You can configure some of the program's options by selecting
Settings => Options
in the menu.
– check this box if you want CommView to start capturing packets
immediately after launching the program. Please select the channel
that you would like to monitor from the drop-down list.
Disable DNS resolving
– check this box if you don't want CommView to perform reverse DNS
lookups of the IP addresses. If you check it, the
column on the
Latest IP Connections
tab will be blank.
Convert numeric port values to service
check this box if you want CommView to display service names rather
than numbers. For example, if this box is checked,
port 21 is
shown as ftp,
and port 23 as telnet.
The program converts numeric values to service names using the
SERVICES file installed by Windows. You can find it in
the C:\Windows\system32\drivers\etc folder.
You can edit this file manually if you want to add more
Convert MAC addresses to aliases
– substitute MAC addresses for aliases on the
can be assigned to MAC addresses using the
Settings =>MAC Aliases
Convert IP addresses to aliases
– substitute IP addresses for aliases on the
can be assigned to IP addresses using the
Settings =>IP Aliases
Convert IP addresses to hostnames in the "Packets" tab
– check this box if you want CommView to show resolved hostnames
rather than IP addresses in the
tab. If this box is checked, CommView will first attempt to find an
alias for the given IP address. If no alias is found or the
previous box (Convert
IP addresses to aliases)
is not checked, CommView will query the internal DNS cache for the
hostname. If no hostname is found, the IP address will be displayed
in numeric form.
Display vendor names in the MAC addresses
– by default, CommView replaces the first three octets of the MAC
address by the adapter vendor name in the
tab. Uncheck this checkbox if you want to change this
Capture Damaged Packets
– because of the distance, radio interference, and other physical
phenomena, some packets received by your wireless adapter might be
damaged, i.e. contain partly or fully invalid data. Check this box
if you want the program to capture and display such packets. This
option has both drawbacks and advantages. The advantage is that if
you are located far away from WLAN stations and/or access points, a
high percentage of packets might be broken, and enabling this
option would allow you to see more data, even though the data might
be partly damaged. However, the drawback is that you would see some
packets with invalid data, e.g. you might see IP packets sent to
non-existent IP addresses. Also, when this box is checked, the
program will try to decrypt those WEP- or WPA-encrypted packets in
which the Integrity Check Value is incorrect, but the headers
appear to be valid.
Maximum packets in buffer
– sets the maximum number of packets the program stores in the
memory and can display in the packet list (2nd tab). For example,
if you set this value to 3000, only the last 3000 packets will be
stored in the memory and packet list. The higher this value is, the
more computer resources the program consumes.
Note that if you want to have access to a high number of packets,
it is recommended that you use the auto-saving features (see
for more information): it allows you to dump all the packets into a
log file on the hard drive.
Maximum Latest IP Connections lines
- sets the number of lines the program displays on the Latest IP
Connections tab. When the number of connections exceeds the limit,
the connections that have been idle for the longest period of time
are removed from the list.
- sets the driver buffer size. This setting affects the program's
performance: the more memory allocated for the driver buffer, the
fewer packets the program drops. For low traffic WLANs, the buffer
size is not critical. For high traffic WLANs, you may want to
increase the buffer size if the program drops packets. To check the
number of dropped packets, use the
File => Performance Data
menu command while capturing is on.
Latest IP Connections
– allows you to select the Latest IP Connections layout that best
suits your needs. Selecting an item from the drop-down list will
display the description of the selected logic. In most cases, it is
recommended to use the default
Define Local IP Addresses
– you should use this tool if you monitor WLAN traffic with many
pass-through packets and a mixture of external and internal IP
addresses. In such a situation, CommView for WiFi does not "know"
which IP addresses should be treated as local and might reverse the
IP addresses in the Source and Destination IP columns. This tool
allows you to define the local network addresses and subnet masks
to make sure the Latest IP Connections window works correctly. This
will work only if you use the default
Packet color –
sets the colors for displaying different kinds of packets (Normal,
Bad CRC, Bad ICV) on the
Colorize Packet Headers –
check this box if you want CommView to colorize packet contents. If
this box is checked, the program displays the first eight packet
layers using different colors. To change a color, select the
type of header for which you want to change the color and click on
the colored rectangle.
Formula syntax highlighting –
sets the colors for highlighting keywords in formulas in the
Selected byte sequence color –
sets the font and background color for displaying the byte sequence
that was selected in the decoder tree. For example, when you select
the "TCP" tree node, the corresponding part of the packet will be
highlighted using these colors.
Management frame color
– sets the colors for different types of Management frames. Color
is used in the
column of the
tab to show the corresponding frame types.
Always fully expand all nodes in the decoder window –
check this box if you would like to have all nodes in the decoder
windows automatically expanded when you select a new packet in the
Expand the last nodes –
check this box if you would like to have the last node(s) in the
decoder window automatically expanded when you select a new packet
in the packet list and set the number of nodes to be expanded. By
default, the first node is expanded. This setting has no effect if
Always fully expand all nodes in the decoder window
box is checked.
Expand level –
set the number of levels to expand. This defines the "depth" of
tree node expansion.
Decode up to the first level only in ASCII export –
this option affects the decoding format used when you export a
packet log or individual packet as an ASCII file with decoding. If
this box is checked, only the top-level nodes will be saved. For
example, if you save a TCP/IP packet when this option is disabled,
Type of service
sub-nodes are saved. When this option is enabled, these sub-nodes
are not saved. Checking this box makes the output ASCII file less
detailed and more compact.
Ignore incorrect checksums when reconstructing TCP sessions
this option affects the way CommView treats malformed TCP/IP
packets when reconstructing TCP sessions. By default, this option
is on, and packets with incorrect checksums are not discarded in
the process of reconstruction. If you turn off this option, packets
with incorrect checksums will be discarded and not displayed in the
TCP reconstruction window.
Include packet numbers when reconstructing TCP sessions
check this box if you'd like the chunks of data shown in the TCP
session reconstruction window to be prepended by the packet numbers
that correspond to these chunks of data.
Search for the session start when reconstructing TCP
if this box is checked, the program will attempt to find the
beginning of the TCP session when you reconstruct it. If it is not
checked, the session will be reconstructed only from the selected
packet, i.e. earlier packets will be discarded.
Decompress GZIP content –
check this box if you want CommView to convert GZIP-compressed HTTP
content into readable text in the TCP Session Reconstruction
windows. GZIP content is decompressed only when the display type in
the window is set to "ASCII."
Reconstruct images –
check this box if you want CommView to convert binary HTTP streams
that represent images into viewable JPG, BMP, PNG, and GIF pictures
in the TCP Session Reconstruction windows. Images are shown only
when the display type in the window is set to "HTML." Images are
never shown within the HTML pages to which they belong, as they are
transferred by the server in a separate HTTP session.
Use IPv4-style endings in IPv6 addresses
if this box is not checked, IPv6 addresses are shown using
hexadecimal symbols only, e.g. fe80::02c0:26ff:fe2d:edb5. If this
box is checked, the last 4 bytes of IPv6 addresses are shown using
the IPv4-style dotted notation, e.g.
Reassemble fragmented IP packets
check this box if you would like the program to reassemble IP
packets that are fragmented. By default, fragmented IP packets are
displayed as they were received from the wire, in their original
form. If this option is turned on, the program will maintain an
internal buffer of fragments and will attempt to "glue" them,
displaying only the results of successful reassembly.
Display signal level in dBm
– check this box if you would like the program to display signal
strength in dBm rather than in percentile format. The availability
of signal level in dBm depends on the wireless adapter model being
used. Please refer to the
Understanding Signal Strength
chapter for more information.
Default display type
– select the display type value from the drop-down list that you
want to set as default for the TCP Session Reconstruction function.
The available values are ASCII, HEX, HTML, and EBCDIC.
The VoIP analysis module is only available to VoIP license users or
evaluation version users who selected VoIP evaluation mode.
Disable VoIP analysis
– disables capture and analysis of VoIP data. Check this box if you
do not plan to work with VoIP and want to minimize the usage of
computer resources by the application.
Maximum records in the list
– limits the number of displayed and processed VoIP events. When
the number of records exceed the specified limit, older records are
deleted from the lists.
Ignore orphan RTP streams
– when this box is checked, VoIP analyzer will ignore captured RTP
data streams that do not have a parent signaling session. Orphan
RTP streams typically appear if packet capturing was started in the
middle of a call, or the signaling protocol is unknown to the
application (i.e. not SIP and not H.323), or the signaling protocol
was sent in a non-standard manner (e.g. encrypted or as part of
some other session). Such streams are still available for analysis,
and sometimes for playback. Please see the
chapter for more detailed information on playing VoIP calls. If you
are not interested in such orphan
streams and want to save on computer resources, please disable this
option. Note that when orphan streams are not ignored, VoIP
analyzer may mistakenly identify data transferred over UDP protocol
as RTP streams. Generally, this is not an error, as RTP packets do
not have a standard uniform signature, so such "false positives"
Ignore damaged packets in VoIP analyzer
– when this box is checked, wireless packets with bad CRC will be
discarded by the VoIP analysis module. This prevents the
application from creating "ghost" signaling or media streams that
may appear if packets with bad CRC are not dropped.
Geolocation is IP-to-country mapping for IP addresses. When this
functionality is enabled, CommView checks the internal database to
provide information on the country any IP address belongs to. You
can configure the program to show
ISO country code,
next to any IP address. You can also disable geolocation. For some
IP addresses, such as reserved ones (e.g. 192.168.*.* or 10.*.*.*)
no information on the country can be provided. In such cases, the
country name is not shown, or if you use the
option, a flag with a question mark is displayed.
As IP allocation is constantly changing, it's important that you
always have an up-to-date version of CommView. A fresh, up-to-date
database is included in every CommView build. A fresh database has
98% accuracy. Without updates, the accuracy percentage falls by
approximately 15% every year.
Hide from the taskbar on minimization
– check this box if you do not want to see the program's button on
the Windows taskbar when you minimize the program. If this box is
checked, use the program's system tray icon to restore it after
Prompt for confirmation when exiting the application
– check this box if you would like the program to ask you for a
confirmation when you close it.
Auto-scroll packet data window
– if this box is checked, the program scrolls the text of the
packet data window automatically when you select a new packet from
the packets list (but only if the text does not fit into the
window). This is useful when you want to see the contents of a long
packet without manually scrolling the window.
Auto-scroll packet list to the last packet
– if this box is checked, the program automatically scrolls the
packet list in the
tab down to the last received packet.
Auto-sort new records in Latest IP Connections
– if this box is checked, the program auto-sorts new records on the
Latest IP Connections tab based on the user-defined sorting
criterion (e.g. ascending order of remote IP
Smart CPU utilization control
– if this box is checked, the program tries to decrease CPU
utilization when capturing high-volume traffic by decreasing the
quality and frequency of the screen updates.
Run on Windows startup -
if this box is checked, the program is launched automatically every
time you start Windows. Under Windows Vista and higher, this box is
disabled if UAC is enabled. This is a limitation of Windows Vista
and newer Windows versions that prevents applications with elevated
rights from loading on startup. If this feature is important,
Run minimized –
if this box is checked, the program is launched minimized and the
main window is not displayed until you click on the tray icon or
Show gridlines – makes
the program draw gridlines in all packet, channel, and AP
Enable automatic application updates
– check this box to let the program connect to the TamoSoft Web
site periodically and check for updates. Use the
Interval between checks
box to configure how often the checks should be made.
This tab is used by 3rd party plug-ins for performing configuration
tasks. Please see
for more information.