You can configure some of the program's options by selecting
Settings => Options
in the menu.
General
Auto-start capturing
– check this box if you want CommView to start capturing packets
immediately after launching the program. For systems with multiple
adapters, you should also select the adapter to be used from the
drop-down list.
Network
Disable DNS resolving
– check this box if you don't want CommView to perform reverse DNS
lookups of the IP addresses. If you check it, the
Hostname
column on the
Latest IP Connections
tab will be blank.
Convert numeric port values to service names
– check this box if you want CommView to display service names
rather than numbers. For example, if this box is checked,
port
21
is shown as
ftp,
and port
23
as
telnet.
The program converts numeric values to service names using the
SERVICES file installed by Windows. You can find the SERVICES file
in the \system32\drivers\etc folder. You can edit this file
manually if you want to add more ports/service names.
Convert MAC addresses to aliases
– substitute MAC addresses for aliases on the
Packets
tab.
Aliases
can be assigned to MAC addresses using the
Settings =>MAC Aliases
menu command.
Convert IP addresses to aliases
– substitute IP addresses for aliases on the
Packets
and
Statistics
tabs.
Aliases
can be assigned to IP addresses using the
Settings =>IP Aliases
menu command.
Convert IP addresses to hostnames in the "Packets" tab
– check this box if you want CommView to show resolved hostnames
rather than IP addresses in the
Packets
tab. If this box is checked, CommView will first attempt to find an
alias for the given IP address. If no alias is found or the
previous box (Convert
IP addresses to aliases)
is not checked, CommView will query the internal DNS cache for the
hostname. If no hostname is found, the IP address will be displayed
in numeric form.
Display vendor names in the MAC addresses
– by default, CommView replaces the first three octets of the MAC
address by the adapter vendor name on the
Packets
tab. Uncheck this checkbox if you want to change this
behavior.
Use non-promiscuous mode
– by default, CommView puts the network adapter in promiscuous
mode, which means that the program captures all traffic in the
local LAN segment. Checking this box switches CommView to
non-promiscuous mode, which you sometimes may want to use, e.g. if
your company's IT policy doesn't allow promiscuous packet
monitoring, or to reduce CPU usage in the situation where you're
interested only in your own inbound and outbound packets and have
to filter out many pass-through packets.
Notify when the adapter list has changed
– check this box if you want CommView to display a balloon message
in the system tray area once the number of active network adapters
has been changed.
Display full process path
–
check this box if you want to see the full path to the process
sending/receiving packets in the
Latest IP connections
tab, as well as in the decoded packets tree in the
Packets
tab (e.g. "C:\Files\Program.exe"
is a full path, whereas "Program.exe" is a short path).
Display friendly adapter names
– checking this option will make CommView display the adapter names
in the adapter selection drop-down list in the tool bar as they
appear in the Windows Network Connections page.
Show gridlines
– makes the program draw gridlines in all packet lists.
Memory Usage
Display
Maximum packets in buffer
– sets the maximum number of packets the program stores in the
memory and can display in the packet list (2nd
tab). For example, if you set this value to 3000, only the last
3000 packets will be stored in the memory and packet list. The
higher this value is, the more computer resources the program
consumes.
Note that if you want to have access to a high number of packets,
it is recommended that you use the auto-saving features (see
Logging
for more information): it allows you to dump all the packets to a
log file on the hard drive.
Maximum lines in
Latest IP Connections
- sets the number of lines the program displays on the Latest IP
Connections tab. When the number of connections exceeds the limit,
the connections that have been idle for the longest period of time
are removed from the list.
Driver Buffer
- sets the driver buffer size. This setting affects the program's
performance: the more memory allocated for the driver buffer, the
fewer packets the program drops. For low traffic LANs and dial-up
connections, the buffer size is not critical. For high traffic
LANs, you may want to increase the buffer size if the program drops
packets. To check the number of dropped packets, use the
File => Performance Data
menu command while capturing is on.
Latest IP Connections
Display Logic
– allows you to select the Latest IP Connections layout that best
suits your needs. Selecting an item from the drop-down list will
display the description of the selected logic. In most cases, it is
recommended to use the default
Smart
logic.
Define Local IP Addresses
– you should use this tool if you monitor LAN traffic with many
pass-through packets and a mixture of external and internal IP
addresses. In such a situation CommView doesn't "know" which IP
addresses should be treated as local and might reverse the IP
addresses in the Local and Remote IP columns. This tool allows you
to define the local network addresses and subnet masks to make sure
the Latest IP Connections window works correctly. This will work
only if you use the default
Smart
logic.
Add numeric PID to process names
– check this box if you'd like the process ID (PID) shown next to
the process name in the
Process
column.
Colors
Packet color –
sets the color for displaying packets on the Packets tab based on
the packet direction (in, out, pass-through). To change a color,
select the packet direction from the drop-down list and click on
the colored rectangular.
Colorize Packet Headers –
check this box if you want CommView to colorize packet contents. If
this box is checked, the program displays the first eight packet
layers using different colors. To change a color, select the
type of header for which you want to change the color and click on
the colored rectangular.
Formula syntax highlighting –
sets the colors for highlighting keywords in formulas in the
Advanced Rules
window.
Selected byte sequence color –
sets the font and background color for displaying the byte sequence
that was selected in the decoder tree. For example, when you select
the "TCP" tree node, the corresponding part of the packet will be
highlighted using these colors.
Decoding
Always fully expand all nodes in the decoder window –
check this box if you would like to have all nodes in the decoder
windows automatically expanded when you select a new packet in the
packet list.
Expand the last nodes –
check this box if you would like to have the last node(s) in the
decoder window automatically expanded when you select a new packet
in the packet list and set the number of nodes to be expanded. By
default, the first node is expanded. This setting has no effect if
the
Always fully expand all nodes in the decoder window
box is checked.
Expand level –
set the number of levels to expand. This defines the "depth" of
tree node expansion.
Decode up to the first level only in ASCII export –
this option affects the decoding format used when you export a
packet log or individual packet as ASCII file with decode. If this
box is checked, only the top-level nodes will be saved. For
example, if you save a TCP/IP packet when this option is disabled,
all
Type of service
sub-nodes are saved. When this option is enabled, these sub-nodes
are not saved. Checking this box makes the output ASCII file less
detailed and more compact.
Ignore incorrect checksums when reconstructing TCP sessions
–
this option affects the way CommView treats malformed TCP/IP
packets when reconstructing TCP sessions. By default, this option
is on, and packets with incorrect checksums are not discarded in
the process of reconstruction. If you turn off this option, packet
with incorrect checksums will be discarded and not displayed in the
TCP reconstruction window. Attention Gigabit card users: all your
outbound packets will have incorrect checksums if the "checksum
offload" feature is present. If you turn off this option, it's
likely that you will see only half of the reconstructed TCP stream.
The same applies to reconstructing loopback sessions, as loopback
packets have zero checksums.
Include packet numbers when reconstructing TCP sessions
–
check this box if you'd like the chunks of data shown in the TCP
session reconstruction window to be prepended by the packet numbers
that correspond to these chunks of data.
Search for the session start when reconstructing TCP
sessions
–
if this box is checked, the program will attempt to find the
beginning of the TCP session when you reconstruct it. If it is not
checked, the session will be reconstructed only from the selected
packet, i.e. earlier packets will be discarded.
Decompress GZIP content –
check this box if you want CommView to convert GZIP-compressed HTTP
content into readable text in the TCP Session Reconstruction
windows. GZIP content is decompressed only when the display type in
the window is set to "ASCII".
Reconstruct images –
check this box if you want CommView to convert binary HTTP streams
that represent images into viewable JPG, BMP, PNG, and GIF pictures
in the TCP Session Reconstruction windows. Images are shown only
when the display type in the window is set to "HTML". Images are
never shown within the HTML pages to which they belong, as they are
transferred by the server in a separate HTTP session.
Use IPv4-style endings in IPv6 addresses
–
if this box is not checked, IPv6 addresses are shown using
hexadecimal symbols only, e.g. fe80::02c0:26ff:fe2d:edb5. If this
box is checked, the last 4 bytes of IPv6 addresses are shown using
the IPv4-style dotted notation, e.g.
fe80::02c0:26ff:254.45.237.181.
Reassemble fragmented IP packets
–
check this box if you'd like the program to reassemble IP packets
that are fragmented. By default, fragmented IP packets are
displayed as they were received from the wire, in their original
form. If this option is turned on, the program will maintain an
internal buffer of fragments and will attempt to "glue" them,
displaying only the results of successful reassembly.
Attempt to map incoming UDP packets to processes
–
by default, the program's packet-to-application mapping system does
not try to map incoming UDP packets to an owning process due to the
probabilistic nature of such mapping. Check this box if you'd
like the program to attempt to map these packets.
Default display type
– select the display type value from the drop-down list that you
want to set as default for TCP Session Reconstruction function. The
available values are ASCII, HEX, HTML, and EBCDIC.
VoIP
|
|
|
|
Note:
The VoIP analysis module is only available to VoIP license users or
evaluation version users who selected VoIP evaluation mode.
|
|
|
|
|
|
|
|
|
|
Disable VoIP analysis
– disables capture and analysis of VoIP data. Check this box if you
don't plan to work with VoIP and want to minimize the usage of
computer resources by the application.
Maximum records in the list
– limits the number of displayed and processed VoIP events. When
the number of records exceed the specified limit, older records are
deleted from the lists.
Ignore orphan RTP streams
– when this box is checked, VoIP analyzer will ignore captured RTP
data streams that don't have a parent signaling session. Orphan RTP
streams typically appear if packet capturing was started in the
middle of a call, or the signaling protocol is unknown to the
application (i.e. not SIP and not H.323), or the signaling protocol
was sent in a non-standard manner (e.g. encrypted or as part of
some other session). Such streams are still available for analysis,
and sometimes for playback. Please see the
Call
Playback
chapter for more detailed information on playing VoIP calls. If you
are not interested in such orphan
streams and want to save on computer resources, please disable this
option. Note that when orphan streams are not ignored, VoIP
analyzer may mistakenly identify data transferred over UDP protocol
as RTP streams. Generally, this is not an error, as RTP packets
don't have a standard uniform signature, so such "false positives"
are ok.
Geolocation
Geolocation is IP-to-country mapping for IP addresses. When this
functionality is enabled, CommView checks the internal database to
provide information on the country any IP address belongs to. You
can configure the program to show
ISO country code,
Country name,
or
Country flag
next to any IP address. You can also disable geolocation. For some
IP addresses, such as reserved ones (e.g. 192.168.*.* or 10.*.*.*)
no information on the country can be provided. In such cases, the
country name is not shown, or if you use the
Country flag
option, a flag with a question mark is displayed.
As IP allocation is constantly changing, it's important that you
always have an up-to-date version of CommView. A fresh, up-to-date
database is included in every CommView build. A fresh database has
98% accuracy. Without updates, the accuracy percentage falls by
approximately 15% every year.
Miscellaneous
Hide from the taskbar on minimization
- check this box if you don't want to see the program's button on
the Windows taskbar when you minimize the program. If this box is
checked, use the program's system tray icon to restore it after
minimization.
Allow multiple application instances
– check this box if you would like have multiple CommView instances
running simultaneously to be able to capture traffic going through
different adapters. This option is not available under Windows
95.
Prompt for confirmation when exiting the application
– check this box if you would like the program to ask you for a
confirmation when you close it.
Auto-scroll packet data window
- if this box is checked, the program scrolls the text of the
packet data window automatically when you select a new packet from
the packets list (but only if the text does not fit into the
window). This is useful when you want to see the contents of a long
packet without manually scrolling the window.
Auto-scroll packet list to the last packet
- if this box is checked, the program automatically scrolls the
packet list in the
Packets
tab down to the last received packet.
Auto-sort new records in Latest IP Connections
- if this box is checked, the program auto-sorts new records on the
Latest IP Connections tab based on the user-defined sorting
criterion (e.g. ascending order of remote IP
addresses).
Smart CPU utilization control
– if this box is checked, the program tries to decrease CPU
utilization when capturing high-volume traffic by decreasing the
quality and frequency of the screen updates.
Run on Windows startup
- if this box is checked, the program is launched automatically
every time you start Windows. Under Windows Vista and higher, this
box is disabled if UAC is enabled. This is a limitation of Windows
Vista and newer Windows versions that prevents applications with
elevated rights from loading on startup. If this feature is
important, disable UAC.
Run minimized -
if this box is checked, the program is launched minimized and the
main window is not displayed until you click on the tray icon or
taskbar button.
Enable automatic application updates
– check this box to let the program connect to the TamoSoft Web
site periodically and check for updates. Use the
Interval between checks
box to configure how often the checks should be made.
Plug-ins
This tab is used by 3-rd party plug-ins for performing
configuration tasks. Please see
Custom Decoding
chapter for more information.
|