Introduction

About CommView

CommView is a program for monitoring Internet and Local Area Network (LAN) activity capable of capturing and analyzing network packets. It gathers information about data passing through your dial-up connection or Ethernet card and decodes the analyzed data.

With CommView you can see the list of network connections and vital IP statistics and examine individual packets. Packets are decoded down to the lowest layer with full analysis of the most widespread protocols. Full access to raw data is also provided. Captured packets can be saved to log files for future analysis. A flexible system of filters makes it possible to drop packets you don't need or capture only those packets that you wish to capture. Configurable alarms can notify you about important events, such as suspicious packets, high bandwidth utilization, or unknown addresses.

CommView includes a VoIP module for in-depth analysis, recording, and playback of SIP and H.323 voice communications.

CommView is a helpful tool for LAN administrators, security professionals, network programmers, or anyone who wants to have a full picture of the traffic going through one's PC or LAN segment. This application requires an Ethernet or Wi-Fi network card, or a standard dial-up adapter. CommView features an advanced protocol decoder that can parse over a hundred widely used network protocols.

In addition, our new remote monitoring technology allows CommView users to capture network traffic on any computer where Remote Agent is running, regardless of the computer's physical location. To take advantage of this unique feature, you need to deploy CommView Remote Agent, an affordable add-on for CommView.

What's New

Version 7.0

  • You can now capture decrypted SSL traffic to/from the computer where CommView is running.

Version 6.5

  • A completely reworked protocol decoder: more supported protocols and a summary for each packet.

Version 6.1

  • New operating systems supported: Windows Server 2008 32-bit and 64-bit Editions.
  • Decreased RAM utilization in the VoIP analysis module. The new version can handle more simultaneous calls using less RAM.
  • Adjustable jitter buffer for realistic simulation of real-life VoIP phone sound quality.
  • Improved "Find" dialog: Search direction and Unicode search (UTF-8, UTF-16) are now supported.
  • More flexible decoder tree options: You can now set the number of nodes to be expanded.
  • Many other improvements and bug fixes.

Version 6.0

  • VoIP module for advanced in-depth analysis, recording, and playback of SIP and H.323 voice communications.
  • Visual TCP session analysis that graphically displays session diagrams.
  • Visual packet builder that facilitates packet construction in Packet Generator.

Version 5.5

  • Full IPv6 support throughout the application (decoding, filters, search, alarms).
  • UTF-8 support in TCP session reconstruction.
  • Optional reassembly of fragmented IP packets.
  • A new alarm type: the application can pronounce messages using the Windows text-to-speech engine.
  • A few improvements and configurable options related to decoding and session reconstruction.
  • Fixed a resource leak under Windows Vista if the DPI value is set to 120 or higher and possible system crash if a dial-up connection is monitored.

Version 5.4

  • Windows Vista support.

Version 5.3

  • IP-to-country mapping for IP addresses provides real-time geolocation for all IP addresses shown by the application.
  • Redesigned columns in the "Packets" tab and "Log Viewer" to make them more convenient to use. The column order on all tabs of the main application window is now customizable.
  • Ability to create any number of snapshots of the current packet buffer, which makes it much easier to work with packets under a heavy network load. You can now examine the buffer in separate windows, without the risk of losing old packets and the need to look for packets that were scrolled out of view.
  • Improved alarms allow you to send customizable e-mail alerts.
  • Resizable "Statistics" window.
  • Improved "Find" dialog.
  • Optional gridlines for a better packet visibility.
  • A few other improvements.

Version 5.1

  • Quick Filters that allow you to easily create new packet views for similar packets based on MAC addresses, IP addresses, or ports.
  • Filtering by process name is now available.
  • Updated MAC vendor list.
  • Automatic application updates.
  • Many other improvements and bug fixes.

Version 5.0

  • Packets are mapped to the application that sent or received them (this functionality is available under Windows 2000/XP/2003).
  • High resolution time stamping (up to microseconds, available under Windows NT/2000/XP/2003).
  • New, compact, open log format.
  • Graphic matrices representing conversations between hosts.
  • New decoding modules have been added: MS SQL, LDAP, and YMSG. SMB and ICQ decoding has been improved.
  • Windows XP 64-bit Edition on AMD Opteron and Athlon64 processors is now supported.
  • Multiple simultaneous Remote Agent connections are now supported.
  • Improved Packet Generator featuring convenient access to templates.
  • HTML Reports can include graphics.
  • New alarm types.
  • Lower CPU usage.

Version 4.1

  • You can now capture loopback packets being sent from/to local IP addresses, e.g. 127.0.0.1 (this functionality is available under Windows NT/2000/XP/2003).
  • The program can log visited URLs.
  • New protocol decoding modules have been added: IMAP, NNTP, SSH, TLS.
  • An open plug-in interface allows you to implement your own protocol decoding.
  • TCP Session Reconstruction windows can now decompress GZIP'd web content, as well as display images being sent over HTTP sessions.
  • TCP Session Reconstruction windows now allow you to jump to the next TCP session between any two hosts (in the previous versions, you could jump to the next session only between those two hosts that were initially selected).
  • The program will notify you about changes in the list of network adapters.
  • Capturing is restarted automatically after Windows hibernation or suspension.
  • Token Ring adapters are supported (this functionality is available under Windows 2000/XP/2003).
  • Jumbo frames are supported.
  • You can have the program generate statistics on pre-captured data in addition to real-time statistics.
  • Improved alarm functionality allows to you to pass variables to launched applications or alarm messages.
  • A few other minor improvements.

Version 4.0

  • Alarms: You can configure the program to notify you about certain packet occurrences, unknown MAC addresses, etc.
  • New protocol decoding modules have been added: DAYTIME, DDNS, H.323 (H.225, Q.850, Q.931, Q.932), HTTPS, NTP, RMCP, RTP/RTCP (G.723, H.261, H.263), SNTP, TIME.
  • Multilanguage interface.
  • A custom decoding module can be used with the program.
  • New command-line parameters that allow you to load automatically rule sets and/or open adapters.
  • TCP Session Reconstruction windows now have the "Find" function.
  • TCP, UDP, and ICMP packet templates in Packet Generator.
  • A new "Decode As" function that can be used to decode supported protocols using non-standard ports.
  • A number of new configurable options.