When you get online or in a network, network packets are being used to transfer data around. We don’t normally get to see them because they work secretly in background. In order to investigate the packets, we have to use packet sniffing tools and one of the most popular free software for that is WireShark. Seems like Nir Sofer, the author of Nirsoft.net has been playing around with network packets lately because most of his new release tools has got to do with packet sniffing. One of his latest new release is called HTTPNetworkSniffer which captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. Basically this is an alternative to URL Snooper.
Tools such as HTTPNetworkSniffer are very useful when you want to find out the direct link to download a software when it uses web installer. One example is when you want to download and install AVG Anti-Virus Free 2012, you will have to first download a 3.7MB web installer, and the web installer will then download the latest necessary files to install on your computer. The web installer doesn’t show you where it is downloading from and HTTPNetworkSniffer solves this problem.
As usual, what I like most about Nir Sofer tools are they are portable. HTTPNetworkSniffer is only a single 108KB file (HTTPNetworkSniffer.exe). Running it will first prompt you to select the sniffing engine driver. Unlike URL Snooper that only works with WinPcap, HTTPNetworkSniffer can support Raw sockets which you don’t need to install any third party driver for sniffing but required to run as administrator when UAC is enabled, WinPcap and Network Monitor Driver by Microsoft. Clicking the play icon at the menubar will start capturing the packets.
HTTPNetworkSniffer shows a lot of information such as host name, method (POST, GET), path, user agent, response code & string, content type, referrer, content & transfer encoding, server, content length, connection, cache control, cookie, client & server address, and request time. That is A LOT of useful information that is being shown compared to URL Snooper. What I find missing from HTTPNetworkSniffer is the option to remove duplicates and also filtering so that it is easier for me to search the path that I am looking for. An option to copy the “full path” (host name + path) would also be very useful.
Do note that HTTPNetworkSniffer only works on non-encrypted sessions. Meaning if the files are hosted at HTTPS, the packets are SSL encrypted and there is no way for HTTPNetworkSniffer to decode it. That is the whole point of SSL encryption to provide security for data sent to and from a web site.