Monitor Network Traffic With York
York is a network monitoring software for Windows devices that logs network traffic by analyzing and parsing network packets.
York at its core looks like yet another networking monitor that uses the WinPcap packet capture library. If you look closer though, you will notice that it makes some things more comfortable than other programs of its kind. Alternatives include the Open Source application Open Monitor, NetWorx or NirSoft's Network Traffic View.
York
The program installs WinPcap during the setup process so that you can start using the program right away without having to worry about dependencies. When you first start York you will notice that it starts capturing packets right away. Unlike other programs that display everything in a single window, York divides information into multiple tabs. Tabs are beneficial as you get filtered information in each instead of a large listing on a single page.
Data is displayed in realtime and removed from the listing again after a certain period of time. This means that you will always see the latest data right away without having to scroll around.
York divides traffic into five tabs:
- Packets: Displays information about all packets, including the time, source and destination address, port and total packet size.
- Files: Keeps track of files that are downloaded to the computer.
- Passwords: Monitors passwords, usually in the form of cookies, that are written.
- Web Sessions: Lists all open web sessions
- Pictures: Displays image thumbnails of pictures that have been accessed during capturing.
Data is not logged into files by default. You can, however, open the program settings to select log files on your system that you want the data to be saved to. The logging options are quite extensive, with options to log passwords, files, web sessions, and packets independently.
It is furthermore possible to switch the network adapter, enable sound notifications for events, or hidden mode which hides the program icon in the system tray.
Advanced options include saving packets into a pcap trace file (for later analysis in other programs), saving logs to a MySQL database, or enabling a TCPdump filter to capture only specific packets.
The monitoring can be stopped and resumed at any time using the toolbar buttons in the main program window. The same options are also available on a right-click on the system tray icon.
York is compatible with all recent 32-bit and 64-bit editions of the Microsoft Windows operating system. It can be downloaded from the developer website.
Closing Words
York is an interesting program as it looks for specific data in the network traffic right away; it lists passwords, pictures, and files that it detects right away in tabs so that you may see on first glance if passwords, images, or files are transferred over the monitored network.
York captures HTTP, FTP, email, and other types of traffic but only traffic that is not encrypted; this means, that the program won't capture HTTPS traffic.