* Knowledge Database article of CommView usage is avialable ! read this first
This is quite basic tutorial on how to capture and read packets and how to finally resend them.
1. open commview
- you will see an "play" icon and grayed out "stop" button near the left upper corner
-next to those buttons you will find a drop-down box with your network adapters in it
2. click on the drop-down box and choose your primary network adapter (if you cant see anything in it, then your network is not working properly)
3. now click on the "play" icon to start the packet capture
-click on the "packets" tab to see the packets that commview have captured (its live view)
-click on the "latest IP connections" to see the list of IPs where packets are coming from or where they going
-to stop capture click on "stop" icon/button.
4. now lets make a filter to capture packets from specific application. i will take MSN as example.
-click on the "rules" tab (TAB not the menu)
-enable process fules
-now choose "capture"
-into the box type "msnmsgr.exe"
-click on "add process name"
-huh ? why "msnmsgr.exe" ? where it came from ?
-relax, press "alt+ctrl+del" to open process manager
-from there find the MSN process name, there you will see it is "msnmsgr.exe"
5. now go back into "packets" tab
-right click and choose "clear packet buffer"
-now go into msn and open a chat window with somebody
-say something. say "Hey" for example
-you will notice some packets in commview's "packets" tab
-now click "ctrl+f" in packets tab to open search
-search for "Hey"
-you will see that it pops on the packet
-right click that packet and click on "Reconstruct TCP session"
-window will open, it will show you the content of that packet, which will look like this:
Code: Select all
USR 6 [email protected] 1992966479.1503914.198100245 USR 6 OK [email protected] YourDisplayName CAL 7 [email protected] CAL 7 RINGING 1992966479 JOI [email protected] . 2254291004 MSG 5 N 123 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-MMS-IM-Format: FN=Tahoma; EF=; CO=b70085; CS=0; PF=22 Hey
-This covers the packet reading part
6. How to make more filters / rules to capture only MSN chat
-for example in MSN you have to first analyze the packet, like the example i gave
-there is no certain way to do that, so you have to do it your way
-here's what i did:
-I took the part with "MSG " (MSG + space behind it)
-why with space ?
-because LOTS of packets in msn protocol probably contain "MSG" so you have to include space.
-now under "Rules" tab choose 'Advanced Rules' - "Formulas"
-into "Name" field type the name of your rule (it can be whatever you want it to be, i wrote "msg")
-into "Formula" type
Code: Select all
-after "str" comes (), inside ( ) you will put your text you want to ignore or capture.
-now choose "capture packets (inclusive)"
-click on "Add/Edit"
-Now your CommView will capture all packets that contains the text "MSG "
-you can easily make such rules for any application to capture only the part you need OR ignore the part you dont want to see
-for the HELP with the Formulas click on that Icon with ? mark on it, it is next to the "Formula:" input field
-there you can see the explaination for all Forumulas available for commview, you can also comine them, but i will not cover that part here.
7. How to resend a packet / packets and how to save packet / packets
-to save a packet/packets. simply select packet and drag it onto your desktop or any other folder (it may not work in vista)
-if you want to select multiple packets, either HOLD down "CTRL" key and choose packets by clicking on them or just drag over multiple packets and then drag them all on desktop.
-to load them, drag the file into commview again, this will open the log viewer with your packet/s in it.
-to resend a packet / packets
-choose the packet / packets you want to send, then simply right click on them and choose "Send packet(S)" from there choose either "selected" or "all"
-now window opens, choose the options you want and hit the "Send" button
-NOTE that you have to be on "capture mode" to be able to send packets.