WhoIsConnectedSniffer v1.28 Copyright (c) 2013 - 2022 Nir Sofer Web site: https://www.nirsoft.net Description =========== WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER. For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address. After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file. WhoIsConnectedSniffer vs Other NirSoft Tools ============================================ As you may know, NirSoft already provides other tools (Wireless Network Watcher, NetBScanner) that scan the network and show the computers that are currently connected. As opposed to the other tools, WhoIsConnectedSniffer doesn't perform any scanning and it doesn't send any packet to the other computers. WhoIsConnectedSniffer only listens to the packets sent by other computers and devices, analyzes them and then displays the result on the main window. WhoIsConnectedSniffer also provides some information that the other tools cannot get, like operating system, description text of the computer, IPv6 address. System Requirements And Limitations =================================== * Any version of Windows, starting from Windows 2000, and up to Windows 11. Both 32-bit and 64-bit systems are supported. When using Microsoft Network Monitor driver on 64-bit system, you must use the 64-bit version of WhoIsConnectedSniffer. * You have to install one of the following capture drivers: o Npcap capture driver (based on the discontinued WinPcap library) o Network Monitor driver * WhoIsConnectedSniffer cannot detect a device or computer if it doesn't send any packet that is received by the computer running this tool. * WhoIsConnectedSniffer cannot detect computers from other subnets. Versions History ================ * Version 1.28: o Fixed bug: WhoIsConnectedSniffer displayed random external IP address for the router, instead of the actual IP address. * Version 1.27: o Added 'Beep On New Item' option (Under the Options menu). o Updated the internal MAC addresses file. * Version 1.26: o Updated the internal MAC addresses file. * Version 1.25: o Added 'Load From Capture File' option, which allows you to load the list of computers and devices on your network from a capture file (WinPcap capture file or Microsoft Network Monitor 3.x capture file). * Version 1.21: o Updated the internal MAC addresses file. * Version 1.20: o You can now save the devices list detected on your network from command-line, without displaying any user interface. * Version 1.15: o Updated the internal MAC addresses file. * Version 1.14: o The information of the selected network adapter is now displayed in the window title. * Version 1.13: o WhoIsConnectedSniffer now automatically loads the new version of WinPCap driver from https://nmap.org/npcap/ if it's installed on your system. * Version 1.12: o Updated the internal MAC addresses file. * Version 1.11 o Added 4 columns to the adapters list in the 'Capture Options' window: 'Connection Name', 'MAC Address', 'Instance ID', 'Interface Guid'. o When using WinPCap driver , WhoIsConnectedSniffer now displays more accurate information in the adapters list of the 'Capture Options' window. o WhoIsConnectedSniffer now tries to load the dll of Network Monitor Driver 3.x (NmApi.dll) according to the installation path specified in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Netmon3. This change should solve the problem with loading the Network Monitor Driver 3.x on some systems. * Version 1.10: o Updated the internal MAC addresses file. * Version 1.09: o Fixed bug: WhoIsConnectedSniffer failed to remember the last size/position of the main window if it was not located in the primary monitor. o Added support for detection of Windows 10. * Version 1.08: o Added 'Copy MAC Address' option. * Version 1.07: o Updated the internal MAC addresses file, and reduced its size inside the .exe file. * Version 1.06: o Added 'MAC Address Format' option (XX-XX-XX-XX-XX-XX, XX:XX:XX:XX:XX:XX, or XXXXXXXXXXXX). * Version 1.05: o Added 'Sort On Every Update' option. If it's turned on, WhoIsConnectedSniffer will sort the list every time that a new item is added or an existing item is updated. o Fixed the Ctrl+X accelerator key to work. o WhoIsConnectedSniffer now updates the items count on the bottom status bar when a new item is added. * Version 1.00 - First release. Start Using WhoIsConnectedSniffer ================================= Except of the capture driver, WhoIsConnectedSniffer doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WhoIsConnectedSniffer.exe After running WhoIsConnectedSniffer in the first time, you should choose the correct capture driver and the network adapter you want to use. After you choose the desired capture driver and the network adapter, WhoIsConnectedSniffer starts to listen the packets on your network adapter and updates the main window when a device or computer is detected. You have to wait from a few seconds to a few minutes until the first computers/devices appear on the main window of WhoIsConnectedSniffer. After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file by selecting all items (Ctrl+A), and then using the 'Save Selected Items' option (Ctrl+S). Protocols supported by WhoIsConnectedSniffer ============================================ * ARP: WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices. * UDP: When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address. * DHCP: When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer. * mDNS: This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux) * BROWSER: This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system. Command-Line Options ==================== /cfg Start WhoIsConnectedSniffer with the specified configuration file. For example: WhoIsConnectedSniffer.exe /cfg "c:\config\wcs.cfg" WhoIsConnectedSniffer.exe /cfg "%AppData%\WhoIsConnectedSniffer.cfg" /CaptureTime