TamoSoft: Network Analysis Tools & Security Software
Contents

WLAN Analyzer and Protocol Decoder - CommView for WiFi
WLAN Analyzer and Protocol Decoder - CommView for WiFi Next Page
 
Introduction
About CommView for WiFi
What's New
Using the Program
Driver Installation
Overview
Scanner
Nodes
Channels
Latest IP Connections
Packets
Logging
Viewing Logs
Rules
Advanced Rules
Alarms
WEP/WPA Keys
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Scheduler
Node Reassociation
Using Remote Agent for WiFi
Using RPCAP
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Introduction
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Registrations
Endpoints
Errors
Call Logging
Reports
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Understanding CRC and ICV Errors
Understanding WPA Decryption
Understanding Signal Strength
Monitoring 802.11n Networks
Capturing A-MPDU and A-MSDU Packets
Multi-channel Capturing
Capturing High Volume Traffic
Running CommView for WiFi in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Information
How to Purchase CommView for WiFi
Contacting Us

Frequently Asked Questions

In this chapter, you can find answers to some of the most frequently asked questions. The latest FAQ is always available at http://www.tamos.com/products/commwifi/faq.php

 

Q. I'm on a wireless network, and I want to monitor my own inbound and outbound packets. Which product do I need: the standard, non-wireless CommView edition, or CommView for WiFi?

A. You need the standard, non-wireless CommView edition. It will allow you to monitor your own traffic, but you will not be able to see the traffic of other WLAN stations. Unlike the standard CommView edition, CommView for WiFi allows you to monitor other wireless stations, capture management frames, view signal strength, etc.

 

Q. Do I need special hardware to use CommView for WiFi?

A. Yes, you need a compatible wireless adapter. The list of compatible adapters can be found at http://www.tamos.com/products/commwifi/. In order to enable the monitoring features of your wireless adapter, you will need to use the special drivers that come with this product. When CommView for WiFi is not running, your adapter will be able to communicate with other wireless hosts or access points, just like when you are using the original driver supplied by the adapter manufacturer. When CommView for WiFi is running, your adapter will be put in passive, promiscuous monitoring mode.

 

Q. My card is not on your list of supported hardware. What are my options?

A. Our hardware compatibility list includes only those cards that we've tested ourselves in our test lab. There are other cards that may be compatible with CommView for WiFi. The best way to find out if your card is compatible is downloading our Adapter Test Utility and running it on your computer. If a compatible adapter is installed, the utility will display its name. Please note that:

 

·Some adapters are compatible only if you use Windows Vista, Windows 7, or Windows 8. An adapter may not be compatible if you test it under Windows XP, but the same adapter may be compatible if you test it under Windows Vista, Windows 7, or Windows 8.

·Before running our test utility, make sure that you use the latest driver supplied by your computer or adapter vendor. Visit their Web site to download and install the latest driver version. This is important, because the results of the test depend on the driver that you use. The newer the driver, the better the chances that it will work with CommView for WiFi.

Finally, you may want to buy a compatible card, as they are not terribly expensive these days, or order a boxed CommView for WiFi version that includes a compatible adapter.

 

Q. What adapter would you recommend for use with your application?

A. We suggest that you refer to the list of compatible hardware, which can be found at http://www.tamos.com/products/commwifi/adapterlist.php . By using this list, you choose the best adapter based on the form factor (PC Card, ExpressCard, USB, PCI, etc.), sensitivity, supported Windows version, and supported 802.11 bands. Generally, the best choice would be an 802.11 a/b/g/n USB adapter, such as Proxim ORiNOCO 8494, or an 802.11 b/g/n PC Card or ExpressCard adapter, such as D-Link DWA-645 or DWA-643. Again, you can order a boxed CommView for WiFi version that already includes a compatible adapter (you can choose between several adapter models.)

 

Q. Which supported adapters have external antenna connectors?

A. All Ubiquiti Networks adapters (SR71C, SR71X, SR71-USB, and SRC) and CACE Technologies AirPcap (Ex and NX).

 

Q. Can I capture data from multiple channels simultaneously?

A. Yes, if you use multiple supported USB adapters. Please refer to the Multi-channel Capturing chapter for more information.

 

Q. I've installed the special driver for my adapter and now the adapter cannot connect to my wireless network after I close CommView for WiFi. What could be the problem?

A. When you replace the driver for your adapter, the configuration settings (including preferred networks and passwords) may be lost, so you may have to re-configure the adapter. If your adapter has been configured and still can't connect, please disable and re-enable it in Device Manager, this will restore the connectivity.

 

Q. Does the program support 802.11a Turbo mode?

A. Yes, if your adapter supports it. Some of the adapters that support 802.11a Turbo mode are Linksys WPC55AG and NETGEAR WAG511.

 

Q. Some of the channels in the scanner options window are grayed out. Is this normal? What if want to monitor these channels?

A. Depending on your country, your wireless adapter may not support all the channels shown in that window. The channels that are available for use in a particular country differ according to the regulations of that country. In the United States, for example, FCC regulations only allow channels 1 to 11 to be used in the 802.11b/g/n band. The firmware of the wireless adapters being sold in the US is typically configured to disallow channels 12 and 13. This is not always convenient, as you may need to travel to other parts of the world and be able to monitor locally available channels with CommView for WiFi. You may want to purchase an adapter locally, but you can also use a utility that allows you to change the regulatory domain and country code for some adapters. Before downloading and using this utility, please note:

 

·Overwriting regulatory domain may permanently damage the device. Proceed at your own risk.

·Changing regulatory domain may not be legal in your country. Consult your company's legal department.

·No technical support is available for this utility.

·You must install the driver that comes with CommView for WiFi prior to using this utility.

·This utility works ONLY with adapters based on the Atheros chipsets.

·This utility does not support USB adapters. When you use USB adapters, CommView for WiFi enables all the channels supported by the hardware, so you don't need to change the regulatory domain.

 

To download the utility, click here. For non-Atheros adapters, enabling channels 12 and 13 may be possible through some configuration changes. Contact us if you need assistance.

 

Q. When monitoring a WLAN, can I be sure that the program will capture every packet being sent or received?

A. No, and here is why. When a wireless station is connected and authenticated, the station and access point(s) employ a mechanism that allows them to resend the packets that were not received by the other party or damaged en route for some reason (e.g. radio interference). In case of CommView for WiFi, the wireless adapter is put into passive, monitoring mode. Therefore, the adapter cannot send "requests" to have packets resent, nor can it acknowledge successful receipt of packets. This results in loss of some packets. The percentage of lost packets may vary. Generally, the closer to other stations and access points you are, the fewer packets will be dropped.

 

Q. Can the program decrypt WPA- and WPA2-encrypted packets?

A. Yes, in WPA-PSK mode. Both TKIP (WPA) and AES/CCMP (WPA2) are supported.

 

Q. I'm on a WLAN with high traffic volume, and it's hard to examine individual packets when the application is receiving hundreds of thousands of packets per second, as the old packets are quickly removed from the circular buffer. Is there anything I can do about it?

A. Yes, you can use the Open current buffer in new window button on the small toolbar on the Packets tab. This will allow you to make snapshots of the current buffer as many times as you wish, at any intervals. You will then be able to explore the packets in these new windows at your leisure.

 

Q. I launched the program, selected the channel, started capturing, but no packets are displayed. Please help!

A. First, switch to the Packets tab. The Latest IP Connections tab might be empty if you did not enter correct WEP keys, and your WLAN uses WEP encryption. If the Packets tab is empty too, look at the program's status bar. If the packet counter is being incremented, then you have active rules that prevent the program from displaying packets. Click Rules => Reset All, and then press three toolbar buttons: Capture Data Packets, Capture Management Packets, and Capture Control Packets. If the packet counter on the status bar is not being incremented, then there are probably no active wireless stations or access points available/detected. If you are absolutely certain that there are wireless stations or access points, report this problem to us.

 

Q. Can CommView for WiFi read NCF log files generated by the standard, non-wireless CommView edition? How about vice versa?

A. Yes, CommView for WiFi can read NCF log files generated by the standard, non-wireless CommView edition. The standard, non-wireless CommView edition can read NCF log files generated by CommView for WiFi, but (a) you need CommView 4.0 Build 321 or higher, and (b) you will not be able to see wireless-specific columns, such as signal strength or WEP key number.

 

Q. Does CommView for WiFi run on multi-processor computers?

A. Yes, it does.

 

Q. It seems to be impossible to save more than 5,000 packets from the packet buffer. Is there a workaround?

A. Actually, there is no such limitation. The application uses a circular buffer for storing captured packets. By default, the buffer can contain up to 5,000 latest packets, but this value can be adjusted in the Settings window. The maximum buffer size is 20,000 packets (the buffer cannot be unlimited for an obvious reason: your computer’s RAM is not unlimited). You can save the contents of the buffer to a file using the Logging tab. However, by no means does this limit on the buffer size restrict your ability to save any number of packets. You simply need to enable automatic logging on the Logging tab. Such automatic logging will make the application dump all the captured packets to file(s) continuously, and you can set any limit on the total size of the captured data.

 

Q. My firewall software warns me that CommView for WiFi is "attempting to access the Internet." I am aware that some sites are able to track users by collecting the information sent by their programs via Internet. Why does CommView "attempt to access the Internet"?

A. Three activities may alert your firewall. First, it may be an attempt to resolve IP addresses to hostnames. Since CommView has to contact your DNS servers to make a DNS query, it inevitably triggers the alarm. You can disable this feature (Settings => Options => Disable DNS resolving), but in this case, the Latest IP Connections tab will not be able to show you the hostnames. Second, you may have configured the program to check if updates or new versions are available. To do this, CommView has to connect to www.tamos.com. You can disable this feature (Settings => Options => Misc. => Enable automatic application updates). Third, when you purchase the product, you need to activate it. If you select online activation, CommView has to connect to www.tamos.com. You can avoid this by selecting manual activation. These are the only types of connections CommView can potentially make. There are no other hidden activities. We don't sell spyware.

 

Q. I'm often logged on as a user without administrative privileges. Do I have to log off and then re-logon as the administrator to be able to run CommView for WiFi?

A. No, you can open CommView folder, right-click on the CV.exe file while holding down the Shift key, and select "Run As" from the pop-up menu. Enter the administrative login and password in the window that pops up and click OK to run the program. Under Windows Vista and higher, CommView is automatically launched with elevated rights.

 

Q. When reconstructing TCP sessions that contain HTML pages in Japanese or Chinese, I can't see the original text.

A. To see text in East Asian languages, you should install East Asian fonts. Open Control Panel => Regional and Language Options, select the "Languages" tab, and check the "Install files for East Asian languages" box.

 

Q. I'm confused about the license types available for CommView for WiFi. Could you explain the difference between the license types?

A. Two license types are currently available for CommView for WiFi: Standard license and VoIP license. The more expensive VoIP license enables all the application features, including VoIP analyzer, whereas the standard license doesn't enable VoIP analyzer.

 

Additionally, the Standard License is also available as a One Year Subscription, which is a time-limited license valid for one year from the date of purchase only.

 

CommView for WiFi can also be purchased as a boxed product. Boxed versions include a compatible wireless adapter and CD-ROM. The price includes UPS ground shipping.

 

Please refer to the End User License Agreement that comes with the product for other licensing terms and conditions.

 

Q. Can I save the audio from the VoIP analyzer to a standard .wav or .mp3 file?

A. Not directly, but there are many utilities on the market that offer a "virtual audio cable" that allows saving anything that is played back through your sound card to a file. Try, for example, Xilisoft Sound Recorder (use the "What you hear" mode).