Free tcp sniffer windows

Снифферы

Malcolm

Инструмент с открытым исходным кодом для анализа и визуализации трафика.

ThreatEye

Платформа для проведения экспертизы сети.

Gurucul Network Behavior Analytics

Решение для анализа сетевого трафика на базе технологии машинного обучения.

MALCOLM

Информационная панель, отображающая метрики HTTPS- трафика, проходящего через сеть Cloudflare .

MITMEngine

Библиотека с открытым исходным кодом, предназначенная для детектирования перехвата HTTPS-трафика.

NetworkMiner

Пассивный сетевой сниффер.

Wireshark

Wireshark – анализатор сетевых протоколов, который позволяет вам фиксировать и в интерактивном режиме просматривать содержание сетевых фреймов.

O&K Print Watch

Утилита для контроля и управления печати на принтерах.

SmartSniff

SmartSniff — крошечная бесплатная утилита, предназначенная для перехвата и просмотра TCP/IP-пакетов, передаваемых через сетевые адаптеры между клиентскими и серверными машинами.

York — это сниффер для сетевого трафика и анализатор сетевых пакетов в одной программе.

HTTP Analyzer

Сниффер перехватывающий в реальном времени http-заголовки

Radium-Keylogger

SniffPass

SniffPass — утилита, анализирующая трафик, проходящий через сетевой адаптер.

SoftPerfect Network Protocol Analyzer

SoftPerfect Network Protocol Analyzer — анализатор сетевых протоколов (снифер) для анализа, отладки, управления и мониторинга сетевых соединений.

Print Inspector

Мощная программа для управления печатью в локальной сети. Print Inspector позволяет отменить или приостановить любое задание на одном из принтеров в сети, просмотреть свойства распечатанного документа, возобновить работу с того места, где она была остановлена, или же начать печать сначала.

Cain & Abel

Инструмент для быстрого восстановления паролей в среде windows.

tPacketCapture

Пакетный снифер для Android, использующий VPN вместо root-доступа.

Источник

Free tcp sniffer windows

Notice: If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it’s recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.

System Requirements

Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using ‘Raw Sockets’ method. However, this capture method has some limitations and problems:

• Outgoing UDP and ICMP packets are not captured.
• On Windows XP SP1 outgoing packets are not captured at all — Thanks to Microsoft’s bug that appeared in SP1 update.
  This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1.
• On Windows Vista/7/8: Be aware that Raw Sockets method doesn’t work properly on all systems. It’s not a bug in SmartSniff, but in the API of Windows operating system. If you only see the outgoing traffic, try to turn off Windows firewall, or add smsniff.exe to the allowed programs list of Windows firewall.

How to capture data from other wireless networks

Versions History

• Version 2.29:
  • Fixed bug from version 2.28: SmartSniff crashed when selecting loopback interface or other network interfaces without connection information.
• Version 2.28:
  • The information of the selected network adapter is now displayed in the window title.
• Version 2.27:
  • Fixed the lower pane to switch focus when pressing tab key.
• Version 2.26:
  • SmartSniff now automatically loads the new version of WinPCap driver from https://nmap.org/npcap/ if it’s installed on your system.
  • SmartSniff now tries to load the dll of Network Monitor Driver 3.x (NmApi.dll) according to the installation path specified in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Netmon3. This change should solve the problem with loading the Network Monitor Driver 3.x on some systems.
• Version 2.25:
  • Added 4 columns to the adapters list in the ‘Capture Options’ window: ‘Connection Name’, ‘MAC Address’, ‘Instance ID’, ‘Interface Guid’.
  • When using WinPCap driver , SmartSniff now displays more accurate information in the adapters list of the ‘Capture Options’ window.
  • Fixed the ‘Retrieve process information while capturing packets’ feature to work on Windows 10/8/7.
• Version 2.20:
  • Added option to capture traffic on 127.0.0.1 (Loopback) to ‘Raw Sockets’ capture method (For Windows Vista or later).
• Version 2.17:
  • Added ‘Find In Upper Pane’ option.
• Version 2.16:
  • Fixed bug: SmartSniff failed to remember the last size/position of the main window if it was not located in the primary monitor.
• Version 2.15:
  • Added ‘Capture is Active’ check-box (F11) under the File menu. You can now temporary suspend/resume the capture simply by pressing the F11 key.
• Version 2.11:
  • Added ‘Always On Top’ option.
  • Added secondary sorting support: You can now get a secondary sorting, by holding down the shift key while clicking the column header. Be aware that you only have to hold down the shift key when clicking the second/third/fourth column. To sort the first column you should not hold down the Shift key.
• Version 2.10:
  • SmartSniff now allows you to automatically add it to the allowed programs list of Windows firewall when starting to capture and remove it when you stop capturing. This option is needed when using the ‘Raw Socket’ capture method while Windows firewall is turned on, because if SmartSniff is not added to Windows firewall, the incoming traffic is not captured at all.
• Version 2.08:
  • SmartSniff now remembers the last file type you selected in ‘Load Packets Data From File’ option.
  • Fixed the window title of ‘Display Filter’ option.
• Version 2.07:
  • Fixed to flickering in the upper pane.
• Version 2.06:
  • Fixed to display HTTP POST URLs on ‘URL List’ display mode.
• Version 2.05:
  • Added ‘Capture On Program Start’ option.
  • Added ‘Mark Odd/Even Rows’ option, under the View menu. When it’s turned on, the odd and even rows are displayed in different color, to make it easier to read a single line.
• Version 2.00:
  • Added support for GeoLite City database. You can now download the GeoLite City database (GeoLiteCity.dat.gz), put it in the same folder of smsniff.exe, and SmartSniff will automatically use it to get the country/city information for every IP address.
  • Added ‘Auto Size Columns+Headers’ option, which allows you to automatically resize the columns according to the row values and column headers.
• Version 1.95:
  • Added Find option (Ctrl+F) to easily find text in the lower pane.
  • Fixed issue: The properties dialog-box and other windows opened in the wrong monitor, on multi-monitors system.
• Version 1.93:
  • Fixed bug: When opening the ‘Capture Options’ dialog-box after Network Monitor Driver 3.x was previously selected, SmartSniff switched back to Raw Sockets mode.
• Version 1.92:
  • Added accelerator key to the ‘URL List’ mode (Ctrl+F4)
• Version 1.91:
  • Fixed a crash problem occurred with some Web pages when using the ‘Extract HTTP Files’ option .
• Version 1.90:
  • Added ‘Put Icon On Tray’ option.
• Version 1.85:
  • Added ‘Use DNS Queries & Cache For Host Names’ option. When it’s turned on, SmartSniff analyzes the captured DNS queries and uses them for displaying the local/remote host names. The internal DNS cache of Windows is also used.
• Version 1.82:
  • Added ‘Duration’ column, which displays the difference between the capture time and last packet time.
• Version 1.81:
  • Updated the internal country names list (Added more 14 countries) for using with the IP to country file (IpToCountry.csv).
• Version 1.80:
  • Added ‘Extract HTTP Files’ option (under the File menu), which allows you to easily extract all HTTP files stored in the selected streams, into the folder that you choose.
• Version 1.79:
  • Fixed bug: ‘Restart Capture’ option caused SmartSniff to crash in some circumstances.
• Version 1.78:
  • Added ‘Restart Capture’ option (Ctrl+R), which stops the capture and then immediately starts it again.
• Version 1.77:
  • Increased the size of total filter string (Capture Filter and Display Filter) that can be saved into the .cfg file.
• Version 1.76:
  • When ‘Retrieve process information while capturing packets’ option is turned on, the ‘Process User’ column now displays the user name of the specified process.
• Version 1.75:
  • Added ‘Decompress HTTP Responses’ option. When it’s turned on, HTTP responses compressed with gzip are automatically detected, and displayed in decompressed form.
• Version 1.72:
  • Fixed bug: The status bar packets counter displayed a little higher value than the total packets counters in the upper pane table.
• Version 1.71:
  • Added ‘Hide Lower Pane’ option (under the Options menu), which is useful when you work in statistics only mode, and you don’t need the lower pane.
• Version 1.70:
  • Added ‘Display only active connections’ in Advanced Options window. When this options is turned on, SmartSniff automatically hide all streams that their connection was closed. This means that SmartSniff will only display the streams that their connection is still opened.
• Version 1.65:
  • Added support for .csv files in ‘Save Packet Summaries’ option.
  • Added ‘Add Header Line To CSV/Tab-Delimited File’ option. When this option is turned on, the column names are added as the first line when you export to csv or tab-delimited file.
• Version 1.63:
  • Added ‘Automatically Scroll Down in Live Mode’ option, under the Options menu
• Version 1.62:
  • Added /StartCapture and /LoadConfig command-line options.
  • Added x64 version of SmartSniff, to work with Microsoft Network Monitor Driver 3.x on Windows x64.
• Version 1.60:
  • Added support for capturing with Microsoft Network Monitor 3.x driver. (Very useful for Windows Vista/7 users, because the old Network Monitor driver is not supported in these OS)
  • For Microsoft Network Monitor 3.x driver, there is also ‘Wifi Monitor Mode’ button which only works under Windows 7/Vista, and only for wireless devices that supports the ‘Monitor Mode’. When you switch the wireless card to monitor mode, SmartSniff can capture all unencrypted wireless TCP streams in the channel that you chose to monitor.
  • Added support for opening the capture file (.cap) of Microsoft Network Monitor 3.x
  • Added support for viewing the content of unencrypted Wifi/TCP streams. This feature works on WinPCap driver and Microsoft Network Monitor 3.x
  • Added ‘Promiscuous Mode’ check-box for WinPCap and Microsoft Network Monitor 3.x driver. In the previous version, SmartSniff always turned on the ‘Promiscuous Mode’, but in some wireless adapters, the capture doesn’t work at all if Promiscuous Mode is turned on.
• Version 1.53:
  • Fixed bug: SmartSniff displayed a crash message on msvcrt.dll when reading TCP packets with invalid data length.
• Version 1.52:
  • In ‘Export TCP/IP Steams’ — Added 2 new file types — ‘Raw Data Files — Local’ and ‘Raw Data Files — Remote’ for exporting only one side of the stream.
• Version 1.51:
  • Added Drag & Drop support — you can now drag .ssp file from Explorer into the window of SmartSniff.
• Version 1.50:
  • Added ‘Last Packet Time’ column — Displays the date/time of the last packet received.
  • Added ‘Data Speed’ column — Displays the calculated speed of the TCP connection in KB per second.
• Version 1.45:
  • New option: Display Outgoing/Incoming Data — When this option is turned on, separated values for outgoing and incoming packets are displayed for the following columns: ‘Packets’, ‘Data Size’, and ‘Total Size’. The values are displayed in the following format:
  • Version 1.40:
    • Added local/remote MAC addresses (relevant only for local network, and it doesn’t work with raw sockets)
    • Added IPNetInfo integration — When you put IPNetInfo utility in the same folder of SmartSniff, You can view the information about the remote IP addresses.
    • Added IP Country columns to display the country name of IP addresses. (requires to download an external file from here)
  • Version 1.38:
    • Under Vista, automatically run as administrator.
  • Version 1.37:
    • Fixed bug: The main window lost the focus when the user switched to another application and then returned back to SmartSniff.
  • Version 1.36:
    • Fixed bug: SmartSniff hang when you work with ‘URL List’ mode.
  • Version 1.35:
    • New Display Mode — ‘URL List’: Allows you to view the list of URLs for the select TCP/IP items (only for HTTP protocol)
    • Increased the buffer of raw sockets to avoid packet loss.
    • The configuration is now saved to a file, instead of the Registry.
  • Version 1.32:
    • Fixed bug: Wrong capture time displayed when «Only display TCP/IP statistic. » option was selected.
    • Added ‘Summary Mode’ in Advanced Options — Allows you to view general TCP/IP statistics by addresses only, without adding a separated line for each connection.
  • Version 1.31:
    • Added support for Microsoft Network Monitor driver (Under Windows 2000/XP/2003).
  • Version 1.30:
    • New option: Only display TCP/IP statistic, do not store the captured data in file.
    • New option: Retrieve process information while capturing packets.
    • In ‘Load Packets Data From File’, you can now choose to load tcpdump/libpcap file saved by Ethereal or by other capture programs.
    • A tooltip is displayed when a string in a column is longer than the column length.
    • When running SmartSniff in the first time, the first found network adapter with IP address is now automatically selected. (In previous versions, the user had to select an adapter in order to start capturing)
  • Version 1.21:
    • Fixed Bug: packets in TCP/IP conversations sometimes displayed in wrong order.
  • Version 1.20:
    • New option in Live Mode: Display the beginning of TCP/IP conversation content while capturing.
    • Save / Load SmartSniff configuration.
    • Filters are now saved when you exit from SmartSniff, and loaded again in the next time that you run it.
    • Significant improvement in performances of Live Mode when there are a lots of TCP/IP conversations.
    • Fixed bug: pressing F2/F3/F4 while capturing packets in live mode caused the capture to be corrupted.
  • Version 1.11: Improve in performances while capturing with WinPcap driver.
  • Version 1.10:
    • Performances — Large TCP/IP conversations are now displayed much faster than in previous version.
    • Live Mode — View the TCP/IP conversation list while capturing.
    • Capture and display filters.
    • New option: Resolve IP Addresses to host names (displayed in ‘Local Host’ and ‘Remote Host’ columns)
    • New option: On Automatic display mode, don’t display data in hex format if the data size is larger than. (The default is 100 KB)
    • New option: In the lower pane, don’t display items with data size larger than. (The default is 1000 KB)
    • Added more accelerator keys.
    • XP style support.
  • Version 1.00: First release.

  Using SmartSniff

  If you want the save the captured packets for viewing them later, use «Save Packets Data To File» option from the File menu.

  Display Mode

  Starting from version 1.35, there is a new mode — ‘URL List’. This mode only display the URL addresses list (http://. ) found in the captured packets.

  Exporting the captured data

  Displaying characters above ASCII 127

  The ‘IP Country’ columns

  You can also use the GeoLite City database. Simply download the GeoLite City in Binary / gzip (GeoLiteCity.dat.gz) and put it in the same folder of smsniff.exe
  If you want to get faster loading process, extract the GeoLiteCity.dat from the GeoLiteCity.dat.gz and put it in the same folder of smsniff.exe

  Capture and Display Filters

  For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax:
  [ include | exclude ] : [ local | remote | both ] : [ tcp | udp | tcpudp | icmp | all ] : [ IP Range | Ports Range ]

  Here’s some examples that demonstrate how to create a filter string:

  • Display only packets with remote tcp port 80 (Web sites):
    include:remote:tcp:80
  • Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS):
    include:remote:tcp:80
    include:remote:udp:53
  • Display only packets originated from the following IP address range: 192.168.0.1 192.168.0.100:
    include:remote:all:192.168.0.1-192.168.0.100
  • Display only TCP and UDP packets that use the following port range: 53 — 139:
    include:both:tcpudp:53-139
  • Filter most BitTorrent packets (port 6881):
    exclude:both:tcpupd:6881
  • Filter all ICMP packets (Ping/Traceroute activity):
    exclude:both:icmp

  Notice: A single filter string must not include spaces !

  Live Mode

  Viewing process information

  The structure of .ssp file (SmartSniff Packets File)

  The main header structure:
  00 — SMSNF200 signature.
  08 — (2 bytes) The number of bytes in the header (currently 4 bytes for the IP Address)
  0A — (4 bytes) IP Address

  Header of each packet:
  00 (2 Bytes) packet header size (currently 0x18 bytes)
  02 (4 Bytes) number of received bytes in packet.
  06 (8 Bytes) Packet time in Windows FILETIME format.
  0E (6 Bytes) Source Mac Address.
  14 (6 Bytes) Dest. Mac Address.
  1A The remaining bytes are the TCP/IP packet itself.

  Источник