CommView® Tutorial
    Packet Sniffing Is Fun!



Some Data Mining

Finding Out More About Current Connections

The reality is that your computer makes more connections than you expect. Common sense tells you that loading a Web page entails just one HTTP session, but that's not always so. First, remember DNS queries? These add at least one connection. If your first DNS server was slow to reply or down, there will be another connection to the second DNS server. Second, many Web sites store Web pages and pictures on two different servers, so when you load a page with graphics, several severs are contacted. There are thousands of reasons why your PC may connect to other computers. Most of these connections are quite legitimate, but it's not uncommon to see an application that sends out sensitive data unbeknownst to you. That might be a spyware or adware program, or even a commercial product that has certain unadvertised functions. That might be even a Trojan horse that allows someone to control your computer.

Well, before getting too scared, we should remember that we have the right tool in our hands. Not a single network packet will enter or leave your computer unnoticed by CommView. In our example, we need to find who is behind the IP address, 74.125.77.104, and why our computer made a connection to it. We can, of course, look at exactly what has been sent using the Packets tab, but we'll do that later on. For now, right-click on the IP address in question and select SmartWhois:

SmartWhois context menu

SmartWhois by TamoSoft is a useful network information utility that allows you to find all the available information about an IP address, hostname, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information. If you haven't tried it, you can download the evaluation version. SmartWhois has many useful features, but in this particular situation we need only one of them: Finding out who owns that IP address. Once you've clicked SmartWhois, you will see the application window with the following information about the IP address in question:

IP address lookup

Google? But why Google? We were accessing the Wikipedia Web site! Right. But let's think for a second… your copy of Internet Explorer might be equipped with a nifty little utility called Google Toolbar. And Google Toolbar connects to the Google server to check the popularity rank of the page being visited. We've found the answer.

Naturally, your mileage may vary. You may be using a different browser, you may have visited a different Web site for our experiment, you may have a dozen of other network-related applications running in the background, so your Latest IP Connections tab may look different, but we hope that the basic principle is clear: With CommView, you always have the full picture of your network connections, and this is very useful information.

Previous chapter Next chapter

Copyright © 1998-2016 TamoSoft. All Rights Reserved. No part of this site can be reproduced or duplicated in any form without the express written permission of TamoSoft. CommView is a registered trademark of TamoSoft. All other product names and trademarks are the property of their respective holders.