Capture with Microsoft Network Monitor 3 in SmartSniff and SniffPass utilities

The new versions of SmartSniff and SniffPass utilities allows you to capture network traffic with the version 3.x of Microsoft Network Monitor driver. This feature is especially useful for the users of Windows Vista, Windows 7, and Windows Server 2008, because the old version of Microsoft Network Monitor doesn't support these operating systems.

Also, Microsoft Network Monitor 3 provide a new feature for Windows Vista/7/2008 users - it allows you to switch your Wifi adapter to 'Monitor Mode' (Only if the adapter supports this mode), which means that it can capture the traffic from other wireless networks around your location.

When using this 'Monitor Mode' with SmartSniff, it won't be able to capture the traffic from most of the wireless networks, simply because they are encrypted with WEP/WPA. However,  if there are some unencrypted wireless networks in your area,  SmartSniff will be able to capture and show the content of the transferred TCP/UDP packets.

SmartSniff with Network Monitor 3 driver

SmartSniff with Network Monitor 3 driver

Another important feature added into the new version of  SmartSniff/SniffPass is the 'Promiscuous Mode' check box for WinPCap driver capture mode. In previous versions, these utilities always turned on the  'Promiscuous Mode', but with many Wifi adapters, the capturing doesn't work at all when using them in Promiscuous Mode.  Starting from these new version of SmartSniff/SniffPass, the Promiscuous Mode is turned off by default, and you can turn it on in the 'Capture Options' window when you need it.

One Response to “Capture with Microsoft Network Monitor 3 in SmartSniff and SniffPass utilities”

  1. Forest Yuan Says:

    SmartSniff is great! I have used it now and then on Windows XP for more than one year. However, it seems a minor bug exists on Window 7.

    Steps to produce this bug:
    1. Install Microsoft Network Monitor v3.4 on Windows 7.
    2. Show the Capture Options dialog, and select "Network Monitor Driver 3.x".
    3. In the lower list, select an adapter with an IP address other than 0.0.0.0.
    4. Click OK to save the options.
    5. Show the Capture Options dialog again, you will find that the Capture Method is set to Raw Sockets.

    I tested SmartSniff 1.92 on two Windows 7 PC, and got same results. I think this is a minor bug since it prevents the user from using Network Monitor Driver 3.x on Windows 7.

    We users would appreciate if you could fix it when you have time.

    Thanks.

Leave a Reply