SocketSniff v1.11
Copyright (c) 2008 - 2014 Nir Sofer

Related Utilities

  • SmartSniff - Capture TCP/IP packets on your network adapter


SocketSniff allows you to watch the Windows Sockets (WinSock) activity of the selected process.
For each created socket, the following information is displayed: socket handle, socket type, local and remote addresses, local and remote ports, total number of send/receive bytes, and more. You can also watch the content of each send or receive call, in Ascii mode or as Hex Dump.

System Requirements

This utility works on Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7 (32-bit only). Older versions of Windows are not supported. On x64 version of Windows, SocketSniff can only work with 32-bit programs.

Versions History

  • Version 1.11:
    • Fixed SocketSniff to avoid from BSOD when trying to attach to smss.exe (Be aware that SocketSniff will still fail to capture the smss.exe process)
  • Version 1.10:
    • Added /Start command-line option, to start the socket capturing process from command-line.
  • Version 1.08:
    • Fixed issue: On systems with multiple monitors, the dialog-boxes of SocketSniff opened in the wrong monitors, instead of the monitor where the main window is located.
  • Version 1.07:
    • Fixed bug: On some Windows 7 systems, SocketSniff failed to attach a process and crashed it.
  • Version 1.06:
    • Added horizontal scrollbar to the lower pane.
  • Version 1.05:
    • SocketSniff now also works on Windows 7.
  • Version 1.02:
    • SocketSniff now automatically stops when the process that you inspect is terminated.
    • SocketSniff now remembers that last sort in select process dialog-box.
  • Version 1.01 - Add more information for error 65521.
  • Version 1.00 - First release.

Using SocketSniff

SocketSniff doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - SocketSniff.exe
After running it, select the process that you want to inspect, and click Ok. You must select a process that already loaded the winsock library, otherwise, the action will fail. After clicking Ok, SocketSniff will start showing the activity of Windows socket for the selected process.
The upper pane displays the list of all created sockets. When selecting a socket in the upper pane, the lower pane displays the receive and send calls of the selected socket.

Using SocketSniff In Windows Vista

SocketSniff can work in Vista even when UAC (User Account Control) is turned on, as long as the process that you wish to inspect run in the same account and security context of SocketSniff. However, if you want to inspect a process that runs under administrator account, you must also run SocketSniff as administrator. (right-click on SocketSniff.exe and choose 'Run As Administrator')

Start Capture Sockets from Command-Line

Starting from version 1.10, you can start capturing sockets of a process, by using /Start command-line option. You can specify the process filename or process ID, for example:
SocketSniff.exe /Start firefox.exe
SocketSniff.exe /Start 4722

Translating SocketSniff to other languages

In order to translate SocketSniff to other language, follow the instructions below:
  1. Run SocketSniff with /savelangfile parameter:
    SocketSniff.exe /savelangfile
    A file named SocketSniff_lng.ini will be created in the folder of SocketSniff utility.
  2. Open the created language file in Notepad or in any other text editor.
  3. Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
  4. After you finish the translation, Run SocketSniff, and all translated strings will be loaded from the language file.
    If you want to run SocketSniff without the translation, simply rename the language file, or move it to another folder.


This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !


The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.


If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to
Download SocketSniff
SocketSniff is also available in other languages. In order to change the language of SocketSniff, download the appropriate language zip file, extract the 'socketsniff_lng.ini', and put it in the same folder that you Installed SocketSniff utility.

LanguageTranslated ByDateVersion
Brazilian PortuguesePaulo Guzmán03/07/20121.07
DutchJan Verheijen19/03/20151.11
French Eric FICHOT30/12/20141.11
German «Latino» auf WinTotal.de22/12/20141.11
Greek geogeo.gr14/09/20121.08
Hebrew peterg20/04/20111.07
ItalianMatteo Nistri02/10/20081.0
Japanese gwoing29/07/2008 
KoreanJacob Lee01/12/20121.08
Persian DinoTechno19/03/20221.11
RussianAndrey Ka27/06/2010 
Simplified Chineserenda06/06/2009 
SlovakFrantišek Fico15/02/20171.11
SlovenianJure Lebar21/05/2010 
Traditional Chinesechacha10/09/2008 
TurkishHARUN ARI05/08/20111.07
Ukrainian Alexander Shpek08/10/2009 
Valencian vjatv03/07/20081.0.0