CommView® Tutorial
    Packet Sniffing Is Fun!



Alarm!

An Alarm Function Primer

In addition to passive monitoring, CommView can notify you about important network events. That's what the Alarm tab is for. Switch to this tab, check the Enable alarms box, and click Add.

Alarms tab

You will see a large alarm setup window with many check boxes and buttons, but don't get scared; we'll do something very basic for starters. Suppose that we want to be notified every time someone pings our PC or we ping someone's PC. For that, we'll create a new alarm named Ping Alarm that will be triggered once an incoming ICMP packet is received.

New alarm setup

CommView has a built-in language that allows you to use a formula to specify an alarm event or capturing rule. The explanation of this language is beyond the scope of this manual, but you can find a detailed description in the Advanced Rules chapter of the help file. For now, just use a "pre-canned" formula:

ipproto=icmp and dir=in

In human language, this means that we're interested in any incoming ICMP packets (because ping uses the ICMP protocol). In the Even occurrences frame we can specify how many times we want CommView to alert us before deactivating the alarm. We chose ten. Finally, we should choose a method by which CommView will notify us. How about a pop-up window? Good, we're checking the Display message box and entering the following text:

Ouch, someone from %SIP% is pinging me!

What's "%SIP%"? This will be replaced by the actual IP address of the computer that pinged you (SIP = Source IP Address). You don't necessarily have to use such a placeholder, but it's nice to know who is pinging you. The Alarms chapter of the help file will tell you more about the syntax of alarm messages.

Ok, we're all set. Click OK to close the alarm setup box, and we're ready for the test. Don't forget to start capturing and go to a Web site that allows you to ping an IP address, for example, this one: http://www.all-nettools.com/toolbox. Enter your IP address in the Ping tool field, and click "Go!" In a few seconds CommView will notify you about this incoming ping packet:

Notification dialog

Additionally, your computer's text-to-speech engine will actually pronounce, "Look at the screen" using your headset or PC speaker with a pleasant (ok, ok, not so pleasant) robotic voice. A pop-up window and audible alarm are only two of the possible ways of notification. You can have CommView send an e-mail message to your box, launch an application, and so on.

Previous chapter Next chapter

Copyright © 1998-2016 TamoSoft. All Rights Reserved. No part of this site can be reproduced or duplicated in any form without the express written permission of TamoSoft. CommView is a registered trademark of TamoSoft. All other product names and trademarks are the property of their respective holders.