YATT (Yet Another Trace Tool)

YATT is a project to replace the current proliferation of trace tools ( tcpTrace, proxyTrace, pcapTrace ), with a single extensible tracing tool. YATT features a new GUI built with WTL, complete with a Hex View mode, and currently ships with 2 Trace providers, one based on WinPCAP and one based on the W2K Raw sockets support. Tunneling & HTTP Proxy providers will be added in a later build.


First off, you must install WinPCAP 3.1. (Earlier versions used older versions of Winpcap, as of build 352, you need to be using winpcap 3.1)

Once you have WinPCAP installed, download the YATT installer (build 352) and run it. (YATT build 351 which uses WinPCAP 3.0 is still available)

Using YATT

Once installed, you can run YATT, by selecting the YATT icon from the start menu. You'll be prompted to select a trace provider, choose the WinPCAP one if you have a machine that it'll work on, as there seems to be a bug in Windows XP raw sockets provider in that you don't see outgoing traffic, only inbound traffic.

Once you've picked a provider, you be prompted to enter a name and/or port filter, you can either leave them blank, in which case there's no filters, or you can enter a name and/or port, this will filter the display based on what you enter. e.g. if you leave name blank, and enter 80 for the port you'll see all traffic thats going to/from port 80. If you leave the port blank, and enter www.pocketsoap.com as the name, you'll see all traffic to/from www.pocketsoap.com regardless of what port its is. If you enter a port and name, then you'll only see traffic to/from that particular combination.

Limitations / Todo list

Version History

Build 0.3.0352, March 24, 2006 Build 0.3.0351, December 17, 2003 Build 0.3.0349, March 3, 2003 Build 0.3.0348, August 31, 2002