Freeware captures raw sockets and TCP/IP packets

SmartSniff can work in one of two ways. It can capture packets with Windows's native raw sockets capture system, although this only works on Windows 2000 or better, and has some limitations: you cannot capture outgoing UDP and ICMP packets, and Windows XP Service Pack 1 does not support capture at all. Another way to capture is with the WinPcap driver, a free / open-source packet-capture driver that works on Windows 98 and up and lets you capture everything.

Each separate ICMP, TCP or UDP connection is broken out individually and referred to as a stream. Multiple conversations on the same connection are aggregated into the same stream. The program's top panel lists all of the streams captured by the application, and shows just about every important piece of information you could need: local and remote address, hosts and ports; service type; number of packets exchanged, total data size and capture time. Click on one of the conversations and the data in that conversation is displayed in the bottom panel. Data sent from your machine is in blue, while data sent to your machine is in purple.

Note that remote host name lookups are only resolved after you stop recording (so that traffic doesn't get logged as well), and that only 7-bit ASCII data is presented by default. If you select Options | "Display Characters Above ASCII 127", you'll see all the characters, but the color-coding on the display will vanish and the data might not be as coherent.

One of the things I've liked about Mr. Sofer's applications is how they have a high degree of consistency in their presentation. If you double-click on one of the conversations, for instance, you get an expanded infobox that's the same as one he's written for other tools. The whole record buffer can be saved in both a native data format and to an HTML report, and both the display results and capture actions can have filters applied to them so you only record what you need to see.

About the Author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators.

More information from SearchWinSystems.com

• White Paper: TCP/IP for Windows 2000: Introduction to TCP/IP
  
• Topics: Network Management
  
• RSS: Sign up for our RSS feed to receive expert advice every day.

This tip originally appeared on SearchWinSystems.techtarget.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Engineering Testing LAN switch power consumption: A best practices guide Desktop virtualization network requirements Preventing hacker attacks with network behavior analysis IPS Internal cloud computing on the cheap: Free automated provisioning? Improved storage performance without adding more disk Troubleshooting -- 'Network Know-How' Chapter 17 Windows Server 2008 IP routing configuration: Static and dynamic RIPv2 Understand Windows tracert output to troubleshoot network connectivity Using tracert and TTL to troubleshoot network connectivity problems 10 Gigabit Ethernet interconnect solutions: Investigate carefully before choosing Network Security Best Practices and Products 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices IP Networking What is the definition of ATM (Asynchronous Transfer Mode)? Do I have to disable DHCP on my router to create a DHCP server? Windows Server 2008 IP routing configuration: Static and dynamic RIPv2 What is IP? Connect your LAN to the Internet using static or dynamic NAT Using tracert and TTL to troubleshoot network connectivity problems Test your TCP/IP protocol stack to troubleshoot network connectivity IP addressing and subnetting explained Checking IP configuration to troubleshoot Windows network connectivity Does IPv6 abandon TCP/IP fragmentation? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.