Last Friday I posted a list of free packet sniffers. There, I promised to write about my favorite tool. You might have guessed that it is Ethereal since it probably is the most popular free network packet sniffer. It has many feature which its free rivals lack. This is also true for the free sniffer SmartSniff which is a much simpler tool. However, SmartSniff has some features which are quite useful for system administrators that Ethereal lacks. Its founder, Gerald Combs, recently transferred to a new company and had to rename Ethereal to Wireshark. There might be two different packet sniffers in the future. At the moment the two tools have the same features though.

Latest posts by Michael Pietroforte (see all)

1. Ease of use
I use a packet sniffer maybe once or twice a year. Usually, I want to analyze the network behavior of a malfunctioning application or network device. Sometimes, one of our computers shows suspicious behavior, and I want to know what is going on in our network. So, in most cases, I have to use a packet sniffer under time pressure. Although I have known Ethereal already for some time, it always takes me quite a while to remember how to configure Ethereal to get the information I want. Whereas when I used SmartSniff the first time, I was able to work with it immediately.


2. Real time display
Both tools are able to display the captured packets in real time. This is useful if you are testing an application, since you see immediately the network traffic, when you change its configuration. The problem with Ethereal is that it displays all captured packets in the order they arrive on the network interface. SmartSniff is a bit smarter here. It counts the packets of the same type, i.e. with the same ports and IP addresses, and displays them in one row. This way, you get a much faster overview of the network traffic than with Ethereal. With SmartSniff, I often even don't have to configure a filter to get the information I need.

3. Standalone application
SmartSniff is a standalone application. You can run its executable everywhere without installing the tool. This is quite useful if you have to manage several subnets. You can connect by RDP to a machine in this subnet, start SmartSniff, and here you go. Quite smart, isn't it?

4. Raw socket support
Now you might object that you have to install WinPcap first, anway. WinPcap is a driver that most packet sniffers need to capture the network packets bypassing the protocol stack. SmartSniff works best if you use WinPcap, but it also does its job without it. So you can indeed use it without installing anything on the computer, in most cases. SmartSniff can use the raw socket feature of Windows 2000/XP. There are two limitations, though. You can't capture outgoing ICMP and UDP packets, and if you only have SP1 on a Windows XP machine, SmartSniff won't be able to capture any outgoing packets. This is due to a bug in SP1 which was fixed in SP2.


So all in all, i think, SmartSniff is the better choice than Ethereal/Wireshark for the average system administrator. Of course, Ethereal/Wireshark is a much more sophisticated tool. I still use it when I need statistics about the network traffic. However, in most cases, I get the information needed faster with SmartSniff.

  1. Avatar
    mimi 16 years ago

    i still confused about the founder of wireshark.. is Gerald Combs adapting smartsniff features into the new ethereal(wireshark) or he just simply transfer to wireshark without changing the ethereal features.

  2. Avatar

    Mimi, I guess it wouldn’t make sense to rename Ethereal if he didn’t intend to add new features.

  3. Avatar
    Stig 16 years ago

    Have a look in the Wireshark FAQ:

  4. Avatar
    Anonymous 13 years ago

    A belated clarification so Mimi’s misunderstanding doesn’t spread to anyone else:
    SmartSniff has nothing to do with Wireshark/Ethereal. SmartSniff is from NirSoft, a guy named Nir Sofer who’s written tons of free utilities. Wireshark/Ethereal is from Gerald Combs.

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account