Select language: English
TamoSoft: Network Monitor, Wi-Fi and Ethernet LAN Analyzer, Protocol Decoder, Packet Sniffer SoftwareTamoSoft: Traffic Monitor, Network Sniffer, Whois Domain & IP Lookup, File Encryption Tools  
 
HomePurchaseDownloadSupportAboutAbout us
首页 > 产品 > Commview

Q.What's a Packet Analyzer Anyway?
A. It only sounds scary.

A packet analyzer is a program (or sometimes, a device) that monitors the data traveling between computers on a network. A packet analyzer is also commonly referred to as a network analyzer, packet decoder, network monitor, protocol decoder, or, more frequently, as a packet sniffer. It must be noted that Sniffer is a registered trademark of Network Associates, Inc.

When you plug the cable into your computer's network adapter or dial up your Internet Service Provider, you join a network, which allows your computer to "talk" to many other computers, be it a web server of your favorite search engine, your friend's PC running an instant messenger such as ICQ, or a mail server that stores your e-mail. Just like people, computers need to "talk" to exchange information. That's what your computer does almost every second that you are online. The last time that happened was only a few seconds ago, when you downloaded this page from our web server.

Again, just like people use different languages and dialects to exchange information, computers converse using "protocols," which are mutually agreed standards that allow computers to "understand" each other. The problem is that computer conversations usually look like random binary data. That's why you need a packet analyzer: It decodes network traffic, makes sense of it, and performs many other interesting functions.

Q. Can CommView be used for capturing dial-up (RAS) adapter traffic?
A. Yes.

Q. What exactly does CommView "see" when installed on a PC connected to a LAN?
A. CommView enables the network card's promiscuous mode and can capture network traffic on the local segment of the LAN. In other words, normally it captures and analyzes packets addressed to all of the computers on the segment, not only to the one where the program is running. There are certain limitations for Wireless Ethernet adapters (you can monitor only inbound/outbound traffic) and switched networks (see the next question about switches in this FAQ).

Q. I am connected to the LAN through a switch, and when I launch CommView, it captures only the packets sent to and from my machine. I can't see the traffic of other machines. Why is this so?
A. Unlike hubs, switches prevent promiscuous sniffing. In a switched network environment, CommView (or any other packet analyzer) is limited to capturing broadcast and multicast packets and the traffic sent or received by the PC on which CommView is running. However, most modern switches support "port mirroring", which is a feature that allows you to configure the switch to redirect the traffic that occurs on some or all ports to a designated monitoring port on the switch. By using this feature, you will able to monitor the entire LAN segment. We wrote a white paper, Promiscuous Monitoring in Ethernet and Wi-Fi Networks, that covers these topics in detail.

Q. Ok, I am connected to the LAN through a hub, but I can't see other machines' traffic again, as if it's a switch. Why is this so?
A. There are two possible reasons: Either you have a hub that is only labeled as a hub, but inside is a switch (some vendors like Linksys do that), or you have a multi-speed hub, in which case you can't see the traffic from the stations operating at the speed that is different from your NIC's speed (e.g. if you have a 10 Mbit NIC, you can't see the traffic generated by 100 Mbit NICs).

Q. I have a home LAN connected to the Internet via a broadband router, and I can see only my own traffic. Is it possible to capture the traffic of other machines on my home LAN?
A. In brief, yes. There are a few methods that can help you solve this problem. For more information and sample network layouts, please refer to our white paper, Promiscuous Monitoring in Ethernet and Wi-Fi Networks.

Q. Can CommView capture data from a network adapter that doesn't have an IP address?
A. Yes. In fact, the network adapter does not need to be bound to TCP/IP or any other protocol. In a situation where you are troubleshooting a network it might be necessary to be able to plug in the computer running CommView into an available port on a hub. In such cases you do not need to guess the IP address available in the LAN segment, all you need to do is unbind the network adapter from TCP/IP and start capturing. Open Control Panel => Network Connections, right-click on the connection icon, select Properties, and uncheck the boxes corresponding to the protocols you don't want to be bound to the NIC.

Q. I'm on a LAN with high traffic volume, and it's hard to examine individual packets when the application is receiving hundreds of thousands of packets per second, as the old packets are quickly removed from the circular buffer. Is there anything I can do about it?
A. Yes, you can use the Open current buffer in new window button on the small toolbar on the Packets tab. This will allow you to make snapshots of the current buffer as many times as you wish, at any intervals. You will then be able to explore the packets in these new windows at your leisure.

Q. I launched the program and clicked "Start Capture", but no packets are displayed. Why?
A. There are two possible reasons: You either selected an unused network adapter, or you made a mistake when configuring the capturing rules. Turn off the rules and see what happens. In any case, even when the capturing rules are on, the program's status bar should display the total number of packets, so have a look at it before panicking.

Q. I noticed that IP/TCP/UDP checksums in the outgoing packets are incorrect. Why is it so?
A. New Gigabit network adapters have a feature called TCP/UDP/IP "checksum offload", which allows the network adapter to calculate packet checksums, thus increasing the system performance and decreasing CPU utilization. Since CommView intercepts packets before they reach the network adapter, the checksum appears to be incorrect. This is normal and the only thing that it might affect is the reconstruction of TCP sessions and only if you changed the default "Ignore incorrect checksums" option (see Setting Options for more information).

Q. Does CommView run on multi-processor computers?
A. Yes, it does.

Q. It seems to be impossible to save more than 5,000 packets from the packet buffer. Is there a workaround?
A Actually, there is no such limitation. The application uses a circular buffer for storing captured packets. By default, the buffer can contain up to 5,000 latest packets, but this value can be adjusted in the Settings window. The maximum buffer size is 20,000 packets (the buffer cannot be unlimited for an obvious reason: your computer抯 RAM is not unlimited). You can save the contents of the buffer to a file using the Logging tab. However, by no means does this limit on the buffer size restrict your ability to save any number of packets. You simply need to enable automatic logging on the Logging tab. Such automatic logging will make the application dump all the captured packets to file(s) continuously, and you can set any limit on the total size of the captured data.

Q. My network connection is via a cable/xDSL modem. Will CommView be able to monitor traffic on it?
A. If your modem has a dual USB/Ethernet interface and you can connect it to an Ethernet card, CommView will certainly capture traffic on it. If it has only a USB interface, the best thing to do is to try.

Q. My firewall software warns me that CommView is "attempting to access the Internet." I am aware that some sites are able to track users by collecting the information sent by their programs via Internet. Why does CommView "attempt to access the Internet"?
A. Three activities may alert your firewall. First, it may be an attempt to resolve IP addresses to hostnames. Since CommView has to contact your DNS servers to make a DNS query, it inevitably triggers the alarm. You can disable this feature (Settings => Options => Disable DNS resolving), but in this case, the Latest IP Connections tab will not be able to show you the hostnames. Second, you may have configured the program to check if updates or new versions are available. To do this, CommView has to connect to www.tamos.com. You can disable this feature (Settings => Options => Misc. => Enable automatic application updates). Third, when you purchase the product, you need to activate it. If you select online activation, CommView has to connect to www.tamos.com. You can avoid this by selecting manual activation. These are the only types of connections CommView can potentially make. There are no other hidden activities. We don't sell spyware.

Q. Under Windows 2000/XP/2003 I'm often logged on as a user without administrative privileges. Do I have to log off and then re-logon as the administrator to be able to run CommView?
A. No, you can open CommView folder, right-click on the CV.exe file while holding down the Shift key, and select "Run As" from the pop-up menu. Enter the administrative login and password in the window that pops up and click OK to run the program.

Q. I have Windows 2000, and when I uninstall the program, I receive this message: "CommView will now uninstall the drivers. Click "OK" to continue. This can take between 10 and 60 seconds." But then nothing happens!
A. This can happen if there are active network connections while you uninstall the program. Temporarily you should disable all active connections as shown below:



As soon as the connection(s) are disabled, CommView will resume the uninstallation process. Once the uninstallation is complete, you can enable the connections.

Q. I have Windows 2000 Server, and CommView doesn't allow me to select any adapter other than "Loopback".
A.This happens if you install CommView over a Terminal Services connection. The solution is simple: Reboot the server, and all the network adapters will become available in the CommView's adapter selection box.

Q. I have Windows 2000/2003 Terminal Server, and I have a problem running CommView via a Terminal Services client.
A. The only limitation is that any adapter can be opened by only one user at any given time. In other words, two users (local or remote) cannot capture traffic from the same adapter by running two instances of CommView on the same server.

Q. Can CommView monitor a network adapter when running under Microsoft Virtual PC?
A. Yes. The only limitation is that promiscuous mode is not available for virtual adapters, so you'll be limited to capturing your own and broadcast packets only.

Q. When I monitor my dial-up connection, I don't see any PPP packets during the session set up (CHAP, LCP, etc). Is this normal?
A.Sorry, PPP handshaking packets cannot be captured. Note that all other PPP packets that follow the initial handshaking process are captured.

Q. Can I change PC cards on my notebook while CommView is running?
A.No, it's safer to close CommView, then change or plug/unplug your card, and restart the program. The adapter list will be automatically updated.

Q. Are there any known conflicts with other software?
A. Currently we know about conflicts with the following programs:

  • SoftIce by Numega: Possible system crashes.
  • PGPNet 7.0 by NAI: A device driver conflict resulting in the Blue Screen of Death under Windows 2000 if PGPNet is bound to the dial-up adapter.
  • Sygate Personal Firewall: A device driver conflict resulting in the Blue Screen of Death under Windows 2000/XP if you're trying to monitor the dial-up adapter and using CommView 3.3 or older. If you're monitoring an Ethernet card, you're not affected. This problem has been fixed in CommView 3.4.
  • McAfee Personal Firewall: Possible system crashes. Also, McAfee Personal Firewall may no longer be able to map traffic to applications.
If you think that you have discovered a conflict with an application not listed above, we would be grateful if you would let us know.

Q. I use WireShark and I noticed that it could no longer capture packets after CommView had been installed.
A.There is a known conflict between WinPcap, the driver used in WireShark and many similar products, and the driver used in CommView. There is a simple workaround: Start capturing packets with WireShark before you start capturing packets with CommView. In this case, both products will be able to capture data simultaneously. If you start capturing with CommView first, WinPcap will fail to capture any packets for a reason unknown to us.

Q. Do I have to be a pro to use this program?
A. No. We hope that even inexperienced users will find it useful. You don't have to use all of its features. For example, even novices might be interested in having a full picture of Internet and Local Area Network connections to and from their PCs, or finding out that a program installed yesterday is in fact a Trojan that sends your dial-up passwords to a certain e-mail address.

Q. Where can I find a good FAQ on packet capturing and protocol analysis?
A. Check out these sites:

Sniffing (network wiretap, sniffer) FAQ
Protocols.com
CommView Tutorial

© 1998 - 2018 TamoSoft