Handy Windows tools for sniffing network traffic

Sniff Kit

Efficiently Filtering Packets

SmartSniff quickly collects a confusingly large volume of data, particularly in large networks with many computers. SmartSniff will help you sort through the mass of packet data. Click Options | Display Filter . Then insert a filter in the window to remove the packets you don't want to see. Make sure you don't use any spaces. See Table 1 for a summary of some SmartSniff filter options.

Table 1

Filter Options in SmartSniff

Filter Effect Filter Syntax
Only packets with a specific remote port [e.g., HTTP (80)] include:remote:tcp:80
Only packets with several specific remote ports [e.g., HTTP (80) and NDS (53)] include:remote:tcp:80include:remote:udp:53
All packets in a certain IP range (e.g., to include:remote:all:
All TCP/UDP packets in a specific port range include:both:tcpudp:53-139

Monitoring Processes

SmartSniff can also monitor the processes that send the network packets. Click Options | Advanced Options and enable Retrieve process information while capturing packets . If the tool detects the process, you will see its process ID and the name of the exporting file in the two columns ProcessID and Process Filename . However, this procedure only works if the connection remains open and continues to capture data. Be mindful that this option burdens the computer. You can only analyze this data in real time.

Reading Passwords Using SniffPass

If you forget the password for your FTP access or another program connects via the network, you can use SniffPass to filter out the password in the network traffic on the local machine if it is stored in a program. A security audit is another scenario. If you also want to check whether passwords are sent in plain text on a computer, (e.g., for POP3/IMAP access), you can read passwords from local computers without much background knowledge.

You do not need to install SniffPass; rather, you can simply start it and begin the Sniff process. SniffPass (Figure 3) then eavesdrops in the network or on the local computer until it detects an unencrypted password sent through SMTP, POP3, IMAP4, FTP, or other common protocols.

Figure 3: You can find unencrypted usernames and passwords on the network with SniffPass.

Many routers and switches do not allow such monitoring operations on networks, which means you can only see the data on the local computer. As with SmartSniff, you should therefore use WinPcap. To read passwords on the network, enable the WinPcap mode and the Promiscuous Mode function via Options | Capture Options . However, not all network cards support this mode. To test the function, go to the website [6] and enter demo as the username and password as the password. SniffPass will immediately show the username and password when the sniffer process is started.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=