Home
Contents

WLAN Analyzer and Decoder - CommView for WiFi
Prev Page Next Page
 
Introduction
About CommView for WiFi
What's New
Using the Program
Driver Installation
Overview
Main Menu
Nodes
AP and Station Details Window
Channels
Latest IP Connections
Packets
Logging
Viewing Logs
Rules
Advanced Rules
Alarms
WEP/WPA Keys
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Scheduler
Node Reassociation
Using Remote Agent for WiFi
Using RPCAP
Using Aruba Remote Capture
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Introduction
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Registrations, Endpoints, and Errors
Call Logging and Reports
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Monitoring 802.11n, 802.11ac, and 802.11ax Networks
Understanding CRC and ICV Errors
Understanding WPA Decryption
Understanding Signal Strength
Capturing A-MPDU and A-MSDU Packets
Using CommView for WiFi in a Virtual Machine
Multi-Channel Capturing
Spectrum Analysis
Capturing High Volume Traffic
Running CommView for WiFi in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Information
How to Purchase CommView for WiFi

Exchanging Data with Your Application

CommView for WiFi provides a simple TCP/IP interface that allows you to process packets captured by CommView for WiFi using your own application in real time. Starting with version 5.0, you may also use this interface for sending packets (similar to the Packet Generator function in CommView).

How It Works

CommView for WiFi should be launched with a special command-line argument, "MIRROR", that tells the program to mirror captured packets to an IP address and TCP port of your choice.

Examples:

CV.EXE mirror:127.0.0.1:5555  // mirrors packets to the loopback address, TCP port 5555

CV.EXE mirror:192.169.0.2:10200  // mirrors packets to 192.169.0.2, TCP port 10200

When CommView for WiFi is launched with a switch like this, it tries to establish a TCP session by connecting to the specified IP address and port number. It means that you should already have your application running and listening on the specified port. If CommView for WiFi fails to establish a connection, it will keep on trying to connect every 15 seconds. The same happens if the connection is broken: CommView for WiFi will try to re-establish it every 15 seconds. If the connection is successfully established, CommView for WiFi sends the packets it captures to the specified IP address as they arrive, in real time.

Data Format

The data is transmitted in NCFX format. Please refer to the CommView Log Files Format chapter for the format description.

Sending Packets

Packets may not only be received by your application but also sent as if you were using Packet Generator. Data can be sent to CommView for WiFi using the same TCP connection over which you are receiving the data. The data format is simple: You should send the packet length (a two-byte unsigned integer in the standard little-endian byte order) followed by the data rate index (a two-byte unsigned integer in the standard little-endian byte order) followed by the packet itself. Packet length should not include the four bytes that precede the packet body. Data rate index is zero-based; it should contain the index of the rate as shown in the Packet Generator. Consider the following example:

String to be sent in hex: D4 00 00 00 80 1F 02 66 C2 8E. The length of this string is 10 bytes.

Rate to be used: 5.5 Mbps. This is the third item in the "802.11 data rate" drop-down list in the Packet Generator.

Resulting buffer to be sent: 0A 00 02 00 D4 00 00 00 80 1F 02 66 C2 8E.

If the adapter is not opened or it does not support packet injection, the packet is silently discarded.

Sample Projects

Two simple demo applications that listen for inbound connections, extract packets from the stream, and display raw data are available.

·http://www.tamos.com/products/commwifi/samp_mirr_c7.zip. This is a Visual Studio project with C++ source code.

·http://www.tamos.com/products/commwifi/samp_mirr_d7.zip. This is a Delphi project with Pascal source code. If you want to compile the project, you will need the popular ICS components suite by Francois Piette, available at http://www.overbyte.be.

Bandwidth

When mirroring data to a remote computer, make sure that the link between CommView and the computer to which the data is being mirrored is fast enough to transfer all the data being captured. If CommView captures 500 Kbytes/sec, and your link can handle only 50 Kbytes/sec, you'd inevitably have "traffic jams," which might result in various problems (e.g., Winsock may just stop sending data under some Windows versions).