LAN Analyzer and Protocol Decoder - CommView

Prev Page Next Page
About CommView
What's New
Using the Program
Selecting Network Interface for Monitoring
Latest IP Connections
Viewing Logs
Advanced Rules
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Using Remote Agent
Capturing Decrypted SSL Traffic
Capturing Loopback Traffic
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Call Logging
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Capturing High Volume Traffic
Working with Multiple Instances
Running CommView in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
How to Purchase CommView


This tab is used for listing all captured network packets and displaying detailed information about a selected packet.


The top table displays the list of captured packets. Use this list for selecting a packet that you want to have displayed and analyzed. When you select a packet by clicking on it, other panes show information about the selected packet.

The meaning of the table columns is explained below:

No – a unique packet number.

Protocol – shows the packet's protocol.

Src MAC, Dest MAC – shows the source and destination MAC addresses.

Src IP, Dest IP – shows the source and destination IP addresses (where applicable).

Src Port, Dest Port – shows the source and destination ports (where applicable). Ports can be displayed either as numeric values or as the corresponding service names. For more information, see Setting Options.

Time / Delta – shows the packet's absolute or delta time. Delta time is the difference between the absolute times of the last two packets. You can switch from absolute to delta time by clicking View =>Packets Columns =>Show Time As.

Size – shows packet size in bytes. This column is not visible by default.

More Details – shows a brief packet summary.

You can show or hide individual columns by right-clicking on list header or using the View => Packets Columns menu. The column order can be changed by dragging the column header to a new location.

The packet output can be suspended by clicking File =>Suspend Packet Output. In the Suspended mode, the packets are being captured, but not displayed, on the Packets tab. This mode is useful when you are interested only in the statistics rather than individual packets. To resume real-time packets display, click File =>Resume Packet Output.

The middle pane displays the raw contents of the packet, both in hexadecimal notation and as plain text. In the plain text, non-printable characters are replaced with dots. When multiple packets are selected in the top table, the middle pane displays the total number of selected packets, the total size, and the time span between the first and the last packet.

The bottom pane displays decoded packet information for the selected packet. This information includes vital data that can be used by network professionals. Right-clicking on the pane invokes the context menu that allows you to collapse/expand all the nodes or to copy the selected or all nodes.

The packets tab also includes a small toolbar shown below:


You can change the position of the decoder window by clicking on one of the three buttons on this toolbar (you can have a bottom-, left-, or right-aligned decoder window).  The fourth button makes the packet list auto-scroll to the last packet received. The fifth button keeps the packet you selected in the list visible (i.e. it won't leave the visible area as new packets arrive). The sixth button allows you to open the contents of the current packet buffer in a new window. This functionality is very useful under a heavy network load, when the packet list is rapidly scrolling and it's difficult to examine packets before they move out of the visible area. Clicking on this button creates a snapshot of the buffer so you can comfortably examine it in a separate window. You can make as many snapshots as you wish.

Menu Commands

Right-clicking on the packet list brings up a menu with the following commands:

Reconstruct TCP Session – allows you to reconstruct a TCP session starting from the selected packet; it opens a window that displays the entire conversation between two hosts. The same action is performed when you double-click on this window.

Quick Filter – finds the packets sent between the selected MAC addresses, IP addresses, or ports and displays them in a new window.

Open Packet(s) in New Window – allows you to open one or several selected packets in a new window for comfortable examination.

Create Alias -- brings up a window where you can assign an easy-to-remember aliases to the selected MAC or IP address.

Copy Address – copies the source MAC address, destination MAC address, source IP address, or destination IP address to the clipboard.

Copy Packet – copies the raw data of the selected packet to the clipboard.

Send Packet(s) – shows the Packet Generator window that allows you to resend the selected packet or a group of packets. You can also modify the packet contents before sending it.

Save Packet(s) As – saves the contents of the selected packet(s) to a file. The Save As dialog allows you to select the format to be used when saving data from the drop-down list.

SmartWhois – sends the source or destination IP address from the selected packet to SmartWhois if it is installed on your system. SmartWhois is a stand-alone application developed by our company capable of obtaining information about any IP address or hostname in the world. It automatically provides information associated with an IP address, such as domain, network name, country, state or province, and city. The program can be downloaded from our site.

Clear Packet Buffer – clears the contents of the program's buffer. The packet list will be cleared, and you will not be able to view the packets previously captured by the program.

Decode As – for TCP and UDP packets, allows you to decode supported protocols that use non-standard ports.  For example, if your SOCKS server runs on port 333 rather than 1080, you can select a packet that belongs to the SOCKS session and use this menu command to make CommView decode all packets on port 333 as SOCKS packets. Such protocol-port reassignments are not permanent and will last only until the program is closed. Note that you cannot override standard protocol-port pairs, e.g. you cannot make CommView decode packets on port 80 as TELNET packets.

Font – allows you to increase or decrease the font size used to display packets without affecting the font size of all other interface elements.

You can also drag-and-drop selected packet(s) to the desktop.