smartsniffer v1.45

SmartSniff v1.45 Copyright (c) 2004 - 2009 Nir Sofer Web site: http://www.nirsoft.net Description =========== SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS) SmartSniff provides 3 methods for capturing TCP/IP packets : 1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems. 2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method. 3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options: * Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site * Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system. Notice: If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too. System Requirements =================== SmartSniff can capture TCP/IP packets on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP) as long as WinPcap capture driver is installed and works properly with your network adapter. Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using 'Raw Sockets' method. However, this capture method has some limitations and problems: * Outgoing UDP and ICMP packets are not captured. * On Windows XP SP1 outgoing packets are not captured at all - Thanks to Microsoft's bug that appeared in SP1 update... This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1. * On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all. Versions History ================ * Version 1.45: o New option: Display Outgoing/Incoming Data - When this option is turned on, separated values for outgoing and incoming packets are displayed for the following columns: 'Packets', 'Data Size', and 'Total Size'. The values are displayed in the following format: {Outgoing ; Incoming} * Version 1.40: o Added local/remote MAC addresses (relevant only for local network, and it doesn't work with raw sockets) o Added IPNetInfo integration - When you put IPNetInfo utility in the same folder of SmartSniff, You can view the information about the remote IP addresses. o Added IP Country columns to display the country name of IP addresses. (requires to download an external file from here) * Version 1.38: o Under Vista, automatically run as administrator. * Version 1.37: o Fixed bug: The main window lost the focus when the user switched to another application and then returned back to SmartSniff. * Version 1.36: o Fixed bug: SmartSniff hang when you work with 'URL List' mode. * Version 1.35: o New Display Mode - 'URL List': Allows you to view the list of URLs for the select TCP/IP items (only for HTTP protocol) o Increased the buffer of raw sockets to avoid packet loss. o The configuration is now saved to a file, instead of the Registry. * Version 1.32: o Fixed bug: Wrong capture time displayed when "Only display TCP/IP statistic..." option was selected. o Added 'Summary Mode' in Advanced Options - Allows you to view general TCP/IP statistics by addresses only, without adding a separated line for each connection. * Version 1.31: o Added support for Microsoft Network Monitor driver (Under Windows 2000/XP/2003). * Version 1.30: o New option: Only display TCP/IP statistic, do not store the captured data in file. o New option: Retrieve process information while capturing packets. o In 'Load Packets Data From File', you can now choose to load tcpdump/libpcap file saved by Ethereal or by other capture programs. o A tooltip is displayed when a string in a column is longer than the column length. o When running SmartSniff in the first time, the first found network adapter with IP address is now automatically selected. (In previous versions, the user had to select an adapter in order to start capturing) * Version 1.21: o Fixed Bug: packets in TCP/IP conversations sometimes displayed in wrong order. * Version 1.20: o New option in Live Mode: Display the beginning of TCP/IP conversation content while capturing. o Save / Load SmartSniff configuration. o Filters are now saved when you exit from SmartSniff, and loaded again in the next time that you run it. o Significant improvement in performances of Live Mode when there are a lots of TCP/IP conversations. o Fixed bug: pressing F2/F3/F4 while capturing packets in live mode caused the capture to be corrupted. * Version 1.11: Improve in performances while capturing with WinPcap driver. * Version 1.10: o Performances - Large TCP/IP conversations are now displayed much faster than in previous version. o Live Mode - View the TCP/IP conversation list while capturing. o Capture and display filters. o New option: Resolve IP Addresses to host names (displayed in 'Local Host' and 'Remote Host' columns) o New option: On Automatic display mode, don't display data in hex format if the data size is larger than... (The default is 100 KB) o New option: In the lower pane, don't display items with data size larger than... (The default is 1000 KB) o Added more accelerator keys. o XP style support. * Version 1.00: First release. Using SmartSniff ================ In order to start using SmartSniff, simply copy the executable (smsniff.exe) to any folder you like, and run it (installation is not needed). After running SmartSniff, select "Start Capture" from the File menu, or simply click the green play button in the toolbar. If it's the first time that you use SmartSniff, you'll be asked to select the capture method and the network adapter that you want to use. If WinPcap is installed on your computer, it's recommended to use this method to capture packets. After selecting the capture method and your network adapter, click the 'OK' button to start capturing TCP/IP packets. while capturing packets, try to browse some Web sites, or retrieve new emails from your email software. After stopping the capture (by clicking the red stop button) SmartSniff displays the list of all TCP/IP conversations the it captured. When you select a specific conversation in the upper pane, the lower pane displays the TCP/IP streams of the selected client-server conversation. If you want the save the captured packets for viewing them later