Ethereal. I list a link to it at the bottom of my sockets programming page.
It's a free packet sniffer, basically a GUI frontend for tcpdump. And it's available for both Linux and Win32 -- We've used it with great success under Windows 98. The GUI has three tiled windows. In the first window, it lists the packets it captured. Then you select a packet and in the second window it breaks the packet down into its different parts, displaying all the fields therein and translating their values into what they mean. Then in the third window it displays the entire packet in hexadecimal. When you click on a field in the second window, it highlights the field's bytes in the hex dump. And when you click on a byte in the hex dump, it highlights the field that contains it. And during the packet capture, you can apply filters (identical to the ones in tcpdump) to specify only certain protocols or certain hosts or certain ports.
Did I mention that it is free?
And if a GUI is not your style, you could get WinDump instead; it's a Win32 port of tcpdump, a command-line packet sniffer. Or if your system is Linux, tcpdump should either be installed or on your distribution CDs.
The link for Ethereal is http://www.ethereal.com/
. Also check out their links page at http://www.ethereal.com/links.html
Warning: The actual packet capturing and filtering is done by libpcap on Linux and WinPCap on Windows. Read the installation instructions carefully to be sure that you have everything you need. Even if you only get WinDump, you will still need WinPCap.
Ever notice those "Powered by vi" labels on some pages? Read the label at the bottom of the Ethereal page:
"This site powered by cat and ^D
Editors are for wimps."
Kind of like the other night when I amazed a fellow student by creating a DOS text file with "copy con test.txt" and closing it with ^Z. We used to call that the "poor man's text editor".