A network sniffer can be used for multiple purposes, such as revealing somebody's password, or reverse-engineering an application. Tools such as Ethereal (now known as Wireshark) can make it easier to implement a protocol by watching how someone else's implementation works. Today I stumbled upon another network sniffer, which has a slightly different functionality, and is more suitable for certain jobs.oSpy is an open source tool, which allows you to monitor the network activity of a specific application. Unlike in the case of Wireshark, there will be no need to look through a huge number of lines, figuring which ones relate to communications performed by the target application. Sure, you can filter by port or host, but what if the program uses more ports? What if communicates with multiple servers? Getting things figured out is quite difficult when you're dealing with an undocumented protocol.

• oSpy also allows you to see which network-related API function was called at a given moment in time;
• which way the communication goes (send or receive);
• which is the return address of each call (thus you can use a disassembler, examine that address and see what happens with the data afterwards);
• you can easily search for a given string in the communication log;
• one really cool feature is the ability to see the traffic that goes through an encrypted channel (see the SSL sniffing demo); a conventional sniffer will show raw data sent through the network, while oSpy can reveal the actual data that are obtained after the decryption of the raw message;