If you knew the developer programmer behind the Nirsoft, I absolutely would not have him as an enemy because given what he can do publicly, I do not dare to think where he can go if he unleashes his skills against someone. We obviously talk about computers and tools they go to intercept data traffic passing over the internet connection in a network that can be that at home if there are multiple computers in different rooms or that of an office.
If the computers are in the same network, wifi or cable, they go out on the internet (so they connect to surf the web) through the same router that connects them to each other. Windows, like other operating systems, protects the computer from intrusions and a firewall can also be used to prevent any type of intrusion into the PC.
The problem is that, most of the network traffic, the sites visited, the searches on Google, the data sent via the internet like emails, passwords and messages on other sites can be easily intercepted and read by another computer.
As explained in another article, using easy software tools, join a wifi network and spy on what you do on the internet.
Nirsoft, on the other hand, is a leader in network tools for capturing information and sniffing traffic inside the network (thus without hacking or illegal activities) that technicians and administrators can use to diagnose problems or for other reasons. Among these reasons there can certainly be that of wanting check other computers to see where they are browsing and perhaps capture private information. These tools are very useful for those who want to have tighter control over home or office computers.
As a prerequisite, all these network tools that intercept packets and information require, on Windows 10, Windows 7 and other versions, installing a program called WinPcap (or Microsoft Network Monitor), a virtual driver that enables the capture of information from the computer's network card (this is because Windows does not support promiscuous mode). Without needing to know more details, the first thing to do is to install the WinPCap driver by downloading and then following the normal wizard. With WinPcap, you can use these 4 Nirsoft tools that capture packages and translate them into valuable information and understandable on what happens on the internet from computers that connect to the network. In some cases these sniffing and monitoring tools must be run with administrator rights (press the right button on the .exe file and then choose "Run as administrator". Some antivirus may report these tools as viruses: they are false warnings to be ignored and indeed , to whoever happens, I would really suggest to change the safety program.
1) Network monitoring and control us NetworkTrafficView e SmartSniff
This tool, portable and to run without installation, can intercept network traffic via the WinPcap driver and displays statistics and information on the data that pass through the internet from all PCs on the network (applies also for mobile phones that connect via wifi).
The program displays network traffic in real time with information on: IP protocol, source and destination address, ports, process, total Kbytes transferred and transmission speed. NetworkTrafficView is more than anything else a program for network administrators, difficult to understand for people who are not experts in computer science and networking. Unfortunately, traffic cannot be filtered in order to capture only certain information, so let's go to the second on the list that will surely give more satisfaction. SmartSniff gives some more information about the programs used on the computers and the sites visited.
2) The program Web Channel Monitor is able to sniff internet traffic on a wifi channel, which captures wifi traffic on the chosen channel, using the Microsoft Network Monitor capture driver in monitor mode.
3) WebSite Sniffer e HTTPNetwork Sniffer to see which sites are visited.
With WebSite Sniffer it is possible to capture information about the websites on which people who use other PCs in the same network surf, at home, in the next room, or in the office. In this case there is very little to understand because each line that is recorded by WebSite Sniffer is the name of a website so you can check, in real time, which sites are visited by others. The program is automatic and just press the Start and Stop buttons to start or stop capturing websites. WebSiteSniffer captures all website files uploaded to various computers on the network (HTML, Flash, video, images, scripts and other content files) automatically, while browsing the Internet and stores them in a favorite folder that can be consulted as chronology or at the end of the day. The only sites that are not displayed are those starting with HTTPS with an encrypted connection. HTTPNetwork Sniffer is very similar and sniffs all packets passing from websites to your computer, showing their names and addresses.
4) Capture of cookies us Web Cookies Sniffer
Cookies are small data files that are used for purposes of monitoring and storing information and settings on various websites.
They are necessary, but at the same time they leave traces of what is done online. If you want to know which cookies are saved on your computer and on the PCs connected to the network, in real time, while browsing the browser, you can use WebCookiesSniffer. At the first start of the program you are asked to choose the capture method and the network card. The capture method is always WinPcap while the network card must be the one that is connected with the router or, if using network sharing it is network shared. The program collects information on the internet, whatever the browser used on the computer. The list of cookies indicates various information including the host name, which coincides with the site that releases the file on the computer. The capture is in real time, it can be stopped and restarted with the start and stop keys but a history with the recordings is not saved. It is interesting to note that, when an internet search is made on Google from a PC or mobile phone connected to the network, WebCookiesSniffer reports the search path and you can know what searches are being done.
5) Password capture: Password Sniffer
After running Password Sniffer, every time that, from computers on the network, a password is entered to log into an account on a website such as Facebook or Twitter, it it is intercepted and displayed on the main interface. SniffPass is able to capture the passwords of the POP3, IMAP4, SMTP e-mail protocols and then of the FTP and HTTP protocols (basic authentication password only). It does not work with HTTPS sites, so with sites whose data transmission is secure and it does not work if the network is managed by a router that does not let passwords through.
6) DNSQuerySniffer it is a free tool only to be downloaded and launched after unpacking it (it may be necessary to run it with administrator privileges by right clicking on it and then selecting the option). The program does nothing but capture network packets so it requires the WinPcap driver to be installed on Windows.
The application displays all DNS requests made in chronological order and you can then sort them alphabetically or by IP address. The program analyzes all the DNS queries that are made while browsing the internet (in practice the sites to which you connect) and does so until you click on the Stop button in the application window (or if this is closed) . In the Options you can enable automatic scrolling in order to follow the various links in real time. The program also displays failed connections which can be useful in finding out if the provider blocks access to any censored or obscured website.
DNSQuerySniffer is another of the Nirsoft programs to sniff the network and intercept information on internet traffic.
6) The program Microsoft's SysMon is another alternative to see how many sites and domains the programs we are using connect to, to know which connections are established by the computer each time you browse or if you use certain software. Sysmon must be launched from the command prompt as an administrator.
In addition to these Nirsoft tools, always with the aim of sniffing the network and capturing internet traffic packets in a network, it is necessary to mention and report:
- Wireshark to capture information on the network and intercept traffic
- Fiddler capturing HTTP and HTTPS traffic to check all the sites your computer connects to.
- Capsa Free Network Analyzer 64-bit only.
6) In another article, other programs for attack the network and find vulnerabilities intercepting traffic even with Man In The Middle attacks that spy on and change communications between two people.
As you can see, the power of these programs is in their utility for diagnostics and troubleshooting and there are no viruses, no files to install on target computers, and no attempts to fraudulently and deceive private information. . Packets passing through a computer network and what is transmitted over the internet are simply intercepted and translated in an understandable way.
Sniffing the PC network and intercepting internet traffic and passwords