
WinSniffer for 95/NT/2000  1.1

WinSniffer is the first console sniffer for MS Windows 95/NT/2000 and 
has a great deal of functions. It can retrieve POP3/TELNET/HTTP/FTP/IMAP/NNTP 
passwords, and it can save all mail messages in UNIX mailbox format.

One of the great innovations in this program is that it analyzes each protocol 
individually (take only logins and passwords) and saves only new ones.

Uses
winsniff /a AdapterNumber [/s passwordfile] [/m mailfile]

First, you should run [smmsniff /l] - it shows adapters on your computer
Example

D:\Release>winsniff.exe /l
Win Sniffer 32 1.1
All rights reserved.

[0] RAS Async Adapter
 RAS Async Adapter
 \Device\{335B9C3D-1C32-4487-8F8E-7FC3238FADF8}
[1] WAN Miniport (L2TP)
 WAN Miniport (L2TP)
 \Device\{5A1D6090-4168-4D99-B50D-93EA0495CA5B}
[2] WAN Miniport (PPTP)
 WAN Miniport (PPTP)
 \Device\{20EBF5BC-1189-4618-97C6-E36E79D693C4}
[3] Direct Parallel
 Direct Parallel
 \Device\{4AFF9073-8DCA-4537-A9EE-2E7154A22C8A}
[4] WAN Miniport (IP)
 WAN Miniport (IP)
 \Device\{AB904C86-7C8D-4218-A8D3-6F64C01B84FB}
[5] Realtek RTL8029(AS)-based PCI Ethernet Adapter
 Realtek RTL8029(AS)-based PCI Ethernet Adapter
 \Device\{6B9C1453-0227-4ADA-BEB4-C87BC9CA36CD}

This program works only with ethernet adapters, and number 5 is ethernet 
adapter so you can run sniffer on it.

D:\Release>winsniff.exe /a 5 /s pass /m mail
Win Sniffer 32 0.01.00.00
All rights reserved.

Passwords file : pass
Mail message file : mail
AdapterName : "\Device\{6B9C1453-0227-4ADA-BEB4-C87BC9CA36CD}"
Press Ctrl-C To Exit...
[1]Saving config file...

Mail message were saved in file "mail" and passwords from standart protocols in "pass"

Sample:
File: "pass"

-[0]-Fri Feb 18 13:19:43 2000--100.1.1.1->100.1.1.100:23----
root
dsfaktybsdffy
elm


-[1]-Fri Feb 18 13:20:58 2000--100.1.1.1->100.1.1.100:23----
smmsd
sfd

exit


-[2]-14:52:14 02/19/00--194.68.213.40->149.75.0.3:21----
USER scribona
PASS d90jak2p1

-[3]-17:37:56 02/19/00--135.166.235.111->114.62.233.45:80----
[carl lamer:CLP23bx]

GET /External/Extranet/C00001A.nsf HTTP/1.1
Host: sclso30.carl.com

And example of "mail"


From someone@earthlink.net Fri Feb 18 09:14:36 2000
Date: Fri, 18 Feb 2000 09:14:36 +0300
From: Jonh Par <someone@earthlink.net>
X-Mailer: The Bat! (v1.36) UNREG / CD5BF93533544591
Reply-To: Jonh Par <someone@earthlink.net>
X-Priority: 3 (Normal)
Message-ID: <0381.020238@earthlink.net>
To: root
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello ,



-- 
Best regards,
Jonh mailto:someone@earthlink.net