14 DAY TRIAL // Network monitoring is a task that I got to accomplish using a lot of good programs so far. The general problems with them were: the interface, in most cases left way behind the features, at least in term of beauty; no organization, and the name. After all, it's not a real problem, but I got bored to see again and again names containing "network" or just "net". Today, I got a completely different program, and let's see what I found...
CommView is a program built to monitor and analyze your network traffic, but it's different, as I've just said - the first thing is the name, and the second is the interface, which has excellent icons inside the toolbar and well organized, as most programs that I've had here.
The numbers that I can tell you about this program now are 5.3.519, 5 and 99. The last one really hurt! If you didn't get it, these were the version's number, the size of the installation package and the price. Once you've solved the setup issue, which only requires some quick mouse clicks to finish, we can start exploring!
After starting the program, the first thing to do is to begin the capture process. Unfortunately, not even a single fish today...because CommView can capture only data packets that run through your network interface controllers. There are five tabs inside the main program window that take care of the latest IP connections, packets, logging, rules and alarms. Let's find out more about these items now!
Latest IP Connections area looks like a view-only window that shows details about connections established on your computer. For each item, you can find out the local/remote IPs, number of in/out packets, hostname, process that created that connection and more.
I was surprised to find out that this is not only a view window, because you can also control different things using the contextual menus that appear when you right click a certain info line on the screen. The available options start with Quick Filter, that displays the connection Log Viewer and they also include data transfer statistics, link to SmartWhois, alias creations and more.
The next area is called Packets and its job is to display the details of data packets captured and their contents, but the 30 days trial version that I got here can only display the raw data of half of the packets. Anyway, this is enough to figure out the abilities of the full version, so take your time and play with it; you have an entire month at your disposal.
When talking about network traffic, logging and filtering rules shouldn't be left aside. The next two areas inside CommView's workspace take care of these two problems.
First, the Logging area allows you to set advanced logging options, such as log size limits, WWW access logging, but here you can also concatenate and split existing logs.
The Rules area enables the user to choose which packets should be captured and which ones should be not, and there are a lot of items that can be used for this purpose. Packets' fate can be chosen depending on MAC address, text strings found inside, ports used, TCP flags and it doesn't stop here. The advanced rules are the most powerful and flexible way to create filters, because they use Boolean Logic for this purpose and are requiring some basic understanding of mathematics and logic. Don't be scared, the syntax is rather easy and you shouldn't have problems understanding it after a little time spent for study...
Alarm! Traffic has dropped below 1024 bits! This could be a mail message that you'd receive from a computer running CommView that has detected a sudden drop of network traffic. The Alarms area lets you configure such email notifications, but you can also start a certain program, play different sounds or start/stop logging when the condition you set is true.
The main work area is behind now, but the program's menu still has some hidden treasures. My favorite is the Statistics window, a tool that displays graphical overviews of recorded data, such as general traffic, traffic based on protocols and subprotocols, the connections matrix, and some more numerical statistics. Other than this, there's a nice NIC Vendor Identifier tool that can identify the brand of a network card based on its MAC address, a packet generator that allows you to edit and send packets via your network card and others that I'll leave for you to discover.
This program has been translated into five languages that are built in already, and you can get more from the official website. If you encounter any problems while using this program, you can check the excellent online tutorial or the built in Help content. These being said, off to the conclusions we go!
The Good
CommView is well organized, has a nice interface, it doesn't kill your CPU, once powered on, and has a lot of features. The 30 days trial period and the online tutorial available are other two reasons to go ahead and try this one today.
The Bad
I am sure that most home users won't consider spending a hundred bucks for this program (well, you'll have one left after the purchase), but most network administrators or security professionals probably will. Other than that, everything's just fine...but if you're a beginner in this field, than you'll have to study a little to take full advantage of this application.
The Truth
Finally, I found another powerful network monitoring and analysis tool that I've really enjoyed from top to bottom, and I hope you'll enjoy this one too. I am not saying "buy it", but trial is a must for every user who wants to know more about its network traffic, and I'll leave you with a name: CommView.
Here are some snapshots of the application in action:
