LAN Analyzer and Protocol Decoder - CommView

TamoSoft: Network Analysis Tools & Security Software

Return to the main product page

Introduction

About CommView

What's New

Using the Program

Overview

Selecting Network Interface for Monitoring

Latest IP Connections

Reconstructing TCP Sessions

Statistics and Reports

Using Aliases

Packet Generator

Visual Packet Builder

NIC Vendor Identifier

Scheduler

Using Remote Agent

Capturing Loopback Traffic

Setting Options

Frequently Asked Questions

VoIP Analysis

Introduction

Working with VoIP Analyzer

SIP and H.323 Sessions

Working with Lists in VoIP Analyzer

NVF Files

Advanced Topics

Capturing High Volume Traffic

Working with Multiple Instances

Running CommView in Invisible Mode

Command Line Parameters

Exchanging Data with Your Application

Custom Decoding

CommView Log Files Format

Information

How to Purchase CommView

Contacting Us

Other Products

Custom Decoding

CommView allows you to use two types of your own custom decoders.

Simple Decoder

If you implement this type of decoder, the output of your decoder will be displayed in the additional column in the Packets tab. Your decoder must be a 32-bit DLL file named "Custom.dll" that exports the only procedure named "Decode". The prototype of this procedure is shown below in C and Pascal:

extern "C" {
void __stdcall Decode(unsigned char *PacketData, int PacketLen, char *Buffer, int BufferLen);
}

procedure Decode (PacketData: PChar; PacketLen: integer; Buffer: PChar; BufferLen: integer); stdcall;

The DLL must be located in the CommView application folder. When you launch CommView, it looks for "Custom.dll" in the application folder and loads it into memory. If the "Decode" entry point is found, CommView adds a new column named "Custom" to the packet list.

When a new packet is captured and is about to be displayed, CommView calls the "Decode" procedure and passes the packet contents to the DLL. The "Decode" procedure must process the packet data and copy the result to the supplied buffer. The first argument is the pointer to the packet data, the second argument is the data length, the third argument is the pointer to the buffer where the results of your decoding must be copied to, and the forth argument is the buffer size (currently always 1024 bytes). The buffer is allocated and freed by CommView, so don't attempt to reallocate or free it. The result that you copied to the buffer will be displayed as a string in the "Custom" column.
Your procedure must be fast enough to handle thousands of packets per second; otherwise it may slow down the application. Don't forget to use the STDCALL calling convention.
Two demo DLLs are available. They demonstrate a very simple operation: The output of the "Decode" function is the hex code of the packet's last byte. Your own decoder can be as complex as you wish.

http://www.tamos.com/products/commview/cust_decoder_c.zip. This is a Visual Studio project with C++ source code.

http://www.tamos.com/products/commview/cust_decoder_d.zip. This is a Delphi project with Pascal source code.

Complex Decoder

If you implement this type of decoder, the output of your decoder will be displayed as additional items in the packet decoder tree. For information on the implementation of this decoder, please download the following file:

http://www.tamos.com/products/commview/complex_decoder_c6.zip

This type of decoder can be written in Microsoft Visual C++ only, as it is built using C++ classes.

Technical Support

Technical support for custom decoders is provided on the "best effort" basis. We may not be able to answer your programming-related questions.