Monitor network traffic of Windows processes with Socket Sniff

SocketSniff is a free portable program for Windows that enables you to watch WinSock activity of a selected process in the Windows operating system.

It can sometimes be useful to find out if a process connects to a computer network or the Internet, and if it does, what it uploads to the Internet or downloads from it.

While all of that may not always be possible to tell, for instance when encryption is being used, there are still information that can be gathered during the process.

SocketSniff is a program by NirSoft which provides you with options to select a running process in Windows to monitor its WinSocket activity.

When you start the application for the first time after download and extraction on the local system, you are asked to pick a process from the list of available processes.

The selected process will be monitored automatically from that moment on until you click on the stop button in the program interface or exit the application.

WinSocket activity is listed in rows in the program interface. Each row lists a variety of information including the local and remote address used, how much data is sent and received, and whether the socket is still open or closed.

Once you select a row, information about it are displayed in the lower half of the interface. If you select firefox.exe for example, you may see header information listed there but also hex data that may or may not reveal additional information about the activity.

The information recorded by SocketSniff grows quickly especially if the monitored process opens and closes lots of sockets. The Socket Types filter can be used to display only TCP or UDP types which can reduce the data significantly. The default setting is to record and display both socket types.

A search is provided that helps you find information of interest. You can use it to find IP addresses or bits of information in the recorded data.

You can export some or all of the recorded data to various data formats including text, csv, xml or HTML.

SocketSniff can be a useful program under certain conditions. Developers can use it to monitor socket creation of their applications while end users may use it to monitor the network activity of a specific process.