SmartSniff

홈페이지 : http://www.nirsoft.net/utils/smsniff.html

Description

SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 2 methods for capturing TCP/IP packets :

• Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
• WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.)
  This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.

Capture and Display Filters

Starting from version 1.10, you can filter unwanted TCP/IP activity during the capture process (Capture Filter), or when displaying the captured TCP/IP data (Display Filter).

For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax:
[include|exclude] : [local|remote|both] : [tcp|udp|tcpudp|icmp|all] : [IP Range|Ports Range]