 |
 |
 |
 |
 |
 |
 |
| LAN Analyzer and Protocol Decoder - CommView |
|
| |
|
||||||||||
|
|
 |
CommView provides a simple TCP/IP interface that allows you to process packets captured by CommView using your own application in real time. Starting with version 5.0 you may also use this interface for sending packets (similar to the Packet Generator function in CommView). Please note that the data format has changed compared to the previous versions of CommView. The TS switch has also been eliminated as all the information about a packet including the timestamp is now sent in the header. How It Works CommView should be launched with a special command-line argument, "MIRROR", that tells the program to mirror captured packets to an IP address and TCP port of your choice. Examples: CV.EXE mirror:127.0.0.1:5555 // mirrors packets to the loopback address, TCP port 5555 CV.EXE mirror:192.169.0.2:10200 // mirrors packets to 192.169.0.2, TCP port 10200 When CommView is launched with a switch like this, it tries to establish a TCP session by connecting to the specified IP address and port number. It means that you should already have your application running and listening on the specified port. If CommView fails to establish a connection, it will keep on trying to connect every 15 seconds. The same happens if the connection is broken: CommView will try to re-establish it every 15 seconds. If the connection is successfully established, CommView sends the packets it captures to the specified IP address as they arrive, in real time. Data Format The data is transmitted in NCF format. Please refer to the CommView Log Files Format chapter for the format description. Sending Packets Packets may not only be received by your application, but also sent as if you were using Packet Generator. Data can be sent to CommView using the same TCP connection over which you are receiving the data. The data format is simple: You should send the packet length (a two-byte unsigned integer in the standard little-endian byte order) followed by the packet itself. If the adapter is not opened or it does not support packet injection, the packet is silently discarded. Sample Projects Two simple demo applications that listen for inbound connections, extract packets from the stream, and display raw data are available.
Bandwidth When mirroring data to a remote computer, make sure that the link between CommView and the computer to which the data is being mirrored is fast enough to transfer all the data being captured. If CommView captures 500 Kbytes/sec, and your link can handle only 50 Kbytes/sec, you'd inevitably have "traffic jams", which might result in various problems (e.g., Winsock may just stop sending data under some Windows versions). If you are looking for a more flexible solution that would feature smart buffering and remote control, consider using CommView Remote Agent. |
