Packet sniffers are among a network administrator's best friends. They can help pinpoint whether a problem exists with a client, a server, or somewhere in between.
Nir Sofer, author of many other excellent utilities I've covered in the past, has now written a sniffer of his own: SmartSniff.
SmartSniff can work in one of two ways.
- It can capture packets with Windows' native raw sockets capture system, although this only works on Windows 2000 or better. This method has limitations: You cannot capture outgoing UDP and ICMP packets, and Windows XP Service Pack 1 does not support capture at all.
- It can capture with WinPcap, a free, open-source packet-capture driver that works on Windows 98 and higher and lets you capture everything.
Each separate ICMP, TCP or UDP connection is broken out individually and referred to as a stream. Multiple conversations on the same connection are aggregated into the same stream. SmartSniff's top panel lists all the streams captured by the application and shows every important piece of data you could need: local and remote address, hosts and ports; service type; number of packets exchanged, total data size and capture time.
Click on one of the conversations and the data in that conversation is displayed in the bottom panel. Data sent from your machine is in blue, while data sent to your machine is in purple.
Note: Remote host name lookups are only resolved after you stop recording (so that traffic doesn't get logged as well), and only 7-bit ASCII data is presented by default. If you select Options | "Display Characters Above ASCII 127," you'll see all the characters, but the color-coding on the display will vanish and the data might not be as coherent.
Nir Sofer's applications have a high degree of consistency in their presentation. For instance, if you double-click on one of the conversations, you get an expanded infobox that's the same as one he's written for other tools. The whole record buffer can be saved in both a native data format and to an HTML report, and both the display results and capture actions can have filters applied to them so you only record what you need to see.
About the author: Serdar Yegulalp is editor of the Windows Insight, (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.
More information on this topic:
White Paper: TCP/IP for Windows 2000: Introduction to TCP/IP
Topics: Network Management
RSS: Sign up for our RSS feed to receive expert advice every day.
