SmartSniff v2.10
Copyright (c) 2004 - 2014 Nir Sofer
Web site: http://www.nirsoft.net
Description
===========
SmartSniff allows you to capture TCP/IP packets that pass through your
network adapter, and view the captured data as sequence of conversations
between clients and servers. You can view the TCP/IP conversations in
Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or
as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 3 methods for capturing TCP/IP packets :
1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to
capture TCP/IP packets on your network without installing a capture
driver. This method has some limitations and problems.
2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all
Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In
order to use it, you have to download and install WinPcap Capture
Driver from this Web site. (WinPcap is a free open-source capture
driver.)
This method is generally the preferred way to capture TCP/IP packets
with SmartSniff, and it works better than the Raw Sockets method.
3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003):
Microsoft provides a free capture driver under Windows 2000/XP/2003
that can be used by SmartSniff, but this driver is not installed by
default, and you have to manually install it, by using one of the
following options:
* Option 1: Install it from the CD-ROM of Windows 2000/XP
according to the instructions in Microsoft Web site
* Option 2 (XP Only) : Download and install the Windows XP
Service Pack 2 Support Tools. One of the tools in this package is
netcap.exe. When you run this tool in the first time, the Network
Monitor Driver will automatically be installed on your system.
4. Microsoft Network Monitor Driver 3: Microsoft provides a new
version of Microsoft Network Monitor driver (3.x) that is also
supported under Windows 7/Vista/2008. Starting from version 1.60,
SmartSniff can use this driver to capture the network traffic.
The new version of Microsoft Network Monitor (3.x) is available to
download from Microsoft Web site.
Notice: If WinPcap is installed on your system, and you want to use the
Microsoft Network Monitor Driver method, it's recommended to run
SmartSniff with /NoCapDriver, because the Microsoft Network Monitor
Driver may not work properly when WinPcap is loaded too.
System Requirements
===================
SmartSniff can capture TCP/IP packets on any version of Windows operating
system (Windows 98/ME/NT/2000/XP/2003/2008/Vista/7/8) as long as WinPcap
capture driver is installed and works properly with your network adapter.
You can also use SmartSniff with the capture driver of Microsoft Network
Monitor, if it's installed on your system.
Under Windows 2000/XP (or greater), SmartSniff also allows you to capture
TCP/IP packets without installing any capture driver, by using 'Raw
Sockets' method. However, this capture method has some limitations and
problems:
* Outgoing UDP and ICMP packets are not captured.
* On Windows XP SP1 outgoing packets are not captured at all - Thanks
to Microsoft's bug that appeared in SP1 update...
This bug was fixed on SP2 update, but under Vista, Microsoft returned
back the outgoing packets bug of XP/SP1.
* On Windows Vista/7/8: Be aware that Raw Sockets method doesn't work
properly on all systems. It's not a bug in SmartSniff, but in the API
of Windows operating system. If you only see the outgoing traffic, try
to turn off Windows firewall, or add smsniff.exe to the allowed
programs list of Windows firewall.
Versions History
================
* Version 2.10:
* SmartSniff now allows you to automatically add it to the allowed
programs list of Windows firewall when starting to capture and remove
it when you stop capturing. This option is needed when using the 'Raw
Socket' capture method while Windows firewall is turned on, because
if SmartSniff is not added to Windows firewall, the incoming traffic
is not captured at all.
* Version 2.08:
* SmartSniff now remembers the last file type you selected in 'Load
Packets Data From File' option.
* Fixed the window title of 'Display Filter' option.
* Version 2.07:
* Fixed to flickering in the upper pane.
* Version 2.06:
* Fixed to display HTTP POST URLs on 'URL List' display mode.
* Version 2.05:
* Added 'Capture On Program Start' option.
* Added 'Mark Odd/Even Rows' option, under the View menu. When it's
turned on, the odd and even rows are displayed in different color, to
make it easier to read a single line.
* Version 2.00:
* Added support for GeoLite City database. You can now download the
GeoLite City database (GeoLiteCity.dat.gz), put it in the same folder
of smsniff.exe, and SmartSniff will automatically use it to get the
country/city information for every IP address.
* Added 'Auto Size Columns+Headers' option, which allows you to
automatically resize the columns according to the row values and
column headers.
* Version 1.95:
* Added Find option (Ctrl+F) to easily find text in the lower pane.
* Fixed issue: The properties dialog-box and other windows opened
in the wrong monitor, on multi-monitors system.
* Version 1.93:
* Fixed bug: When opening the 'Capture Options' dialog-box after
Network Monitor Driver 3.x was previously selected, SmartSniff
switched back to Raw Sockets mode.
* Version 1.92:
* Added accelerator key to the 'URL List' mode (Ctrl+F4)
* Version 1.91:
* Fixed a crash problem occurred with some Web pages when using the
'Extract HTTP Files' option .
* Version 1.90:
* Added 'Put Icon On Tray' option.
* Version 1.85:
* Added 'Use DNS Queries & Cache For Host Names' option. When it's
turned on, SmartSniff analyzes the captured DNS queries and uses them
for displaying the local/remote host names. The internal DNS cache of
Windows is also used.
* Version 1.82:
* Added 'Duration' column, which displays the difference between
the capture time and last packet time.
* Version 1.81:
* Updated the internal country names list (Added more 14 countries)
for using with the IP to country file (IpToCountry.csv).
* Version 1.80:
* Added 'Extract HTTP Files' option (under the File menu), which
allows you to easily extract all HTTP files stored in the selected
streams, into the folder that you choose.
* Version 1.79:
* Fixed bug: 'Restart Capture' option caused SmartSniff to crash in
some circumstances.
* Version 1.78:
* Added 'Restart Capture' option (Ctrl+R), which stops the capture
and then immediately starts it again.
* Version 1.77:
* Increased the size of total filter string (Capture Filter and
Display Filter) that can be saved into the .cfg file.
* Version 1.76:
* When 'Retrieve process information while capturing packets'
option is turned on, the 'Process User' column now displays the user
name of the specified process.
* Version 1.75:
* Added 'Decompress HTTP Responses' option. When it's turned on,
HTTP responses compressed with gzip are automatically detected, and
displayed in decompressed form.
* Version 1.72:
* Fixed bug: The status bar packets counter displayed a little
higher value than the total packets counters in the upper pane table.
* Version 1.71:
* Added 'Hide Lower Pane' option (under the Options menu), which is
useful when you work in statistics only mode, and you don't need the
lower pane.
* Version 1.70:
* Added 'Display only active connections' in Advanced Options
window. When this options is turned on, SmartSniff automatically hide
all streams that their connection w