Archive

Author Archive

Capsa by Colasoft: A Network Engineer’s Product Review

February 9th, 2015 No comments

By Shane Killen

I wanted to take the opportunity to do a review of the Colasoft Capsa program.  I have been asked about this program often, and I think it is time I do a review. Everyone knows that I like this program and I personally use this network analyzer all the time in my consulting position.  I love it and I have recommended this program on my blog and to customers of the company I work for.  It has saved me time and money in diagnosing problems.  And if I’m saving money, that means my customers are saving money.  And everyone loves that!

A personal story:
Just to start this out, I want to tell you a quick, condensed story.  I had a customer that called me up one morning.  They told me that their network was “crawling” and they wanted to know if I knew of anything going on.  I was at another client at the time, and all I knew to say at that point was that I could come over and take a look.  They told me to hold off at the moment, and they would call me if you needed me.  By the time 4PM came, I called that customer back to see what they had found.  He told me that they still had the problem, and they wanted me to come on in and see if I could find the problem.  I did just that.  From the time I got there and started working on the problem, I set up a monitor session and connected my laptop up.  Within 10 minutes, I told them what was the problem, what was causing the problem, and how it needed to be resolved.  It was a device that had a NIC that started flooding the network.  180K packets per second (Capsa told me this).  They went and disconnected the offending network cable for the device, and everything came back up without issue.  Key NOTE:  They had been working all day on this problem without resolution.  I came in and within 10 minutes pointed out what the problem was, what was causing the problem, and what to do to fix it.  I was able to do this with the Capsa network analyzer within 10 minutes of starting the troubleshooting.  In this example, think of how much money and productivity was lost. The very next day, this customer bought Capsa.

Now, the review:
At first look, the Capsa dashboard has a very nice look and feel to it. The dashboard colors are easy on the eyes when looking at it for long periods time, which is important when needing to troubleshoot problems.  You don’t need something hard to look at on top of using your brain to pinpoint issues, and Capsa is certainly easy on the eyes.  See below for the first look.

The layout is also well designed.  The tabs across the display make it easy to navigate to areas you need to get to.  Its almost like the company had true technical engineers design the layout.

The first display I tend to look at and use is the default view.  You can easily customize this to whatever it is you are looking for.  Capsa puts out some displays for you by default.  The defaults are good, but if you need more for what you are trying to accomplish, they made it very easy to add to this display if you want to.  I personally modify it to what I like to see.

The “Summary” tab has very good statistical information in it.  I personally dont use this tab much, but if you are looking for general statistical information about your network, this is a good place to view.  I do know engineers that just want to take samplings on a network, and this is a good tab to view for just that.  Things like Diagnosis statistics, Traffic statistics, Packet size Distribution statistics, Protocol statistics by OSI model, etc.  Again, very good for taking statistical snapshots during timed intervals.

This next tab is really handy for doing network assessments.  Its called the “Diagnose” tab, and this tab will tell you potential problems on the network that Capsa sees.  Anything from delays, re-transmissions, SMTP server slow response, HTTP client error, etc. And when I say “etc”, I mean a lot of “etc”s.  I use this all the time, and its very handy and helpful for the network engineer.  Its handy because it even makes suggestions on what the actual problem resolution might be.  That is a pretty cool feature.

The next tab shows a “Protocol” view of the network.  This is an excellent view into what protocols are traversing your network.  If you see a protocol in this display that you didn’t want on the network, this is a great place to see it quickly.  Easy to see and right in front of your eyes without the need to sift through traffic or selecting a column view and then finding the protocol.  Its just right in front of you with ease to see.  This is very helpful when in a hurry to hunt down what you don’t want on the network, as far as protocol view is concerned.  I have had plenty of times when trying to see what protocol is running on a network, just to know for sure what is there and what is not there.  And when Im doing a deep inspection of a network, this is definitely one view I look at.

The “Physical Endpoint” tab gives you a view into the layer 2 and layer 3 view into the network for statistics.  I personally don’t use this view much.  However, I do see the benefit of this tab.  You can find problems by either MAC address or IP address, like a malfunctioning NIC.  This is a good statistical view of that.  I personally will see it in the default view, because Ill customize the view there to see such things.  But, this is also a great place for that sort of detail.  One thing I really like about this view is that you can see the actual packets if you choose to.  Just like what you would see in a wireshark packet capture.  This is a great feature.

The “IP Endpoint” is a layer 3 view only into this view.  Its very similar to the “Physical Endpoint” tab, with the same features for the most part.  This is mostly a statistical view.  Again, you can see the actual packet here if you want to see it, just like in wireshark.  I have used this screen to find packets from a particular IP address, so that I can use the packet view before.  This is very handy and easy to find what you are looking for if you are looking for a particular IP address.  From the “offender”, you can view all you want as far as raw packets go.  I personally like this and have used this often in the past.

The “Physical Conversation” and “IP conversation” tabs has some important information for troubleshooting delays, etc.  I personally have used this tab a lot, especially when looking for delays in traffic to find out what is actually happening.  There is a lot of good information in these tab views.

The “TCP Conversation” view is an excellent view for seeing delays, etc.  In application type delays, you can easily prove where delta delays are when everyone is pointing at the network as fault.  I have used this many times to prove application delays, and where the network was fine.  This view makes it very easy to see these types of delays with transaction sequence diagrams, along with seeing the actual packet if you want to (which I do).  Again, it just makes it easy.  See below for a screenshot.

The “UDP Conversation” view is similar, with the exception of a data flow view.  After all, its UDP.  I personally dont utilize this tab much.  Although, I do see the value in seeing the conversations between devices.

There is now a new section called “VoIP Call” tab.  I have experimented with this and I do like this tab.  It will show you the calls made via SIP, the status of the calls, duration, invite time, etc.  It even has a “translatorX” like view if you are a visual person and want to see the call setup steps that each call has taken.  This is especially helpful when troubleshooting failed SIP calls.  This is a welcomed addition to the Capsa package.  With that said, I must tell you that for now, it only will recognize SIP calls.  It will not recognize H323, MGCP, or SCCP.  I have to admit, that is a little disappointing.  However, that is really the only negative thing I can say about this tab.  But, I suspect that will change in the future.  But, keep in mind, you can still view H323, MGCP, and SCCP in the other tabs if you looking for them.  Its just not in this tab.  Overall, I’m still impressed with this VoIP capability.  I’d really like to show you this screen, but there is just too much sensitive information I cant give out in my capture.  So I’m only going to show you a piece of the screen, so that you get the idea of what you will see.  I did blot out the personal info on this screenshot, but again, there is more to this screen than what I’m showing below.

There is a new “Ports” tab that shows all the ports being used on the network.  From here, you can view the traffic conversations, along with the data flows.  Again, this is really important in finding delays, etc.  I really like this new addition to the Capsa product.

There is a “Matrix” tab which shows you in a circular diagram the traffic from source to destination.  I dont use this much, except to get an impression on how many devices are actually talking to each other.  From here, you can, again, look at the raw packets.  I have heard other engineers say they like this view.  I think this must be just personal preference.

The “Packet” tab takes you right to the raw packet view.  Again, this is convenient, as you can go directly to search for specific IPs or MAC addresses quickly. And again, with all the info you would need in the display for finding what you want in the packet capture.

The “Log” view is just that.  It shows you a log of successful and failed events.  Anything from a global view of all traffic, to seeing only DNS, Email, HTTP, etc types of traffic.  This is an excellent addition to the product when you need to see events outside a packet view.

The last tab is called “Report”.  I absolutely love this tab.  For the executives, you can run the reports they want to see without them actually being technical in nature.  Lets face it, they just want the high level overview.  They dont want to see the packet details, the troubles, etc.  They just want the facts, and these canned reports will give them just that.  Also, you can customize your own reports as well.  You can even customize this to your company name, logo, etc.  This is a nice feature.

Other features:
You can get Capsa to send you an audible alarm when an event happens, something you customize yourself.  You can also get it to send you an email when the event happens, if you happen to not be in front of your Capsa PC/Server.

I also like the displays across the top of the program.  I use the “utilization” and “pps” (packets per second) displays almost every time I use Capsa.  These views are easy to detect broadcast storms, over utilization, etc. There is also a “Traffic Chart (bps)” chart that is a visual of the amount of traffic that is on the network.  I like these views for sure.  They are always up front and if something starts happening on the network, you can easily see some of these types of events in these displays.  Very handy when you are going through the tabs and still able to see these views at the top.  I personally like that this was carefully thought of for the network engineer.

Another thing I like, is that if you are looking for only certain types of traffic, you can filter Capsa to only display that traffic without seeing all the other traffic you are not looking for.  This is handy when you know where the problem is, but dont know the cause of the problem.

One thing to note here in this review.  I have mentioned a lot of features in this program.  However, what I have not mentioned is ALL of the capabilities in each tab.  There are a ton of things you can do in most of the tabs.  Don’t think I covered everything.  I have only covered a fraction of what you get out of this product. What I suggest is that you go and download a demo of this product.  Try it for yourself and download a trial of this to see if you like it.  Visit Colasoft at www.colasoft.com, and let me know how you like it.

About Shane Killen

Shane Killen currently works at a consulting company in Birmingham, Alabama.  It is a consulting firm that deals with most aspects of IT Technology.
He works as a IT consultant, serving as a Senior Network Engineer. Shane Killen has been working in IT professionally since 1996.  Certifications currently hold –  Cisco CCNP (R&S), Cisco CCNP Voice, Cisco CCDP, Brocade BCNP, ShoreTel Advance Systems and Troubleshooting, CompTIA Network+, CompTIA A+, CSSA, Palo Alto ACE.

From: http://www.shanekillen.com/2015/02/capsa-by-colasoft-product-review.html

What’s New in nChronos 4.3?

November 25th, 2014 No comments

Service Port Monitor

nChronos 4.3 provides a Port view and a Service Access view to monitor and analyze service ports. The Port view calculates the statistics based on IP address + TCP/UDP service port. Together with the sorting function of nChronos, you can easily know which service ports are running on the network, and running for which IPs. The Port view further provides other information about the service port, including the application, the uplink and downlink traffic, the service access time, access times, etc. The Service Access view calculates the statistics based on server and client IPs, port number and applications. It provides the access details for each service port. You can drill a service port down to a specific service access session.

Request a demo

VLAN and VPN Virtual Link Support

nChronos 4.3 provides support for virtual links, including VLAN and MPLS VPN. You can add virtual interfaces and set up network links based on the virtual interfaces. There is a VLAN view, which displays traffic statistics based on VLAN ID. An MPLS VPN view is also provided to display traffic statistics based on MPLS VPN label. Together with the name table function of nChronos, you can add names for VLANs and MPLS VPNs.

Millisecond Analysis

Millisecond analysis provides traffic analysis accurate to one millisecond. It is important for users who care about transient traffic burst. Colasoft nChronos 4.3 provides millisecond traffic statistics and millisecond traffic alarm. Users can define any millisecond traffic alarm according to the need. The Millisecond Analysis window displays the millisecond traffic statistics trend charts in real-time.

Multi-Segment Analysis

Sometimes the responses from large websites are very slow, and to find out the system bottleneck for the websites, it is necessary to analyze each link of the websites. Colasoft nChronos 4.3 provides a multi-segment analysis function, which associates and correlates the data of the same conversation collected on two or more network segments, and displays graphical performance analysis results, like packet loss, delay, retransmission, etc., thus providing visibility into the areas where bottlenecks may occur. A Multi-Segment Analysis window has a timeline pane to show the traffic trends of monitored links. When a conversation is analyzed, the conversations on other segments will be picked up and analyzed automatically.

A Multi-Segment Detail Analysis window shows the detailed analysis results and visualizes the conversation flow across multiple segments. When clicking and hovering a packet, correlated packets will be highlighted, the time difference between the packets will be displayed, and the packet view will show the in-depth decoding information for that packet.

Storage Filter

nChronos 4.3 provides Storage Filter for users to store packets that match the filer rules. You can define the filter rules based on IP/MAC address, port number, protocol type, packet size, etc., and only packets matching the rules will be stored. Besides the filter rules, Storage Filter provides a functionality to truncate the stored packet to a specified size. With Storage Filter, you can store interested packets, and even store only the first few bytes of interested packets. It saves storage space, and helps you avoid from policy problems in some environment.

Request a demo

from: http://www.colasoft.com/nchronos/whatsnew.php

Colasoft Delivers nChronos v4.3 with Multi-Segment Analysis

November 23rd, 2014 No comments

Colasoft Delivers nChronos v4.3 with Multi-Segment Analysis

Tulsa, OK – November 19, 2014– Colasoft LLC (www.colasoft.com), an innovative provider of network analysis solutions, today announced a new version of its flagship product, nChronos Forensic Network Analysis Application. The multi-segment analysis leverages the packets recorded by nChronos to make it easier and quicker for network professionals to analyze the root cause of distributed application performance issues.

Most IT managers are have similar difficulty in diagnosing and solving application performance issues. It’s difficult to determine if the fault is in the network, the application, the server, or something else that is unknown. Hours or days are wasted in “finger pointing”. There are many components involved and troubleshooting a multi-segment network is difficult at best. In the past, IT professionals had to capture traffic separately from different points and manually merge the information into a single trace file to determine the root cause. nChronos will now automatically discover which packets and applications were seen at multiple points in the network. nChronos packet data recorder uses advanced algorithms to match data packets across the network. With nChronos v4.3, network problems such as latency, application errors, network anomalies or slow response can be tamed with greater ease and expediency.

nChronos v4.3 provides an even greater user experience with new and useful functionality and improvements. Below are some of the highlights of these new features included in nChronos v4.3:

  1. New views are added including a VLAN View, a MPLS VPN View, a Service Access View and a Port View.
  2. Provides millisecond-level traffic statistics and alarms for network links.
  3. Storage filter is available and packets can be stored with specified length.
  4. Application transaction alarms and application transaction alarm logs are now available.
  5. Packets can be downloaded from multiple network links.
  6. Combination analysis for IPv4 and IPv6 is available.
  7. The packets can now be stamped with switch time.

“We continue to provide an increase in value with additional functionality without sacrificing our easy to use interface. With the addition of multi-segment analysis, as well as the improved Alarm and Reporting function, nChronos now automates the previously tedious process of troubleshooting distributed network issues, with greater efficiency and ease.”, said Brandon Lewis, Director of Customer Support at Colasoft ”.

The evaluation version of nChronos 4.3 is now available on the Colasoft website www.colasoft.com.

From: http://www.colasoft.com/company/news_2014.php

Colasoft Capsa Network Analyzer – Selected as No.6 of “WindowSecurity.com Readers’ Choice Award – Security Scanner Software”

November 18th, 2014 No comments

Colasoft Capsa Network Analyzer was selected as No.6  in the Security Scanner Software category of the WindowSecurity.com Readers’ Choice Awards.

Results
1st Tenable Nessus 27%
2nd Acunetix Web Vulnerability Scanner  24%
3rd Retina Network Security Scanner  13%
4th GFI LanGuard  10%
5th Metasploit Pro for Windows  5%
5th NetIQ Secure Configuration Manager  5%
6th Colasoft Capsa Network Analyzer  3%
6th Dell Enterprise Reporter  3%
6th ShadowSecurityScanner  3%
7th Syhunt suite  1%
Others 6%

 

“Our Readers’ Choice Awards give visitors to our site the opportunity to vote for the products they view as the very best in their respective category,” said Sean Buttigieg, WindowSecurity.com manager. “WindowSecurity.com users are specialists in their field who encounter various network security solutions at the workplace. The award serves as a mark of excellence, providing the ultimate recognition from peers within the industry.”

 

WindowSecurity.comconducts monthly polls to discover which product is preferred by Network Security administrators in a particular category of third party network security solutions. The awards draw a huge response per category and are based entirely on the visitors’ votes. WindowSecurity.com visitors can submit their votes for the current Readers’ Award poll in the site’s left-hand bar.

 

If you’d like to know who the Readers’ Choice winners were, please take a look at Winner in the Security Scanner Software Category of Readers’ Choice Awards.

 

About WindowSecurity.com

WindowSecurity.com (http://WindowSecurity.com) is a Microsoft Windows Security resource site. It is the leading Windows Security site, attracting over 450,000 Security administrators and specialists a month. The site provides the latest Windows Security Services, articles and tutorials by leading Windows Security experts, message boards, software listings and product reviews.

 

Migrating Configuration Files from nChronos Evaluation to an nChronos Licensed Version

November 7th, 2014 No comments

Migrating configuration files on the same machine

The following steps will allow you to migrate configuration files from an nChronos Evaluation to an nChronos Licensed version on the same machine.

  1. When uninstalling nChronos Evaluation program please click “Yes” when following box pops up:
  2. Install the nChronos Licensed version. By clicking this uninstall “Save” action all configurations and captured data files will be saved automatically.

Migrating configuration files to a different machine

Follow the following steps if you installed the nChronos Evaluation version on one machine and now want to migrate the files to an nChronos Licensed version on a different machine,

  1. Export the configurations from nChronos Evaluation. Login to the nChronos Server web portal then go to the Server Management page and click Export Config button to save the configurations:
  2. Install and activate the new licensed version of nChronos. Login to the nChronos Server web portal, go to the Server Management page, and click the Import Config button to import the saved file in step 1.
  3. After the import is complete the nChronos service will automatically restart. After the restart, the configuration files will now be migrated.

Download Capsa

Colasoft Thanksgiving Big Sale, Saving $1590 !

November 2nd, 2014 No comments

 

In this Thanksgiving season, Colasoft would like to thank you all for your continued support and trust.

We are very proud that nearly half a million users are now using Colasoft products as their network troubleshooting tools.

We would like every one of you to have that same opportunity this November from Colasoft.

Just pick the opportunity that best meets your needs.

 

Review: Colasoft Capsa Network Analyzer Enterprise Edition 7.8 – software.informer.com

October 15th, 2014 No comments

Colasoft Capsa Enterprise is a network management solution aimed at small and medium-sized businesses and network administrators. This network traffic analyzer lets users monitor, detect, and troubleshoot network issues in a fast and simple manner. Among the powerful features this edition of Capsa includes is the ability to monitor both Ethernet and wireless networks.

As a comprehensive network sniffer, Capsa Enterprise is able to perform different types of analysis and tests over one or multiple wired and wireless connections (like 802.11a/b/g/n). It lets you run analysis of specific aspects of your network or a full Test providing an exhaustive level of detail. Capsa is able to perform packet capture in real time, monitor traffic, run security analysis to detect potential security risks, map the traffic and MAC, IP addresses of every host on the network, as well analyse different protocols like HTTP, FTP, and DNS, and applications like IM, Email (POP3, IMAP4, SMTP), and VoIP, letting you log and save data to disk. These complex tasks are carried out in a fast and simple way, with literally a few clicks.

Besides its straightforward interface, it is worth highlighting the way Capsa displays the data obtained by means of graphs, charts, and statistics that are easy to read and interpret, letting users detect and address potential issues in the most effective way. With the analysis results ordered in tabs and the several filters available it is easy to find the information you want to focus on. The Dashboard is the first section you will see once the analysis is on; and there are several view modes to choose from, including the possibility of adding or removing panels. Another tab that deserves particular mention is the Matrix tab, which maps network traffic between network nodes in a graph.

Other tools available in the pack include Packet Player, Packet Builder, Ping, and MAC Scanner, the possibility of scheduling tasks and adding alarms.

To sum up, Colasoft Capsa Enterprise is a tool that combines powerful features with in-depth analysis and statistics, essential for network adminitrators and engineers. This network sniffer has a cost of $995 and the free demo version is fully functional for 15 days.

Pros

  • Comprehensive network analyzer with powerful features.
  • In-depth network analysis.
  • Data is displayed in easy-to-read graphs.
  • User-friendly.

Cons

  • None.
Download Capsa
 
       from:  http://colasoft-capsa-enterprise.software.informer.com/

What’ s new in Capsa 7.8

August 28th, 2014 No comments

What’ s new in Capsa 7.8

 VoIP Analysis

Capsa 7.8 provides a VoIP analysis module to capture and analyze VoIP calls and graphically display VoIP analysis results, which helps IT staff baseline and troubleshoot VoIP-based networks.

A VoIP view is provided to list all VoIP calls as well as their related statistics and has a lower pane for analyzing voice and video control flows and media flows as well as their jitter, loss, MOS, etc., to visualize analysis data and assess voice and video quality.

Download Capsa

A VoIP Explorer groups private and public IP addresses for VoIP calls.

Furthermore, there are VoIP diagnosis events and VoIP logs. A VoIP dashboard contains the VoIP analysis charts graphically.

Together with VoIP Explorer and VoIP diagnosis, the VoIP view helps users visualize analysis data and assess voice and video quality, to thereby assist you troubleshooting VoIP networks, software and hardware.

Top Domain Name Statistics

Earlier versions of Capsa provide a Name Table feature to help network administrators conveniently manage staff’s network activities by displaying the IP address as names instead of figures. Capsa 7.8 here now provides a top domain feature which shows top visited Internet IP addresses as domain names. We know that one domain name may be resolved to be multiple IP addresses, and Capsa can identify all these IP addresses as one domain name if they are actually directed to that domain, and graphically display the top resolved domain names:

Port – Based Statistics

A Port view is provided to present traffic statistics based on TCP/UDP port numbers. This feature is useful when you want to analyze a specific application. The port numbers are provided with above layer protocol, packets, bytes, average packet size, and common application.

In addition, the Dashboard view provides a Port panel to graphically display top port statistics:

Learn more

Colasoft Announces Capsa Data Packet Analyzer v7.8 Release

August 20th, 2014 No comments

August 20, 2014– Colasoft, an Oklahoma company, is a leading provider of innovative, affordable, network analysis software solutions. Colasoft today announced the release of its latest Capsa Network Analyzer, version 7.8, a real-time portable network analyzer for wired and wireless network monitoring, bandwidth analysis, and intrusion detection.

In addition to Bandwidth Monitoring and Traffic Analysis, Capsa Enterprise has added full support for VoIP communication analysis. Capsa customers can now, not only monitor VoIP calls, but also drill into a vast collection of call statistics detailing their jitter, loss, and MOS. The new VoIP Explorer and VoIP Diagnostic views allow users to visualize the VoIP data as Capsa visually displays the voice and video quality, assisting users in troubleshooting VoIP networks, software and hardware.

Colasoft has also added a new detailed Port Analysis view to their Capsa Enterprise packet capture application. This new Port Analysis view is quite useful in the analysis of application management issues to determine where the problem actually originates.

In addition to VoIP, Colasoft has added a new “Top Domain Name” view of the network traffic. Colasoft users can now view the traffic utilization by Domain Name in addition to IP Address. Additionally, this new release of Capsa Enterprise has added full support of IMAP4 to the hundreds of already supported protocols. A Free Trial version is available for download at: http://www.colasoft.com/download/products/download_capsa.php

With the increasing number of companies being hacked, Colasoft has seen a dramatic increase in the interest of its Capsa and nChronos products. As noted by Brian K. Smith, Vice President at Colasoft LLC, “Capsa is the only Packet Sniffer and Packet Decoder to provide an easy to use GUI combined with CyberAttack Detection features that were previously found only in more expensive Intrusion Detection Applications. Colasoft Capsa now offers the Network Engineer one of the most robust Bandwidth and Packet Analysis tools available.”

With the release of Capsa 7.8 there is now added support for protocols like: IMAP4, SIP, SDP, MEGACO/H.248, MGCP, Q.931, SAP, H.225, RMI, Oracle, MMS, GOOSE, SMV, and GMRP. Capsa also added several new VoIP protocols. Capsa inherently analyzes VoIP issues, like voice quality QOS, dropped packets and connectivity issues.

Capsa 7.8 is compatible with Windows XP/2003/2008/Vista/Windows 7/Windows 8 and Windows Server 2012. A trial version is available for download at: http://www.colasoft.com/download/products/download_capsa.php

Source Link

Capsa How-to : Migrating Capsa Configuration Files

July 15th, 2014 No comments

Capsa Professional and Capsa Enterprise packet capture application provides the ability feature to backup configurations, including analysis profile settings and network profile settings.

Download Capsa

To migrate configuration files from a Capsa Demo version to Capsa licensed version you should:

1. On the Start Page, click the menu button, go to Configurations Backup, and click Export to save the configurations as a file:

2. Uninstall the Capsa Demo version and install the Capsa licensed version.

3. From the new Capsa licensed version go to the Start Page, click the menu button, select Configurations Backup, finally click Import to import the saved file in step 1.

4. After the import, Capsa will restart automatically. Your configuration data is now migrated.

Download Capsa

From: colasoft.com