Your download link is at the very bottom of the page... always.

Processed through Paypal
No account required.

Donate Bitcoin to this wallet:
Donate Ethereum to this wallet:
Donate Litecoin to this wallet:

Buy our over-priced crap to help keep things running.
Take No CrapwareOG Dad CapNo Password

Join our Facebook groupFollow us on TwitterFollow us on InstagramOur RSS FeedJoin us on TikTokJoin us on LinkedIn

 Home » Freeware Downloads » Network Monitoring and Hacks » SmartSniff v2.29 64bit   
File - Download SmartSniff v2.29 64bit

We are leaving for vacation June 6th. No updates while we're gone.
If there were updates, it wouldn't be a vacation. ;) -Randy and Deanna

Always scroll to the bottom of the page for the main download link.
We don't believe in fake/misleading download buttons and tricks. The link is always in the same place.

SmartSniff v2.29 64bit

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 3 methods for capturing TCP/IP packets :

Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.)
This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site
Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system.
Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic.
The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site.

Notice: If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.

System Requirements
SmartSniff can capture TCP/IP packets on any version of Windows operating system (Windows 98/ME/NT/2000/XP/2003/2008/Vista/7/8) as long as WinPcap capture driver is installed and works properly with your network adapter.
You can also use SmartSniff with the capture driver of Microsoft Network Monitor, if it's installed on your system.

Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using 'Raw Sockets' method. However, this capture method has some limitations and problems:

Outgoing UDP and ICMP packets are not captured.
On Windows XP SP1 outgoing packets are not captured at all - Thanks to Microsoft's bug that appeared in SP1 update...
This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1.
On Windows Vista/7/8: Be aware that Raw Sockets method doesn't work properly on all systems. It's not a bug in SmartSniff, but in the API of Windows operating system. If you only see the outgoing traffic, try to turn off Windows firewall, or add smsniff.exe to the allowed programs list of Windows firewall.

How to capture data from other wireless networks
Smartsniff can also capture data from other unsecured wireless networks, only on Windows 7/2008/Vista. For more information, read this Blog post: How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff

Versions History

Version 2.29:

Fixed bug from version 2.28: SmartSniff crashed when selecting loopback interface or other network interfaces without connection information.

Using SmartSniff
In order to start using SmartSniff, simply copy the executable (smsniff.exe) to any folder you like, and run it (installation is not needed).
After running SmartSniff, select "Start Capture" from the File menu, or simply click the green play button in the toolbar. If it's the first time that you use SmartSniff, you'll be asked to select the capture method and the network adapter that you want to use. If WinPcap is installed on your computer, it's recommended to use this method to capture packets.
After selecting the capture method and your network adapter, click the 'OK' button to start capturing TCP/IP packets. while capturing packets, try to browse some Web sites, or retrieve new emails from your email software. After stopping the capture (by clicking the red stop button) SmartSniff displays the list of all TCP/IP conversations the it captured. When you select a specific conversation in the upper pane, the lower pane displays the TCP/IP streams of the selected client-server conversation.

If you want the save the captured packets for viewing them later, use "Save Packets Data To File" option from the File menu.

Display Mode
SmartSniff provides 3 basic modes to display the captured data: Automatic, Ascii, and Hex Dump. On Automatic mode (the default), SmartSniff checks the first bytes of the data stream - If it contains characters lower than 0x20 (excluding CR, LF and tab characters), it displays the data in Hex mode. otherwise, it displays it in Ascii mode.
You can easily switch between display modes by selecting them from the menu, or by using F2 - F4 keys. Be aware that 'Hex Dump' mode is much slower than Ascii mode.

Starting from version 1.35, there is a new mode - 'URL List'. This mode only display the URL addresses list (http://...) found in the captured packets.

Exporting the captured data
SmartSniff allows you to easily export the captured data for using it in other applications:

The upper pane: you can select one or more items in the upper pane, and then copy them to the clipboard (You can paste the copied items into Excel or into spreadsheet of or save them to text/HTML/XML file (by using 'Save Packet Summaries').
The lower pane: You can select any part of the TCP/IP streams (or select all text, by using Ctrl+A), copy the selected text to the clipboard, and then paste it to Notepad, Wordpad, MS-Word or any other editor. When you paste the selected streams to document of Wordpad,, or MS-Word, the colors are also transferred.
Your can also export the TCP/IP streams to text file, HTML file, or raw data file, by using "Export TCP/IP Streams" option.

Displaying characters above ASCII 127
By default, characters above ASCII 127 are not displayed in the TCP/IP streams. You can enable high ASCII characters by using "Display Characters Above ASCII 127". When you use this option, the TCP/IP streams are displayed without colors. Be aware that when working in this mode, the loading process of the lower pane might be very slow.

The 'IP Country' columns
In order to watch the countries of the local/remote IP addresses, you have to download the latest IP To Country file from here. You have the put the 'IpToCountry.csv' file in the same folder of smsniff.exe

You can also use the GeoLite City database. Simply download the GeoLite City in Binary / gzip (GeoLiteCity.dat.gz) and put it in the same folder of smsniff.exe
If you want to get faster loading process, extract the GeoLiteCity.dat from the GeoLiteCity.dat.gz and put it in the same folder of smsniff.exe

Capture and Display Filters
Starting from version 1.10, you can filter unwanted TCP/IP activity during the capture process (Capture Filter), or when displaying the captured TCP/IP data (Display Filter).

For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax:
[include | exclude] : [local | remote | both] : [tcp | udp | tcpudp | icmp | all] : [IP Range | Ports Range]

Here's some examples that demonstrate how to create a filter string:

Display only packets with remote tcp port 80 (Web sites):
Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS):
Display only packets originated from the following IP address range:
Display only TCP and UDP packets that use the following port range: 53 - 139:
Filter most BitTorrent packets (port 6881):
Filter all ICMP packets (Ping/Traceroute activity):

Notice: A single filter string must not include spaces !

Live Mode
Starting from version 1.10, a new option was added to 'Advanced Options' section - 'Live Mode'. When SmartSniff capture packets in live mode, the TCP/IP conversations list is updated while capturing the packets, instead of updating it only after the capture is finished. Be aware that "Live Mode" requires more CPU resources than non-live mode. So if your computer is slow, or your have a very high traffic on your network, it's recommended to turn off this option.
Starting from version 1.20, you can also view the content of each TCP/IP conversation (in the lower pane) while capturing the packets. However, if the TCP/IP conversation is too large, you won't be able to watch the entire TCP/IP conversation until the capture is stopped.

Viewing process information
Starting from version 1.30, you can view the process information (ProcessID and process filename) for captured TCP packets. However, this feature have some limitations and problems:

Process information is only displayed for TCP packets (It doesn't work with UDP)
Process information may not be displayed for TCP connections that closed after short period of time.
Retrieving process information consume more CPU resources and may slow down your computer. It's not recommended to use this feature if you have intensive network traffic.
Process information is currently not saved in ssp file.

In order to activate this feature, go to 'Advanced Options' dialog-box, check the "Retrieve process information while capturing packets" option and click the 'OK' button. 2 new columns will be added: ProcessID and Process Filename. Start capturing, and process information will be displayed for the captured TCP conversations.

The structure of .ssp file (SmartSniff Packets File)
The structure of .ssp file saved by SmartSniff is very a simple. It contains one main header in the beginning of the file, followed by sequence of all TCP/IP packets, each of them begins with a small header.

The main header structure:
00 - SMSNF200 signature.
08 - (2 bytes) The number of bytes in the header (currently 4 bytes for the IP Address)
0A - (4 bytes) IP Address

Header of each packet:
00 (2 Bytes) packet header size (currently 0x18 bytes)
02 (4 Bytes) number of received bytes in packet.
06 (8 Bytes) Packet time in Windows FILETIME format.
0E (6 Bytes) Source Mac Address.
14 (6 Bytes) Dest. Mac Address.
1A The remaining bytes are the TCP/IP packet itself.

Translating to other languages
SmartSniff allows you to easily translate all dialog-boxes, menus, and strings to other language.
In order to do that, follow the instructions below:

Run SmartSniff with /savelangfile parameter:
smsniff.exe /savelangfile
A file named smsniff_lng.ini will be created in the folder of SmartSniff utility.
Open the created language file in Notepad or in any other text editor.
Translate all menus, dialog-boxes, and string entries to the desired language.
After you finish the translation, Run SmartSniff, and all translated strings will be loaded from the language file.
If you want to run SmartSniff without the translation, simply rename the language file, or move it to another folder.

Command-Line Options
Command Description
/StartCapture Start to capture packets immediately.
/LoadConfig <.cfg filename> Starts SmartSniff with the specified configuration file.
/NoCapDriver Starts SmartSniff without loading the WinPcap Capture Driver.
/NoLoadSettings Starts SmartSniff without loading your last settings.

This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !

The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.

If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to

Click here to visit the author's website.
Continue below for the main download link.

Downloads Views Developer Last Update Version Size Type Rank
4,697 7,218 Nir Sofer <img src=""border="0"> Nov 19, 2019 - 12:52 2.29 133.7KB ZIP 5/5, out of 54 Votes.
File Tags
SmartSniff  v2.29  64bit  
Whoa! Slow down there, Speedy.
Kindly read this and then continue to download below.

Like seeing no ads? No misleading/fake download buttons?
We like it too! This site has been kept alive for 15 years
because of people just like you who download and donate.
No one is stopping you from downloading without donating
but the site runs on the "Honor System". If your momma
raised you to be honorable, make a donation and download
'til ya turn blue. Make your momma proud!

Thank you! -Randy & Deanna (The Older Geeks)
Missouri Ozarks, USA

Monthly operating costs = $750
Donations cover operating costs first
then are set aside for future upgrades and/or
handed-over to Deanna for new shoes.


Send a check payable to Home Computer Repair LLC, 208 E. Water St. Mount Vernon, MO 65712

Recent Super Donors ($50+)
Thanks, William
Thanks, Alan
Thanks, Lance
Thanks, John

Recent Donors
Thanks, Tim
Thanks, Wally
Thanks, Chris
Thanks, Raymond
Thanks, Michael
Thanks, Jeffrey
Thanks, Diane
Thanks, Eng
Thanks, Harry
Thanks, Henry

→ Download Your File ←

Click to Rate File     Share it on Twitter → Copyright (c) 2024