CommView® Tutorial
    Packet Sniffing Is Fun!



Let's Take a Look at This Session

TCP Data Streams

We can see the data broken into multiple packets, but is it possible to reassemble TCP sessions? Yes, with CommView this is possible. Select the first packet in a session (for example, the one where the browser requests a page from the Web server), right-click on it, and select Reconstruct TCP Session or simply double-click on the selected line:

TCP session reconstruction

There we go, the "conversation" between our PC and the Wikipedia Web server is in front of us, the page request is in blue, and the server's reply is in red:

TCP session (ASCII)

If you scroll down that window, you will see the full HTML source code of the page that was loaded in the browser. Ok, that was the ASCII (plain text) representation of this session. But the browser doesn't display plain text; it displays nice-looking HTML pages, right? Right, and we can do the same with CommView. Just select HTML in the Display type drop-down list, and the data will be shown as a Web page:

TCP session (HTML)

This is fine, but why no pictures? Because pictures are usually transferred in a different TCP session, and sometimes from a different server. By clicking on the >>> button you can navigate to the next TCP session and find pictures (or totally different TCP session, your computer might have already made several connections):

TCP session (images)

In this example, we used CommView to reconstruct HTTP sessions, but you can use this tool to look at the TCP streams of any nature, be it a POP3 session between your e-mail client and server or FTP download.

If you are a networking professional and you'd like to see the TCP session flow as a "ladder" diagram, switch to the Session Analysis tab:

Ladder diagram

Previous chapter Next chapter

Copyright © 1998-2016 TamoSoft. All Rights Reserved. No part of this site can be reproduced or duplicated in any form without the express written permission of TamoSoft. CommView is a registered trademark of TamoSoft. All other product names and trademarks are the property of their respective holders.