SmartSniff allows you to capture TCP/IP packets that pass through your
network adapter, and view the captured data as sequence of conversations
between clients and servers. You can view the TCP/IP conversations in
Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or
as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 3 methods for capturing TCP/IP packets :
1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to
capture TCP/IP packets on your network without installing a capture
driver. This method has some limitations and problems.
2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all
Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In
order to use it, you have to download and install WinPcap Capture
Driver from this Web site. (WinPcap is a free open-source capture
This method is generally the preferred way to capture TCP/IP packets
with SmartSniff, and it works better than the Raw Sockets method.
3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003):
Microsoft provides a free capture driver under Windows 2000/XP/2003
that can be used by SmartSniff, but this driver is not installed by
default, and you have to manually install it, by using one of the
* Option 1: Install it from the CD-ROM of Windows 2000/XP
according to the instructions in Microsoft Web site
* Option 2 (XP Only) : Download and install the Windows XP
Service Pack 2 Support Tools. One of the tools in this package is
netcap.exe. When you run this tool in the first time, the Network
Monitor Driver will automatically be installed on your system.
Notice: If WinPcap is installed on your system, and you want to use
the Microsoft Network Monitor Driver method, it's recommended to run
SmartSniff with /NoCapDriver, because the Microsoft Network Monitor
Driver may not work properly when WinPcap is loaded too.