nir Sofer Web site: http://www.nirsoft.net Description =========== SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS) SmartSniff provides 3 methods for capturing TCP/IP packets : 1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems. 2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method. 3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options: * Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site * Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system. 4. Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic. The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site. Notice: If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too. System Requirements =================== SmartSniff can capture TCP/IP packets on any version of Windows operating system (Windows 98/ME/NT/2000/XP/2003/2008/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. You can also use SmartSniff with the capture driver of Microsoft Network Monitor, if it's installed on your system. Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using 'Raw Sockets' method. However, this capture method has some limitations and problems: * Outgoing UDP and ICMP packets are not captured. * On Windows XP SP1 outgoing packets are not captured at all - Thanks to Microsoft's bug that appeared in SP1 update... This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1. * On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all. * On Windows 7, it seems that 'Raw Sockets' method works properly again, at least for now... Versions History ================ * Version 1.93: * Fixed bug: When opening the 'Capture Options' dialog-box after Network Monitor Driver 3.x was previously selected, SmartSniff switched back to Raw Sockets mode. * Version 1.92: * Added accelerator key to the 'URL List' mode (Ctrl+F4) * Version 1.91: * Fixed a crash problem occurred with some Web pages when using the 'Extract HTTP Files' option . * Version 1.90: * Added 'Put Icon On Tray' option. * Version 1.85: * Added 'Use DNS Queries & Cache For Host Names' option. When it's turned on, SmartSniff analyzes the captured DNS queries and uses them for displaying the local/remote host names. The internal DNS cache of Windows is also used. * Version 1.82: * Added 'Duration' column, which displays the difference between the capture time and last packet time. * Version 1.81: * Updated the internal country names list (Added more 14 countries) for using with the IP to country file (IpToCountry.csv). * Version 1.80: * Added 'Extract HTTP Files' option (under the File menu), which allows you to easily extract all HTTP files stored in the selected streams, into the folder that you choose. * Version 1.79: * Fixed bug: 'Restart Capture' option caused SmartSniff to crash in some circumstances. * Version 1.78: * Added 'Restart Capture' option (Ctrl+R), which stops the capture and then immediately starts it again. * Version 1.77: * Increased the size of total filter string (Capture Filter and Display Filter) that can be saved into the .cfg file. * Version 1.76: * When 'Retrieve process information while capturing packets' option is turned on, the 'Process User' column now displays the user name of the specified process. * Version 1.75: * Added 'Decompress HTTP Responses' option. When it's turned on, HTTP responses compressed with gzip are automatically detected, and displayed in decompressed form. * Version 1.72: * Fixed bug: The status bar packets counter displayed a little higher value than the total packets counters in the upper pane table. * Version 1.71: * Added 'Hide Lower Pane' option (under the Options menu), which is useful when you work in statistics only mode, and you don't need the lower pane. * Version 1.70: * Added 'Display only active connections' in Advanced Options window. When this options is turned on, SmartSniff automatically hide all streams that their connection was closed. This means that SmartSniff will only display the streams that their connection is still opened. * Version 1.65: * Added support for .csv files in 'Save Packet Summaries' option. * Added 'Add Header Line To CSV/Tab-Delimited File' option. When this option is turned on, the column names are added as the first line when you export to csv or tab-delimited file. * Version 1.63: * Added 'Automatically Scroll Down in Live Mode' option, under the Options menu * Version 1.62: * Added /StartCapture and /LoadConfig command-line options. * Added x64 version of SmartSniff, to work with Microsoft Network Monitor Driver 3.x on Windows x64. * Version 1.60: * Added support for capturing with Microsoft Network Monitor 3.x driver. (Very useful for Windows Vista/7 users, because the old Network Monitor driver is not supported in these OS) * For Microsoft Network Monitor 3.x driver, there is also 'Wifi Monitor Mode' button which only works under Windows 7/Vista, and only for wireless devices that supports 'Monitor Mode'. When you switch the wireless card to monitor mode, SmartSniff can capture all unencrypted Wifi/TCP streams in the channel that you chose to monitor. * Added support for opening the capture file (.cap) of Microsoft Network Monitor 3.x * Added support for viewing the content of unencrypted Wifi/TCP streams. This feature works on WinPCap driver and Microsoft Network Monitor 3.x * Added 'Promiscuous Mode' check-box for WinPCap and Microsoft Network Monitor 3.x driver. In the previous version, SmartSniff always turned on the 'Promiscuous Mode', but in some wireless adapters, the capture doesn't work at all if Promiscuous Mode