In this chapter you can find answers to some of the most frequently
asked questions. The latest FAQ is always available at http://www.tamos.com/products/commview/faq.php.
Q. Can CommView be used for capturing dial-up (RAS) adapter
Q. What exactly does CommView "see" when installed on a PC
connected to a LAN?
A. CommView enables the network card's promiscuous mode and can
capture network traffic on the local segment of the LAN. In other
words, normally it captures and analyzes packets addressed to all
of the computers on the segment, not only to the one where the
program is running. There are certain limitations for Wireless
Ethernet adapters (you can monitor only inbound/outbound traffic)
and switched networks (see the next question about switches in this
Q. I am connected to the LAN through a switch, and when I launch
CommView, it captures only the packets sent to and from my machine.
I can't see the traffic of other machines. Why is this so?
A. Unlike hubs, switches prevent promiscuous sniffing. In a
switched network environment, CommView (or any other packet
analyzer) is limited to capturing broadcast and multicast packets
and the traffic sent or received by the PC on which CommView is
running. However, most modern switches support "port mirroring",
which is a feature that allows you to configure the switch to
redirect the traffic that occurs on some or all ports to a
designated monitoring port on the switch. By using this feature,
you will able to monitor the entire LAN segment.
We wrote a white paper,
Promiscuous Monitoring in Ethernet and Wi-Fi
that covers these topics in detail.
Q. Ok, I am connected to the LAN through a hub, but I can't see
other machines' traffic again, as if it's a switch. Why is this
A. There are two possible reasons: Either you have a hub that is
only labeled as a hub, but inside is a switch (some vendors like
Linksys do that), or you have a multi-speed hub, in which case you
can't see the traffic from the stations operating at the speed that
is different from your NIC's speed (e.g. if you have a 10 Mbit NIC,
you can't see the traffic generated by 100 Mbit NICs).
Q. I have a home LAN connected to the Internet via a broadband
router, and I can see only my own traffic. Is it possible to
capture the traffic of other machines on my home LAN?
A. In brief, yes. There are a few methods that can help you solve
this problem. For more information and sample network layouts,
please refer to our white paper,
Promiscuous Monitoring in Ethernet and Wi-Fi
Q. Can CommView capture data from a network adapter that doesn't
have an IP address?
A. Yes. In fact, the network adapter does not need to be bound to
TCP/IP or any other protocol. In a situation where you are
troubleshooting a network it might be necessary to be able to plug
in the computer running CommView into an available port on a hub.
In such cases you do not need to guess the IP address available in
the LAN segment, all you need to do is unbind the network adapter
from TCP/IP and start capturing. Open Control Panel => Network
Connections, right-click on the connection icon, select Properties,
and uncheck the boxes corresponding to the protocols you don't want
to be bound to the NIC.
Q. I'm on a LAN with high traffic volume, and it's hard to examine
individual packets when the application is receiving hundreds of
thousands of packets per second, as the old packets are quickly
removed from the circular buffer. Is there anything I can do about
A. Yes, you can use the
Open current buffer in new window
button on the small toolbar on the
tab. This will allow you to make snapshots of the current buffer as
many times as you wish, at any intervals. You will then be able to
explore the packets in these new windows at your
Q. I launched the program and clicked "Start Capture", but no
packets are displayed. Why?
A. There are two possible reasons: You either selected an unused
network adapter, or you made a mistake when configuring the
capturing rules. Turn off the rules and see what happens. In any
case, even when the capturing rules are on, the program's status
bar should display the total number of packets, so have a look at
it before panicking.
Q. I noticed that IP/TCP/UDP checksums in the outgoing packets are
incorrect. Why is it so?
A. New Gigabit network adapters have a feature called TCP/UDP/IP
"checksum offload", which allows the network adapter to calculate
packet checksums, thus increasing the system performance and
decreasing CPU utilization. Since CommView intercepts packets
before they reach the network adapter, the checksum appears to be
incorrect. This is normal and the only thing that it might affect
is the reconstruction of TCP sessions and only if you changed the
default "Ignore incorrect checksums" option (see Setting
Options for more information).
Q. Does CommView run on multi-processor computers?
A. Yes, it does.
Q. It seems to be impossible to save more than 5,000 packets from
the packet buffer. Is there a workaround?
A. Actually, there is no such limitation. The application uses a
circular buffer for storing captured packets. By default, the
buffer can contain up to 5,000 latest packets, but this value can
be adjusted in the
window. The maximum buffer size is 20,000 packets (the buffer
cannot be unlimited for an obvious reason: your computer's RAM is
not unlimited). You can save the contents of the buffer to a file
tab. However, by no means does this limit on the buffer size
restrict your ability to save any number of packets. You simply
need to enable automatic logging on the
tab. Such automatic logging will make the application dump all the
captured packets to file(s) continuously, and you can set any limit
on the total size of the captured data.
Q. My network connection is via a cable/xDSL modem. Will CommView
be able to monitor traffic on it?
A. If your modem has a dual USB/Ethernet interface and you can
connect it to an Ethernet card, CommView will certainly capture
traffic on it. If it has only a USB interface, the best thing to do
is to try.
Q. My firewall software warns me that CommView is "attempting to
access the Internet." I am aware that some sites are able to track
users by collecting the information sent by their programs via
Internet. Why does CommView "attempt to access the
A. Three activities may alert your firewall. First, it may be an
attempt to resolve IP addresses to hostnames. Since CommView has to
contact your DNS servers to make a DNS query, it inevitably
triggers the alarm. You can disable this feature (Settings =>
Options => Disable DNS resolving), but in this case, the Latest
IP Connections tab will not be able to show you the hostnames.
Second, you may have configured the program to check if updates or
new versions are available. To do this, CommView has to connect
You can disable this feature (Settings => Options => Misc.
=> Enable automatic application updates). Third, when you
purchase the product, you need to activate it. If you select online
activation, CommView has to connect to
You can avoid this by selecting manual activation. These are the
only types of connections CommView can potentially make. There are
no other hidden activities. We don't sell spyware.
Q. I'm often logged on as a user without administrative privileges.
Do I have to log off and then re-logon as the administrator to be
able to run CommView?
A. No, you can open CommView folder, right-click on the CV.exe file
while holding down the Shift key, and select "Run As" from the
pop-up menu. Enter the administrative login and password in the
window that pops up and click OK to run the program. Under Windows
Vista and higher, CommView is automatically launched with elevated
Q. Can CommView monitor a network adapter when running under
Microsoft Virtual PC?
Yes. The only limitation is that promiscuous mode is not available
for virtual adapters, so you'll be limited to capturing your own
and broadcast packets only.
Q. When I monitor my dial-up connection, I don't see any PPP
packets during the session set up (CHAP, LCP, etc). Is this
A. Sorry, PPP handshaking packets cannot be captured. Note that all
other PPP packets that follow the initial handshaking process are
Q. I use WireShark and I noticed that it could no longer capture
packets after CommView had been installed.
A. There is a known conflict between WinPcap, the driver used in
WireShark and many similar products, and the driver used in
CommView. There is a simple workaround: Start capturing packets
with WireShark before you start capturing packets with CommView. In
this case, both products will be able to capture data
simultaneously. If you start capturing with CommView first, WinPcap
will fail to capture any packets for a reason unknown to us.
Q. When reconstructing TCP sessions that contain HTML pages in
Japanese or Chinese, I can't see the original text.
A. To see text in East Asian languages, you should install East
Asian fonts. Open Control Panel => Regional and Language
Options, select the "Languages" tab, and check the "Install files
for East Asian languages" box.
Q. I'm confused about the license types available for CommView.
Could you explain the difference between the license types?
A. There are three CommView license types:
more expensive VoIP License grants you the right to use the program
anywhere for any commercial or noncommercial purpose and enables
all the application features, including VoIP analyzer.
less expensive Enterprise License grants you the right to use the
program anywhere for any commercial or noncommercial purpose,
excluding the VoIP analyzer.
least expensive Home License grants you the right to use the
program at home for noncommercial purposes. If you use CommView to
monitor your home network, the maximum number of hosts in your LAN
this license allows you to monitor cannot exceed ten. The Home
license wouldn't allow you to connect to CommView Remote Agents.
The Home license wouldn't allow you to capture loopback traffic.
The Home license doesn't enable VoIP analyzer.
Additionally, the Enterprise License is also available as a One
Year Subscription, which is a time-limited license valid for one
year from the date of purchase only.
Please refer to the End User License Agreement that comes with the
product for other licensing terms and conditions.
Q. Can I save the audio from the VoIP analyzer to a standard .wav
or .mp3 file?
A. Not directly, but there are many utilities on the market that
offer a "virtual audio cable" that allows saving anything that is
played back through your sound card to a file. Try, for
Xilisoft Sound Recorder
(use the "What you hear" mode).