CommView® Tutorial
    Packet Sniffing Is Fun!



I Have Connections!

IP Statistics Overview

Let's open the browser and visit a Web site, for example Wikipedia, Wikipedia. Then come back to the CommView main window to look at what has been logged by the program:

Captured IP connections

You can now click Stop Capture and take time to understand what you see. The picture on your screen may be a bit different because your browser may not be the only application sending or receiving packets and because of factors that will be explanted below. The most important thing is that you're looking at your PC's network connections!

Now let's try to make sense of what we see. Local IP shows your computer's Internet Protocol (IP) address, and Remote IP shows the IP address of the computer you've made a connection to. In and Out are packet counters, Direction shows the connection direction, Ports shows the TCP or UDP port(s) involved in the conversation, Hostname shows the user-friendly name of the host that corresponds to the remote IP address, if available, and Process displays the name of the executable file responsible for the connection (it may not be available in some cases.)

So, what happened when we visited this Web site, and why are we seeing all these connections? When you typed www.wikipedia.org into your browser's address field, your PC had to convert this hostname into the IP address. While hostnames are useful for people (they are easy to remember), they are useless for computers, as they need to know the exact IP address of the other computer to establish a connection. That's why your PC contacted a Domain Name System (DNS) server (wredhor.pair.com in our example, yours will be different) to find out the IP address that corresponds to www.wikipedia.org. How do we know that? Because the Ports column shows domain for this connection, which is a port name used for DNS queries.

Now that our PC has learned the IP address for www.wikipedia.org, it immediately establishes a connection with that Web server and downloads the main page that you can see in your Web browser. Http in the Ports column is what tells us that this was a HyperText Transfer Protocol (HTTP) connection.

These two connections may be followed by a few others, but we can talk about that later. For now, we've learned that the Latest IP Connections tab displays a snapshot of the current connections.

Notice that the IP addresses are accompanied by country flags. This cool feature is called "geolocation." It helps you identify the geographic location of the IP addresses. In our case, as the flags suggest, we're contacting the US-based Wikipedia server from a New Zealand-based PC. If you're not very good at flags, CommView can use country names and two-letter country codes instead; just open the Options window to configure this the way you like it.

Previous chapter Next chapter

Copyright © 1998-2016 TamoSoft. All Rights Reserved. No part of this site can be reproduced or duplicated in any form without the express written permission of TamoSoft. CommView is a registered trademark of TamoSoft. All other product names and trademarks are the property of their respective holders.