CommView® Tutorial
    Packet Sniffing Is Fun!



Focusing on the Essentials

Using Advanced Filters

Exploring the network traffic may be difficult if the useful pieces of information are buried under countless unimportant connections and packets. If you are trying to focus on, say, troubleshooting an e-mail session, you probably don't want CommView to capture and display a few thousand packets related to a whole different FTP download that is going on simultaneously, probably not even on your own PC. The good news is that a good network analyzer allows you to use capturing rules (often called "filters"). By applying rules, you can filter out unimportant packets to focus on the essential ones. The Rules tab is the place where you can mange your capturing rules, and the Advanced Rules tab allows you to create very flexible formula-based filters:

Capturing rules

You are free to use other types of rules (Ports, Text, etc.), but the Advanced rules offer much more flexibility, so we'll use this type of rule in our example. To create a new rule, you need to first enter an arbitrary name in the Name field and then select the rule type: Capture or Ignore. TThe former will make CommView display only those packets that match your formula, while the latter will make CommView display all the captured packets except those ones that match your formula. Finally, you need to enter a formula describing your packet. Suppose that we want to capture HTTP traffic only.

As we mentioned above, the Advanced Rules chapter of the help file provides detailed information on the formulae syntax.

In this example, we're going to use an intuitively understandable formula to save time:

ipproto=tcp and (sport=80 or dport=80)

In human language, this means that we're interested in TCP packets going to or coming from port 80, i.e. the port used for HTTP connections. Now click Add/Edit and we're done! CommView will display only HTTP packets until you disable this rule by clicking on the check box next to its name. It's as simple as that. Oh…and you can save rules to a file and load them from a file by using the Rules menu on the main window.

Previous chapter Next chapter

Copyright © 1998-2016 TamoSoft. All Rights Reserved. No part of this site can be reproduced or duplicated in any form without the express written permission of TamoSoft. CommView is a registered trademark of TamoSoft. All other product names and trademarks are the property of their respective holders.