SmartSniff will allow users you to capture TCP/IP packets that pass through your network adapter and view the captured data as sequence of conversations between servers and clients.
You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 2 methods for capturing TCP/IP packets :
* Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
* WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.)
This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
SmartSniff can capture TCP/IP packets on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP) as long as WinPcap capture driver is installed and works properly with your network adapter.
Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using ‘Raw Sockets’ method. However, this capture method has some limitations and problems:
- Outgoing UDP and ICMP packets are not captured.
- On Windows XP SP1 outgoing packets are not captured at all – Thanks to Microsoft’s bug that appeared in SP1 update.This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1.
- On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all.
- Fixed bug: SmartSniff displayed a crash message on msvcrt.dll when reading TCP packets with invalid data length.