I don't know how fiddler is doing it, but it can be done via a Layered Service Provider on Windows.

From Wikipedia:

"A Layered Service Provider (LSP) is a feature of the Microsoft Windows Winsock 2 Service Provider Interface (SPI). A Layered Service Provider is a DLL that uses Winsock APIs to insert itself into the TCP/IP stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and outbound Internet traffic. It allows processing all the TCP/IP traffic taking place between the Internet and the applications that are accessing the Internet (such as a web browser, the email client, etc). "

May be running the network interface in promiscuous mode. This is how WireShark is able to monitor network traffic and display it.

More Info: http://en.wikipedia.org/wiki/Promiscuous_mode

The other option is to use something like Wireshark. The following is from the About page on http://www.wireshark.org/

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Features

Wireshark has a rich feature set which includes the following:

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

Fiddler actually does use a proxy. I believe the installer automatically configures IE to use Fiddler's proxy. You can also configure other browsers to go through the same proxy, so Fiddler will profile their network traffic too.

More info here

Another way to intercept traffic without a proxy is WCCP on a supported device.

http://www.cisco.com/en/US/docs/ios/11_2/feature/guide/wccp.html

Fiddler is a proxy, written in C# and wrapping basic sockets.

It registers with WinINET using the appropriate API call while running, and detaches in the same way. Most browsers automatically detect the WinINET proxy setting and use it. Firefox does not, which is why current versions of Fiddler install a Firefox addon.

-EricLaw [MSFT]