TamoSoft: Network Analysis Tools & Security Software
Contents

LAN Analyzer and Protocol Decoder - CommView

Site Survey Tool - TamoGraph Next Page
 
Introduction
About CommView
What's New
Using the Program
Overview
Selecting Network Interface for Monitoring
Latest IP Connections
Packets
Logging
Viewing Logs
Rules
Advanced Rules
Alarms
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Scheduler
Using Remote Agent
Using RPCAP
Capturing Loopback Traffic
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Introduction
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Registrations
Endpoints
Errors
Call Logging
Reports
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Capturing High Volume Traffic
Working with Multiple Instances
Running CommView in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Information
How to Purchase CommView
Contacting Us

CommView Log Files Format

CommView and CommView for WiFi use the data format described below for writing captured packets to .NCF files. This is an open data format that you can use for processing log files generated by CommView in your applications, as well as for exchanging data with your application directly (this method is described in this help file).

 

The packets are recorded consecutively. A 24-byte header, the structure of which is given below, prepends each packet body. All header fields with the length exceeding 1 byte use little-endian byte order.

 

Field name

Length
(bytes)

Description
Data Length

2

The length of the packet body that follows the header
Source Data Length

2

The original length of the packet body that follows the header (without compression). If no compression is being used, the value of this field is equal to the value of the previous field.
Version

1

Packet format version (0 for the current implementation)
Year

2

Packet date (year)
Month

1

Packet date (month)
Day

1

Packet date (day)
Hours

1

Packet time (hours)
Minutes

1

Packet time (minutes)
Seconds

1

Packet time (seconds)
Microseconds

4

Packet time (microseconds)
Flags

1

Bit flags:
 
Medium

0...3

Medium type for the packet (0 - Ethernet, 1 - WiFi, 2 - Token Ring)
Decrypted

4

The packet has been decrypted (applicable to WiFi packets only)
Broken

5

The packet was corrupted, i.e. had the incorrect CRC value (applicable to WiFi packets only)
Compressed

6

The packet is stored in compressed form
Reserved

7

Reserved
Signal Level

1

Signal level in percents (applicable to WiFi packets only)
Rate

1

Data transmission rate in Mbps multiplied by 2 (applicable to WiFi packets only)
Band

1

Transmission band. 0x01 for 802.11a, 0x02 for 802.11b, 0x04 for 802.11g, 0x08 for 802.11a-turbo, 0x10 for 802.11 SuperG, 0x20 for 4.9 GHz Public Safety, 0x40 for 5 GHz 802.11n, 0x80 for 2.4 GHz 802.11n.(applicable to WiFi packets only)
Channel

1

Channel number (applicable to WiFi packets only)
Direction

1

For non-WiFi packets, packet direction. 0x00 for pass-through, 0x01 for inbound, 0x02 for outbound. For WiFi packets, the high order byte for the packet rate, if the one-byte Rate field cannot accommodate the value (i.e. the value is higher than 255).
Signal Level (dBm)

1

Signal level in dBm (applicable to WiFi packets only)
Noise Level (dBm)

1

Noise level in dBm (applicable to WiFi packets only)
Data

...

Packet body (unmodified, as transmitted over the media). If the compression flag is set, the data is compressed using the publicly available Zlib 1.1.4 library. The length of this field is recorded in Data Length.

 

The total header length is 24 bytes.

 

If packets are stored in the compressed form, the Data Length field contains the length of data after compression, whilst the Source Length field contains the original data length. If a packet is uncompressed, both fields contain the same value.