Snifferview is a small, powerful network analysis tool that can effectively help you view and analyze network data and troubleshoot network problems, which are characterized as follows:
1. Small size, around 200k, only one file, running and data analysis speed.
2. Supports the packet filter statements similar to the famous Grab tool Wireshark, which are optimized and easier to use, and specific rules can be found in the filter rules help documentation.
3. Support the Transport Layer Protocol TCP,UDP,ICMP Protocol, the Application Layer HTTP protocol analysis.
4. Support the export and import of network data, for example, can save the packet data captured by the customer to the file and bring it back through Snifferview analysis.
5. Support the Application network Status View, can view all or the specific application's network status, such as established network connection, network Connection protocol type, port, IP and so on.
6. Support to view the network status of the application by window.
Snifferview Download:
SnifferView1.0.0.25 version Download
Snifferview Function Description:
Snifferview Filter Rule settings (Fig. II):
There are three ways to call the Rule Settings dialog box: Click the Rule Settings button on the toolbar, or right-select the filter rule on the Listctrl form, or ctrl+h to pop up the Filter Rule Settings dialog box, you can enter the filter statement in the Filter Rule edit box or the Show Rule dialog box. The syntax of the filter statement is similar to the Wireshark filter statement, you can click the Help button next to view the syntax rules of the filter statement, enter the completion of the direct press ENTER. For example, we are interested in 8222 port TCP packets, you can enter tcp.port==8222 in the edit box of the filter rule, then we want to filter out packets from IP 152.32.34.122, we can enter ip.addr== in the edit box of the display rule. 152.32.34.122, so that the packets we need are filtered out and more protocol types will be supported in the future.
Note: Rules are divided into two types, filtering rules and display rules, packets that conform to the filter rules are saved in memory, can be exported to a file at any time, or viewed through a display rule, and the display rule will check packets that conform to the rules from the packet of the filtering rules and display them on the main interface.
Snifferview Network Status viewing function (Figure III):
Click the toolbar's network status button to pop up the Application Network Status dialog box, there are three ways to choose to view the network status of the specified application, not set to see the network status of all applications, For example, if we want to check the network status of QQ.exe, we can choose to filter by process path or name, then enter QQ.exe in the edit box and press ENTER, the network status of all processes that contain QQ.exe in the process path will be filtered out, and the left-double-click on the data will pop up the process details, including the full Path, version number, and so on.
Snifferview View the network Status function by window:
Do you use the VS Window tool Spy + +, this function is similar to the use of Spy + +, the mouse moves to the toolbar of the Find Window button press do not release, and then move the mouse to the window we want to view, release, will pop up the window to the details of the process, including the network status, the full path of the process , version number, etc., this feature is useful for dealing with small ads that pop up in the lower right corner.
If you find a bug or have good suggestions, you can email me: [email protected]
Figure One (Snifferview's main interface):
Figure II (Snifferview filter Rule and Highlight Rule setting interface):
Figure III (Snifferview's Application network status feature):
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Share small, powerful network sniffing and analysis tools Snifferview version -1.0.0.25