SmartSniff: what is it and how to watch your internet traffic in real-time

This has to be the smallest, simplest traffic capture tool around

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

SmartSniff is a tiny Windows monitoring tool which captures network traffic, shows you where it’s going and sometimes even allows you to look inside packets to try and identify what’s being sent.

When it comes to web monitoring tools, it may not compete in the feature stakes with some others. But don’t let that put you off - SmartSniff has plenty of plus points of its own.

You don’t need a degree in advanced networking tech to use it, for instance. It’s easy: even traffic capturing beginners can get started in seconds. Plus it’s free, without an ad in sight. The download is tiny at just 134KB, and there’s nothing to install - simply download it, unzip and run.

SmartSniff work on anything from XP (no kidding) toWindows 10, too, so if you’ve ancient hardware to investigate, no problem, SmartSniff has you covered.

SmartSniff setup

Scroll to the bottom of theSmartSniff website pageand you’ll find it comes in three download flavors: a plain ZIP file, a 64-bit build, and a version with an installer which covers everything.

If you’re running a modernWindows 10PC then the 64-bit version is best. Just download and unzip it, then run the SmartSniff executable, smsniff.exe. If you’re not sure which version you need, grab the installer.

The first time you launch SmartSniff, it asks you to choose a Capture Method. Leave the default ‘Raw Sockets’ option selected for now (ignore the ‘Windows 2000/XP’, it also works on everything up to Windows 10.)

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Next, choose the network adapter you’d like SmartSniff to monitor. Our testlaptophad lots of these, but most of them could be ignored (anything with a 0.0.0.0 IP address), and the ‘Connection Name’ column should tell you which adapter to use. To monitor our Wi-Fi traffic we just had to choose the connection name ‘WiFi’, for instance, while our ethernet adapter was called, you’ve guessed it, ‘Ethernet.’

Using SmartSniff to monitor Internet traffic

Setup complete, SmartSniff should open its main window and begin displaying any network activity. You can control this from the toolbar by clicking the green Record button to start capturing traffic, or the red Stop button to, well, stop.

If this doesn’t seem to be working, try launching a browser to give the app something to display. And if there’s still no luck, could you have chosen the wrong adapter? Click Options > Filter Option to check, or maybe try something else.

When everything is running smoothly, you’ll see internet packets sent by your device, along with their remoteIP addressand host or domain name, protocol (UDP or TCP), the connection type (HTTP, HTTPS, IMAP, POP3 and others) and a lot more.

There’s a lot of detail here, but if it’s more than you need, click View > Choose Columns and clear the checkboxes for anything you don’t want to see.

Watch internet activity in real time

To get started, leave SmartSniff running for a few minutes and see just how much network activity your PC has going on in the background.

We closed all browsers on our test system, set SmartSniff running, and in 10 minutes it captured 5,600+ packets across 165 ‘conversations’ (separate exchanges between a process on our PC and a network or internet resource.)

Scrolling through the list gave us more of a feel for what’s happening. We saw a lot of conversations with remote websites, but that’s just the start. Our test laptop had Outlook installed, and SmartSniff captured IMAP exchanges, POP3 and more.

You’ve probably not downloaded SmartSniff just to count packets, though. What’s more interesting is figuring out what all this activity means, what’s really going on. And SmartSniff has some handy tools to help.

What’s using your connection… and why?

SmartSniff can’t associate network traffic with a process, so you’re not able to see which application is responsible for any particular internet activity. But it does give you several ways to figure out more of what’s going on.

Scroll down SmartSniff’s capture list and check the domains in its ‘Remote Host’ column for anything you recognise. Our test laptop occasionally tried to access ‘kck3hlb9.dashlane.com’, for instance, but as we had the excellent password managerDashlaneinstalled, that wasn’t a surprise.

Don’t recognise the domain? Search for it atGoogle. We’ve found one system communicating with the oddly-named ‘zwyr157wwiu6eior.com’, for instance. Malware? Nope, a quick search told us it’s an entirely legitNordVPNserver.

Windows 10,Microsoft Edgeand Office regularly try to access variousMicrosoftservers, mostly because they’re sending so much data about how you’re using your PC. You’ll quickly learn to recognize those from accesses to domain names ending microsoft.com, windows.com, office.com, msedge.net, akamaiedge.net, azure.com, live.com, live.com.akadns.net and similar.

Look inside network packets

SmartSniff doesn’t just show you the source and destination IPs of any network activity. It also logs the content of each packet, which may help you figure out what has made the network connection, and why.

To try this out, click a network action in the main SmartSniff list, and look at its content in the lower pane. Sometimes this is plain text, for example if an app has accessed website HTML code. Binary transmissions are generally unreadable, though occasionally you might see recognisable text.

For example, one of our test system packets was mostly binary, but also included the URL svpnapi.safesoftware.net. A quick Google search told us this was aWebroot Wi-Fi Security-connected server, which told us the connection was made by our Webroot Wi-Fi SecurityVPNinstallation.

There are plenty of other simple ways to analyse your system’s activity. Click the Total Size column header and SmartSniff sorts your connections by total data transfer, for instance, highlighting everything taking the largest bite of your bandwidth.

SmartSniff options and settings

Although SmartSniff works well with its standard settings, there are some other options and tools which might improve your traffic-capturing life.

Leave the program running for a while and it might capture thousands of conversations, for instance, leaving you with way too much scrolling to find what you need. Add some capture or display filters, though, and you can tell SmartSniff to display only traffic to a particular IP address, or using a specific port, or one of many other options. Check theNirSoft sitefor examples.

There’s a surprise extra in an Extract HTTP files feature which allows you to save files stored in the captured streams. This only worked some of the time for us, but hey, SmartSniff is freeware, we’re not complaining.

You can save the captured packets and reload them later, too, handy if you need to analyse traffic over time.

Although SmartSniff may not be quite as advanced as similar web monitoring toolssuch as Wireshark. Experts who like to tweak every low-level detail should check out the Advanced Options page, too, where there are all kinds of settings to define what SmartSniff captures and how it’s displayed.

SmartSniff is still relatively basic, as capture tools go (check out ourtraffic capturing guidefor other options.) But it’s also easy to use, effective, configurable, portable and free, and that’s more than good enough for us.

Read more:

Mike is a lead security reviewer at Future, where he stress-testsVPNs,antivirusand more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike’s attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.

Mozambique VPN usage soars as internet restrictions continue

Retail and tech firms are hackers' most wanted targets – here’s what you can do about it

Best lightweight Linux distro of 2024