NetworkTrafficView v1.60

Download NetworkTrafficView (x32 version)

Download NetworkTrafficView (x64 version)

Description

NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections).

System Requirements

• This utility works on any version of Windows, starting from Windows 2000 and up to Windows 7, including 64-bit systems.
• One of the following capture drivers is required to use NetworkTrafficView:
  • WinPcap Capture Driver: WinPcap is an open source capture driver that allows you to capture network packets on any version of Windows. You can download and install the WinPcap driver from this Web page.
  • Microsoft Network Monitor Driver version 2.x (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by NetworkTrafficView, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
    • Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site
    • Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system.
  • Microsoft Network Monitor Driver version 3.x: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008.
    The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site.
• You can also try to use NetworkTrafficView without installing any driver, by using the 'Raw Sockets' method. Unfortunately, Raw Sockets method has many problems:
  • It doesn't work in all Windows systems, depending on Windows version, service pack, and the updates installed on your system. On some systems, Raw Sockets works only partially and captures only the incoming packets. On some other systems, it doesn't work at all.
  • On systems that 'Raw Sockets' method works properly, it can only capture IPv4 TCP/UDP packets. It cannot capture other type of packets, like the other capture drivers.
  • On Windows 7 with UAC turned on, 'Raw Sockets' method only works when you run NetworkTrafficView with 'Run As Administrator'.

Start Using NetworkTrafficView

Except of a capture driver needed for capturing network packets, NetworkTrafficView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - NetworkTrafficView.exe After running NetworkTrafficView in the first time, the 'Capture Options' window appears on the screen, and you're requested to choose the capture method and the desired network adapter. In the next time that you use NetworkTrafficView, it'll automatically start capturing packets with the capture method and the network adapter that you previously selected. You can always change the 'Capture Options' again by pressing F9.
After choosing the capture method and network adapter, NetworkTrafficView starts to display your current network traffic, grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports.
You can press F6 to stop the network traffic capture, F5 to start it again, or Ctrl+X to clear the current network traffic statistics.

Change the Grouping Mode

In the 'Advanced Options' window (F8), you can change the grouping settings, which affects the way that the network traffic statistics is accumulated and displayed on the screen:

• Packet Direction Grouping:
  • Display both packet directions in a single line: When you choose this option, packets sent in both directions (client to server and server to client) are accumulated in the same statistics line.
  • Display the 2 packet directions in 2 separated lines: When you choose this option, packets sent from client to server and packets sent from server to client are accumulated and displayed in 2 different statistics lines.
• General Grouping:
  • Group by combination of Ethernet Type, IP Protocol, Addresses, and TCP/UDP Ports: When this option is selected, every TCP connection is accumulated and displayed separately. For example, if your Web browser opens 5 connections to the same server, 5 or 10 statistics lines (depending on the Packet Direction Grouping) will be displayed on the screen.
  • Group by combination of Ethernet Type, IP Protocol, and Addresses. Ignore TCP/UDP Ports: When this option is selected, all TCP connections with the same client and server are accumulated and displayed in the same statistics line. For example, if your Web browser opens 5 connections to the same server, 1 or 2 statistics lines (depending on the Packet Direction Grouping) will be displayed on the screen.
  • Group by process: When this option is selected, all TCP connections came from the same process are accumulated and displayed in the same statistics line.

IP Address Country/City Information

NetworkTrafficView allows you to view country/city information for every IP address. In order to activate this feature, you have to download one of the following external files, and put the file in the same folder of NetworkTrafficView.exe:

• http://software77.net/geo-ip/: Download the IPv4 CSV file, extract it from the zip/gz file, and put it in the same folder of NetworkTrafficView.exe as IpToCountry.csv
• GeoLite City database: Download the GeoLite City in Binary / gzip (GeoLiteCity.dat.gz) and put it in the same folder of NetworkTrafficView.exe
  If you want to get faster loading process, extract the GeoLiteCity.dat from the GeoLiteCity.dat.gz and put it in the same folder of NetworkTrafficView.exe

Columns Description

• Ethernet Type: Displays the Ethernet type - IPv4, IPv6, ARP, and so on.
• IP Protocol: Displays the IP protocol, when the Ethernet type is IPv4 or IPv6 - TCP, UDP, ICMP, and so on.
• Source/Destination Address: Displays the source and destination addresses of this packets summary line. For non-IP packets (like ARP), the MAC addresses are displayed. For IP packets (IPv4 or IPv6), the IP addresses or host names are displayed.
• Source/Destination Port: For TCP lines, the port numbers of the TCP connection are displayed.
• Service Name: For TCP lines, displays the service name (http, https, ftp, and so on) according to the lower port number.
• Status: For TCP lines, displays whether the TCP connection is opened or closed. Be aware that by default, the 'Hide Closed TCP Connection' option is turned on, which means that closed connections are automatically hidden, unless you turn off the 'Hide Closed TCP Connection' option.
• Packets Count: The number of packets counted for the specified packets group.
• Total Packets Size: The total size of all packets (in bytes), including the packet headers, for the specified packets group.
• Total Data Size: The total size of the data of all packets (in bytes), excluding the Ethernet and TCP/IP headers, for the specified packets group.
• Data Speed: The current data speed for the specified packets group, in KB/Sec.
• Maximum Data Speed: The maximum data speed recorded by NetworkTrafficView for the specified packets group.
• Average Packet Size: The average packet size (in bytes) of the specified packets group.
• First Packet Time: The date/time that the first packet of the specified packets group was captured.
• Last Packet Time: The date/time that the last packet of the specified packets group was captured.
• Duration: The difference between the first packet time and the last packet time.
• Process ID: The process ID of the specified TCP connection.
• Process Name: The process .exe name of the specified TCP connection.

Command-Line Options

/load_file_pcap <Filename>	Loads the specified capture file, created by WinPcap driver.
/load_file_netmon <Filename>	Loads the specified capture file, created by Network Monitor driver 3.x.
/CaptureTime <Time In Seconds>	Specifies the number of seconds to capture the traffic, when using one of the save command-line options (/stext, /stab, and so on...) If you don't specify this command-line option, the default capture time is 10 seconds.
/LoadConfig <Config File>	Loads the specified configuration file.
/stext <Filename>	Save the network traffic information into a simple text file.
/stab <Filename>	Save the network traffic information into a tab-delimited text file.
/scomma <Filename>	Save the network traffic information into a comma-delimited text file (csv).
/stabular <Filename>	Save the network traffic information into a tabular text file.
/shtml <Filename>	Save the network traffic information into HTML file (Horizontal).
/sverhtml <Filename>	Save the network traffic information into HTML file (Vertical).
/sxml <Filename>	Save the network traffic information into XML file.
/sort <column>	This command-line option can be used with other save options for sorting by the desired column. If you don't specify this option, the list is sorted according to the last sort that you made from the user interface. The <column> parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like "Source Address" and "Packets Count". You can specify the '~' prefix character (e.g: "~Total Data Size") if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns. Examples: NetworkTrafficView.exe /shtml "c:\temp\networktraffic.html" /sort 2 /sort ~1 NetworkTrafficView.exe /shtml "c:\temp\networktraffic.html" /sort "IP Protocol" /sort "Data Speed"
/nosort	When you specify this command-line option, the list will be saved without any sorting.

Command-line Examples:
NetworkTrafficView.exe /shtml c:\temp\traffic.html /CaptureTime 15 /Sort "~Total Data Size"
NetworkTrafficView.exe /LoadConfig c:\temp\config1.cfg /scomma c:\temp\traffic.csv /Sort "~Data Speed"

Translating NetworkTrafficView to other languages

In order to translate NetworkTrafficView to other language, follow the instructions below:

1. Run NetworkTrafficView with /savelangfile parameter:
   NetworkTrafficView.exe /savelangfile
   A file named NetworkTrafficView_lng.ini will be created in the folder of NetworkTrafficView utility.
2. Open the created language file in Notepad or in any other text editor.
3. Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
4. After you finish the translation, Run NetworkTrafficView, and all translated strings will be loaded from the language file.
   If you want to run NetworkTrafficView without the translation, simply rename the language file, or move it to another folder.