TamoSoft: Network Analysis Tools & Security Software
Contents

Remote Network Analysis - CommView RA for WiFi

 
Monitoring Traffic


This chapter describes how to use CommView to connect to CommView Remote Agent and capture traffic remotely. To monitor network traffic on remote computers, you need to have CommView Remote Agent running on the remote host and CommView running on your computer. It is assumed that Remote Agent is already installed and running (see the previous chapter for instructions) and that you are already familiar with CommView and know how to use it. If you have no experience with CommView, please download it and familiarize yourself with CommView prior to using CommView Remote Agent.

Using CommView to Connect to CommView Remote Agent

To switch to remote monitoring mode, click File => Remote Monitoring Mode. An additional toolbar will appear in the CommView main window next to the main toolbar. If you are behind a firewall or proxy server, or using a non-standard Remote Agent port, you may need to click on the Advanced Network Settings button to change the port number and/or enter SOCKS5 proxy server settings.

remote1

Click on the New Remote Agent Connection button to establish a new connection, or click on the Load Remote Agent Profile toolbar button to load a previously saved Remote Agent connection profile. A previously saved profile may also be loaded from the New Remote Agent Connection window.

A Remote Agent Connection window will appear where you can enter the IP address of the computer running CommView Remote Agent into the IP address input area, enter the connection password and click on the Connect button, and if the password is correct, a connection will be established. You will then see the Link Ready message in the status bar, and the adapter selection box will list the remote computer's adapters.

remote2

Now is the best time to configure the capturing rules using the Rules tab. It's very important to configure the rules correctly so that the volume of traffic between the Remote Agent and CommView doesn't exceed the bandwidth limit on either side of the connection, or you will experience noticeable lag. Be sure to filter out unnecessary packets (see more on this topic below). You can also apply a custom set of capturing rules to this connection and override the current rules defined in CommView by checking the Override current rule set box, clicking on the Edit Formula button and entering the rules formula in the field below. The formula syntax is the same as the one used in Advanced Rules. Once you're ready to start monitoring, select the network adapter from the list and click the Start Capture toolbar button. CommView allows you to save the Remote Agent Connection settings as a connection profile for quick and easy access in the future. Click on the Save Remote Agent profile toolbar button in the New Remote Agent Connection window and enter a name for the file.

remote3

CommView will start to capture the remote computer's traffic as if it's your local network traffic; there is virtually no difference between using CommView locally and remotely. When you are done with remote monitoring, just click on the Stop Capture toolbar button. You can then change the adapter or disconnect from Remote Agent by clicking the Disconnect toolbar button. To return to the standard mode, click File => Remote Monitoring Mode, and the additional toolbar will disappear.

Please note that CommView can work with multiple Remote Agents simultaneously. You can open several remote connections, each having its own settings and an independent set of rules and collect the traffic from remote network segments in one CommView instance.


How to Use CommView Remote Agent Efficiently

We encourage you to pay special attention to setting the capturing rules (the Rules tab in the CommView main window, or in the Remote Agent window using Advanced Rules syntax) to best suit your monitoring needs. The bandwidth that you use to connect to the remote computer has limits; in many cases, if CommView Remote Agent is installed on a computer with high network payload, it can take up all available bandwidth trying to transmit all packets to the computer running CommView. If you do not set the capturing rules carefully to filter out the traffic that you do not need to see, it is likely that the channel that connects CommView and CommView Remote Agent computer might be overloaded. For example, even if you are connecting to the CommView Remote Agent via T1 or T3 channel (1.5 or 4.5 Mb/s correspondingly), the remote computer may be connected to the local area network at 100 Mb/s; therefore, under a heavy load your bandwidth will be far from adequate to transmit all the remote LAN traffic being captured.

If CommView Remote Agent captures more data than it can send to CommView, it used an internal buffer to store the packets that cannot be sent immediately. The buffer size is 5Mbytes. The Buffer utilization indicator in the Remote Agent window shows the current status of the buffer. For example, if the program has buffered 2.5 Mbytes of data, the buffer utilization is 50%. If/when the buffer utilization reaches 100%, the program stops buffering data and discards captured packets until some buffer spaced is freed. To avoid data loss, you should set the capturing rules so that the buffer is never full.

Security

CommView Remote Agent was made with security in mind. It can be accessed only by using a password that is never transmitted in plain text and that is ensured by using a challenge-response protocol with a secure hash function. If the authentication is successful, all transmitted traffic is compressed and then encrypted with the same password. Please take precautions to keep your password secret. Once it is revealed to an unauthorized person, that person will have broad capabilities to study your network and intercept network traffic on the remote computer.