SmartSniff: what is it and how to watch your internet traffic in real-time

NirSoft SmartSniff.net is a network monitoring and packet capture tool for Windows
(Image credit: NirSoft.net)

SmartSniff is a tiny Windows monitoring tool which captures network traffic, shows you where it's going and sometimes even allows you to look inside packets to try and identify what's being sent.

When it comes to web monitoring tools, it may not compete in the feature stakes with some others. But don't let that put you off - SmartSniff has plenty of plus points of its own.

You don't need a degree in advanced networking tech to use it, for instance. It's easy: even traffic capturing beginners can get started in seconds. Plus it's free, without an ad in sight. The download is tiny at just 134KB, and there's nothing to install - simply download it, unzip and run.

SmartSniff work on anything from XP (no kidding) to Windows 10, too, so if you've ancient hardware to investigate, no problem, SmartSniff has you covered.

  • Best VPN: stay safe online and get around geo-restrictions

NirSoft SmartSniff can monitor wireless or wired network adapters on Windows systems

(Image credit: NirSoft.com)

SmartSniff setup

Scroll to the bottom of the SmartSniff website page and you'll find it comes in three download flavors: a plain ZIP file, a 64-bit build, and a version with an installer which covers everything.

If you're running a modern Windows 10 PC then the 64-bit version is best. Just download and unzip it, then run the SmartSniff executable, smsniff.exe. If you're not sure which version you need, grab the installer.

The first time you launch SmartSniff, it asks you to choose a Capture Method. Leave the default 'Raw Sockets' option selected for now (ignore the 'Windows 2000/XP', it also works on everything up to Windows 10.)

Next, choose the network adapter you'd like SmartSniff to monitor. Our test laptop had lots of these, but most of them could be ignored (anything with a 0.0.0.0 IP address), and the 'Connection Name' column should tell you which adapter to use. To monitor our Wi-Fi traffic we just had to choose the connection name 'WiFi', for instance, while our ethernet adapter was called, you've guessed it, 'Ethernet.'

NirSoft SmartSniff can capture network traffic, including email usernames and passwords

Network traffic can include sensitive data such as usernames and passwords (Image credit: NirSoft.com)

Using SmartSniff to monitor Internet traffic

Setup complete, SmartSniff should open its main window and begin displaying any network activity. You can control this from the toolbar by clicking the green Record button to start capturing traffic, or the red Stop button to, well, stop.

If this doesn't seem to be working, try launching a browser to give the app something to display. And if there's still no luck, could you have chosen the wrong adapter? Click Options > Filter Option to check, or maybe try something else.

When everything is running smoothly, you'll see internet packets sent by your device, along with their remote IP address and host or domain name, protocol (UDP or TCP), the connection type (HTTP, HTTPS, IMAP, POP3 and others) and a lot more. 

There's a lot of detail here, but if it's more than you need, click View > Choose Columns and clear the checkboxes for anything you don't want to see.

Watch internet activity in real time

To get started, leave SmartSniff running for a few minutes and see just how much network activity your PC has going on in the background. 

We closed all browsers on our test system, set SmartSniff running, and in 10 minutes it captured 5,600+ packets across 165 'conversations' (separate exchanges between a process on our PC and a network or internet resource.)

Scrolling through the list gave us more of a feel for what's happening. We saw a lot of conversations with remote websites, but that's just the start. Our test laptop had Outlook installed, and SmartSniff captured IMAP exchanges, POP3 and more.

You've probably not downloaded SmartSniff just to count packets, though. What's more interesting is figuring out what all this activity means, what's really going on. And SmartSniff has some handy tools to help.

NirSoft SmartSniff logs and displays network traffic on Windows system

(Image credit: NirSoft.com)

What's using your connection... and why?

SmartSniff can't associate network traffic with a process, so you're not able to see which application is responsible for any particular internet activity. But it does give you several ways to figure out more of what's going on.

Scroll down SmartSniff's capture list and check the domains in its 'Remote Host' column for anything you recognise. Our test laptop occasionally tried to access 'kck3hlb9.dashlane.com', for instance, but as we had the excellent password manager Dashlane installed, that wasn't a surprise.

Don't recognise the domain? Search for it at Google. We've found one system communicating with the oddly-named 'zwyr157wwiu6eior.com', for instance. Malware? Nope, a quick search told us it's an entirely legit NordVPN server.

Windows 10, Microsoft Edge and Office regularly try to access various Microsoft servers, mostly because they're sending so much data about how you're using your PC. You'll quickly learn to recognize those from accesses to domain names ending microsoft.com, windows.com, office.com, msedge.net, akamaiedge.net, azure.com, live.com, live.com.akadns.net and similar.

Look inside network packets

SmartSniff doesn't just show you the source and destination IPs of any network activity. It also logs the content of each packet, which may help you figure out what has made the network connection, and why.

To try this out, click a network action in the main SmartSniff list, and look at its content in the lower pane. Sometimes this is plain text, for example if an app has accessed website HTML code. Binary transmissions are generally unreadable, though occasionally you might see recognisable text.

For example, one of our test system packets was mostly binary, but also included the URL svpnapi.safesoftware.net. A quick Google search told us this was a Webroot Wi-Fi Security-connected server, which told us the connection was made by our Webroot Wi-Fi Security VPN installation.

There are plenty of other simple ways to analyse your system's activity. Click the Total Size column header and SmartSniff sorts your connections by total data transfer, for instance, highlighting everything taking the largest bite of your bandwidth.

NirSoft SmartSniff provides many advanced options and configuration settings

(Image credit: NirSoft.net)

SmartSniff options and settings

Although SmartSniff works well with its standard settings, there are some other options and tools which might improve your traffic-capturing life.

Leave the program running for a while and it might capture thousands of conversations, for instance, leaving you with way too much scrolling to find what you need. Add some capture or display filters, though, and you can tell SmartSniff to display only traffic to a particular IP address, or using a specific port, or one of many other options. Check the NirSoft site for examples.

There's a surprise extra in an Extract HTTP files feature which allows you to save files stored in the captured streams. This only worked some of the time for us, but hey, SmartSniff is freeware, we're not complaining.

You can save the captured packets and reload them later, too, handy if you need to analyse traffic over time.

Although SmartSniff may not be quite as advanced as similar web monitoring tools such as Wireshark. Experts who like to tweak every low-level detail should check out the Advanced Options page, too, where there are all kinds of settings to define what SmartSniff captures and how it's displayed.

SmartSniff is still relatively basic, as capture tools go (check out our traffic capturing guide for other options.) But it's also easy to use, effective, configurable, portable and free, and that's more than good enough for us.

Read more:

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.