Open Source

Download for platforms:

Wireless Snif  4.174

Ufasoft Snif is a network sniffer, designed for capturing and analysis of the packets going through the network. Using the packet driver, it requests all the packets from the network card driver (even the packets not addressed to this computer).

Then the packets go to protocol analyzers which are written as separate modules and their set may be extended by the user himself. Various analyzers may be interdependent and are organized in a tree structure.

Includes:

• TcpDump for Windows
• TcpFlow for Windows
• ICQ/IRC/MSN/Email Sniffers (former ICQ Sniffer product)

This software is designed to intercept ICQ, IRC and email messages across a LAN. It is possible to observe these messages in the same time the real users will receive it. All intercepted messages are stored in files, which can be later processed and analyzed. There are two versions for your convinince IcqSnif with GUI, and concole only IcqDump. The functionality is the same, except it is possible to select which machines to arp-spoof exactly in the GUI version. The software is based on the reliable and well-known Ufasoft Sniffer engine.

The software will intercept all messages available on the network adapter.

There are two possible network designs implemented on your LAN: 1. Ethernet HUB hardware In this case all messages for all computers connected to the same HUB can be intercepted with your network adapter. There is no need to use an arp-spoof technique. 2. Ethernet Switch hardware. In this case you will see messages addressed only to you. This is why we decided to implement arp-spoof technique to allow the sniffing of messages of other computers connected to the same ethernet switch.

Supported Wi-Fi adapters

The results of each analyzer's work may be saved in the Database.

What's new

4.160 (February 2012)

• Suport of Sqlite database

4.159 (December 2011)

• Log Encoding changed to UTF-8

4.153 (March 2011)

• ADDED: capture of vkontakte.ru messages

4.152 (March 2011)

• ADDED: capture of mamba.ru messages

4.149 (January 2011)

• ADDED: support of IPv6

4.145 (November 2010)

• ADDED: FTP file capture

4.144 (October 2010)

• ADDED: NDIS6 driver for Windows Vista/7/2008 with Native 802.11 support
• ADDED: WEP-decryption in Real-Time

4.142 (May 2010)

• Using MSI installer
• FIXED: Capturing E-Mails with '.'-beginning lines
• FIXED: ARP-spoofing bugs
• FIXED: saving users to Database
• FIXED: Clearing ICQ Messages from HTML tags
• FIXED: Resolving ICQ Nicks

4.141 (March 2010)

• ADDED: support of CommView file format .ncf

4.139 (December 2009)

• ADDED: capturing of "ICQ File Transfer"

4.135 (June 2009)

• ADDED: Search Query Analyzer (Google, Yahoo, MSN, Yandex, Rambler, Baidu)

4.131 (Jan 2009)

• ADDED: Yahoo WebMessenger Analyzer

4.129 (Dec 2008)

• FIXED: 100% CPU using by ARP Spoof

4.128 (Dec 2008)

• Native Atheros Driver used

4.127 (Dec 2008)

• First version for Linux
• Support of ASUS EEE Pc's Wi-fi Adapter

4.126 (May 2008)

• Converted to UNICODE (compatibility with Win98 lost)

4.126 (May 2008)

• Converted to UNICODE, compatibility with Win98 lost
• FIXED: crash if email without "To" header field

4.125 (April 2008)

• FIXED: support of BSD's DLT_NULL interface

4.124 (March 2008)

• FIXED: crash in drivers
• Recovery after sleep mode
• 'Why Uninstall' dialog in the Uninstaller

4.123 (January 2008)

• FIXED: channel numbering for Atheros
• Version numbers changed to 2 digits
• Vista & XP x64 support (only drivers)
• Minimizing to Tray implemented
• Mail.ru Agent Analyzer added
• Added: wep_tools (wep_decrypt & wep_crack)
• FIXED: unreadable text in ICQ analyzer

4.2.121 (November 2007)

• Atheros AR5006X WiFi adapter support

4.2.120 (July 2007)

• PPPoE analyzer
• Intel 2200BG WiFi adapter support

4.2.119 (July 2007)

• Fixed: compatibility with Win2K

4.2.117 (July 2007)

• Adapted to Windows Vista
• Activation Server runned at ufasoft.com

4.1.116 (July 2006)

• Fixed bug with processing of SOCKS4

4.1.115 (June 2006)

• Improved HTTP & MSN analyzers
• Changed IP recognition methods

4.1.113 (March 2006)

• Yahoo Messenger analyzer added
• Log of IP for every message to Database ant optionally to text log

4.1.111 (December 2005)

• Merged with IM Snif (Icq Snif). All licenses of SnifMon and IcqSnif valid.

4.0.107 (September 2005)

• Support of Wi-Fi cards in monitor mode. Following chipsets: Orinoco, Cisco-350 and other Prism-compatible, Prism54, Atheros.
• Added iwconfig, iwlist.
• Cross-platform "Remote Sniffer Agent". Used rpcapd form WinPCap. Source code for UNIX included.
• Import of Netxray-files (NAI Sniffer). All importable files also supported by "tcpdump -r"

3.11.104 (December 2004)

• Network utilization chart
• FIXED: bugs in driver
• Added: tcpstat

Version 3.0

The possibility of intercepting the traffic of RAS-connections with NT4/Win2000 has been added. There are the following peculiarities with Win2000 here:
The packets are intercepted the way they are being transferred to the modem, that is after going through various types of PPP-compression. Therefore, to successfully intercept the whole traffic, it is necessary to start Sniffer before RAS-connection is established. Otherwise, it would not be able to reconstruct the packets; unmodified state, not knowing the compression-history
• The database format (sniffer.od file) has been improved. Now saving packets to disk takes much less time.
• It is possible to regulate the queue size of the packets that have been intercepted by the driver but not yet analyzed. Here the memory of requested size is provided only in the physical area and is not flushed to the disc. (Tools|Options|Queue size menu).

Copyright © 1998-2015 Ufasoft. All rights reserved.