Colasoft Blog

As the big holiday Thanksgiving is coming very soon, Colasoft are wishing all of our customers and software users a great Thanksgiving! It’s time to sharing and spreading happiness, to celebrate this great holiday, we are preparing a big sale to offer you the most cost-effective software. It is coming very soon and up to 40% discount for both Capsa network analyzer and Colasoft nChronos will be available.

Free trail of Capsa network analyzer and nChronos is available for download at our website www.colasoft.com.

In business network settings, network administrators manage a large number of devices, like laptops, desktops, printers, switches and routers and they all have IP and MAC addresses. When we use a network analyzer to monitor the network traffic on the network, we can see lots of IP and MAC addresses. These addresses, however, aren’t friendly to read so we’d like to show their host names or give them labels.

In Capsa we use Name Table to do this job for us. With name table we can not only label IP addresses but also MAC addresses and we can delete, export or reload the address items there. We can right-click on an IP address or MAC address and we see Add to name table in context menu.

On the dialog box we can give the IP (or MAC) address and alias, also we can choose a color for it. If we don’t know the host name, we can click Resolve address to automatically look up its host name. Then click OK to save the input.

Now back to Capsa and we can see the address is already replaced by the name alias we just created. The Add to name table function is applicable to any item on Node Explorer and all other views except Summary, Protocol and Report views.

If we need upgrade or reinstall Capsa, we can use Export function to back up the name items. Click Name Table icon on the ribbon, and click Export button to save the name table file. Then after installation or upgrade we can use the Import function to reload the name items back to the system.

We are very excited to release the availability of Capsa Network Analyzer7.5. Except for the enhanced user interface, the biggest highlight of Capsa Network Analyzer7.5 is TCP flow analysis which makes it easier for network administrators to analyze application performance and pinpoint critical performance issues.

Capsa Network Analyzer 7.5 presents a comprehensive high-level overview of application health on your network. From TCP transaction analysis, you can easily access to more detailed information, including TCP server/client response time, delay, retransmissions, and further down to the server flow to observe the actual media content of the flow. “This unparalleled level of control and visibility speeds time to resolve application problems and minimize overall network downtime,” said Ocean Yu, Vice President at Colasoft.

In addition to MSN and Yahoo Messenger monitor, Capsa Network Analyzer 7.5 added ICQ monitor to meet the market demands. ICQ logs can be easily found at the log tab where detailed information is vividly displayed. Moreover, RADIUS protocol is supported as a new member in the more than 300 protocol analysis family.

Top Highlights of Capsa Network Analyzer 7.5:

1. Powerful TCP flow analysis for application performance optimization
2. Add ICQ monitor to analyze and log ICQ activities
3. Support RADIUS protocol analysis
4. Intuitive TCP transaction sequence diagram
5. Enhanced user interface & performance

Capsa 7.5 runs under Windows XP/2003/2008/Vista/7. A trial version is available for download.

It is one of the essential duties for network administrators to monitor their network traffic like HTTP traffic to see what applications are running on the network. There are countless network traffic monitor tools in the market which make us dazzling and hard to choose. Except for those costly network monitors, Capsa Free is a totally network freeware which serves much better than common network monitors in monitoring network traffic like HTTP traffic.

This article is mainly to guide you through the steps of how to monitor HTTP traffic with Capsa Free.

Capsa Free is a must-have freeware network analyzer for network monitoring, network troubleshooting and network analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems,enhance network security and so on. Moreover, Capsa Free is a perfect choice for students, teachers and computer geeks to learn protocols and networking technology knowledge.

Step 1: Download and install Capsa Free.
Step 2: Initiate Capsa Free, choosing HTTP Analysis as the analysis profile.

Step 3: View the HTTP traffic statistics in different tabs of Capsa Free.

a. Summary view: overall statistics of the capture.
b. Log view: webpage visiting records (anyone visited a website, logged here).
c. Dashboard view: important statistic data showing in visualized charts.
d. Diagnosis view: auto detected network errors.
e. Protocol view: the applications/protocols running on the network, traffic statistics.
f. Physical Endpoint & IP Endpoint views: traffic volume statistics of each node (by MAC address or IP address).
g. IP Conversation, TCP Conversation & UDP Conversation views: statistics on two communication nodes (from layer 3 to layer 4).
h. Matrix view: map of how hosts are communicated (MAC or IP addresses).

For the different tabs view, please click here.

Author: David M Williams

Colasoft Capsa WiFi has just released for one month, and it is now firstly reviewed by David M Williams from IT Wire, a professional editor who articularly specialises in mergers and acquisitions and enterprise applications. Let’s enjoy his review.

WiFi traffic is, by nature, more ethereal than its wired equivalent. Specialised tools are necessary to diagnose wireless network faults, and Colasoft has extended its excellent Capsa line with a new product to sniff and analyse your WiFi network.

As with other tools in Colasoft’s range, Capsa WiFi is a packet sniffer which stands out from the competition by its superb user interface. There are no cryptic or arcane command lines to worry about.

Instead, Windows-basd network administrators can interrogate and inspect raw packet data through a clean, Microsoft Office-style GUI that turns normally complex tasks into straightforward drop-down lists and menu options.

Capsa WiFi understands the gamut of 802.11 protocols and can listen in on any connectible access point that your laptop can reach. You might wish to plug into a cabled network because Capsa WiFi will disconnect you from any WiFi connections in order to do its work. However, it is capable of sniffing traffic across multiple WiFi networks provided they use the same station ID.

Network analysis, by nature, involves vast amounts of data flying by so it is essential for a tool to save data to a buffer, and to allow the user to hone in on the information that matters. Capsa WiFi provides a range of easy to use filters and rules that make this very simple, but effective.

Capsa WiFi weighs in at $USD 699.00 but the product can pay for itself when used on a network of reasonable size and complexity.

Among the many uses of a packet sniffer are to diagnose network intrusions, troubleshoot DHCP problems, analyse network utilisation, uncover reasons for slow network performance, analyse broadcast traffic, raise unattended alerts on abnormal traffic and many other things.

While other network analysis tools exist, Capsa WiFi stands out – as with the rest of the Colasoft range – by its excellent user interface and rich feature suite.

During the process of analyzing a network problem with a network analyzer tool or a protocol sniffer, especially when we find a suspicious worm or backdoor activity, we get only useful information like MAC addresses, IP addresses and also the port number in transport layer. The analyzer may not even know which application layer protocol is used, even it tells, we still need to figure out which application or process is using this application layer protocol. Is there any method that we can find out the original application or process using that TCP or UDP port? If you are conducting an on-site analysis, Capsa can easily help find out which process is using what port.
Let’s see how.

Find out Port Number

For example, I spot in Capsa Free the following TCP connection suspicious, which constantly communicates to IP: xx.xx.0.183, on port 8000. So I’m going to look up the process name using this port.

Find Process ID (PID)

At once I evoke Command Prompt, and entered the following string and hit enter.

netstat –aon | findstr :8000

Explanation:

-a: list all active connections and their ports. –o: show process IDs. –n: display the port numbers numerically.

| findstr :8000: display only the items with string :8000 (findstr means find string). Don’t forget the pipe symbol | at the beginning.

Let’s see what we get.

We can read in this case 3968 is the PID, and the source IP address and the target address is the same as the first figure.

Find Process/Application

Next we’ll switch to another tool Process Explorer (a free tool that you can get from: http://technet.microsoft.com/en-us/sysinternals/bb896653) immediately. And we can easily find out the process or application of this PID: 3968.

I’m sure it’s an instant messenger used internal in my office and it’s safe. You can also try to find this PID in Windows Task Manager if you don’t have Process Explorer installed.

However task Manager will not provide as much information as Process Explorer. And command prompt is quite handy for geeks.

tasklist | findstr 3968

This command will list only the task items with string 3968. Please refer to previous command if you not sure about | findstr parameter.

Kill Process/Application

So next, you may want to kill a process when you find it’s malicious and want to end it at once? If you are with Process Explorer, you just right-click on a process item and choose Kill Process (Press Del button for short) to kill that process (you can do the same in Task Manager). Again, you may run the following in Command Prompt:

taskkill /F /PID 3968

Explanation:

/F means force to kill the process. And I suppose you understand PID so far.

Now we successfully detect and target the suspicious process with the specific port number, no matter UDP or TCP. And of course this procedure is reversible, you can find out the port number from the process’s PID.

It’s always a challenge for IT departments to anticipate how corporate technical demands will evolve, especially when IT budgets have been as tight as a drum for two years.

How do you “do more with less” and prepare for an explosion in bandwidth demand, a need to upgrade both software and hardware, and employees asking that work data be available on their personal smartphones?
The post-recession enterprise IT environment is only going to get more chaotic, but opportunities abound for the savvy IT manager, according to a new report from Technisource, a technology staffing and services company with clients ranging from the mid-market to global Fortune 500 companies.

The pressure to have “efficient operations and visibility into every aspect of the organization despite strict budget constraints has been the genesis of strategic trends that are re-shaping IT priorities, whether you are supporting an online retail portal, a university, or a high-tech manufacturing operation,” writes report authors Andrew Speer, Chad Holmes and Dick Mitchell.

Here are four trends Technisource says will play a key role in defining your organization’s priorities for the next year or more.

1. You’re Gonna Need More Bandwidth

It’s almost a guarantee that organizations of all sizes will increase bandwidth in 2011 and 2012 to support growing multimedia within the corporate network. The main technologies driving this need are video conferencing and tele-presence, VoIP and distributed storage networks.

The smart IT manager will stay ahead of the bandwidth curve by assessing WAN and LAN environments frequently and looking for ways to save money.
“Regularly review WAN options, with special emphasis on emerging access technologies that offer better deals on bandwidth and flexible provisioning plans,” the Technisource report states.

“On the LAN side, pay attention to your cabling plant as well as your switch and router fleet to ensure that there are no hidden bottlenecks to impede the inevitable upgrades you’ll be making.”

2. Prepare for More Mobility and User-Owned Devices

Mobile business apps are no longer a luxury, but a necessity at every level of the organization. Advances in Wi-Fi and other wireless technologies can put much of the corporate network in a worker’s pocket. Handheld devices are now commonly used to access corporate e-mail and sales reports, and track supply chain inventory in real time.

Looking ahead, Technisource predicts companies will establish their own internal “apps stores” that give employees password-protected access to software tools and other corporate resources.

IT departments should also prepare to use mobility asset management software to remotely configure and upgrade mobile apps and secure lost or stolen mobile devices by remotely wiping them clean of sensitive data. Finally, network and security admins must prepare for the inevitable: corporate users requesting to use their personal iPhones, Droids and other consumer-friendly smartphones for work purposes.

3. Ascending to the Cloud, One Careful Step at a Time

Companies are slowly but surely moving to some sort of cloud computing model. According to Gartner Group research, 8% of U.S. corporations had implemented a cloud service at the end of 2010, and Gartner expects that number to jump to over 50% by the end of 2012.

A cloud model offers obvious benefits: cheaper pay-as-you-go delivery methods, less operational complexity and fewer, if any, servers to manage.
But a cloud migration is complex, particularly at the enterprise level where data security is paramount.

“You’ll need to develop heightened level of data security for the cloud computing environment, where some, or all, of your critical data resides outside the traditional corporate firewall,” the Technisource report states, adding that cloud-based apps are also not as flexible, providing users with only a simplified menu of configuration and control options.

“Expect some snags when integrating several applications from different vendors into the seamless cloud platform of your dreams,” the report states.
As for return on investment guidance: Technisource writes that initial cloud ROI gain is in the first two years due to a decrease in infrastructure costs, but fee structures should be reviewed in the third year to make sure you’re getting the best deal.

4. The Windows 7 Upgrade Catch-Up

For most businesses, the Great Recession put a hold on any non-essential technology upgrades. But the standard four-year refresh cycles are timing out and hardware and software are getting long in the tooth, to the point where user productivity is sapped and security is at risk.

While users with old PCs obviously need newer and faster hardware, the main driver for upgrades in 2011 is to migrate from Windows XP to Windows 7-capable PCs.
“In 2009 only 7% of businesses had adopted Windows 7, or planned to do so over the next 12 months,” the Technisource report states, “but this has skyrocketed to 46 % in 2010.”

But migrating a large installed base of Windows XP machines to Windows 7 is an IT resource drain and a complicated process that includes re-loading user data, applications, drivers, preferences and settings.

By Shane O’Neill from arnnet.com.au

By ZhaoRui Meng — CCIE Security

Wireless technology is one of the most fast-growing network technologies. It has been spreading rapidly around the company, campus, public area etc. Unfortunately, many implementations are being done without attention to issues of security and authentication. As a result, many wireless networks are set up so that anyone with mobile equipment can access, even from outside the building. Anyone with the proper equipment can also spy on traffic. The problem with WLAN users is that very few understand how their data is sent through the air, much less comprehend the associated risks.

Recently a study discovered that 40 – 50% of the wireless users aren’t implementing any form of protection. Some wireless networks are encrypted with WEP key, which is significantly less secure than WPA. To prove my point, I randomly scanned wireless networks around my office building and found out 7 WLANs were encrypted by WEP keys, one network unencrypted among 15 SSID received. It takes no more than 10 minutes to crack a WEP password by BT3. WPA has helped to increase the security available to wireless network. But a good dictionary may brute forcing a WPA password when the pre-defined key is weak.

Due to the broadcasting nature of radio propagation at typical Wi-Fi frequencies, anyone on the street or in the neighborhood will have chance to access to it. A whole subculture has sprung up of people going around, scanning for open wireless nodes, and publicizing them to people who want free wireless access. Capsa for WiFi helps network administrators manage access control by monitoring access IP addresses and security. Capsa for WiFi can detect all access IP addresses as well as peer hosts activities, to monitor network activities and identify network penetration and scanning anomalies. More specifically, any wireless engineers can use Capsa for WiFi to lock down network intruders, monitor clients’ online activities, and spot malware like worms, ARP attacks, Trojan horses etc. To deploy Capsa for WiFi is as simple as to connect your Caspa for WiFi equipped station with a common wireless card to your AP and enable traffic capturing on the fly. You can realize wireless network management without setting up port mirroring.

Colasoft just released a major upgrade of Capsa Network Analyzer a few days ago and we notice that the Security Analysis Profile is the most important new feature in Capsa 7.3 which helps users to locate and troubleshoot network issues and attacks like ARP attack, DoS attack and port scanning. Besides that, the feature of email auto-saving that users appreciated in previous versions had some adjustments. So, this article is aims to teach you how to save monitored email contents.

In Capsa Network Analyzer 7.3, if you need to save a copy of the monitored email to your hard disk, you should do the following:

Step 1. Enable Log Output

a. Go to the Start Page and click the Set Data Storage link on the right panel.
b. You see the Data Storage Options dialog box, highlight the Log Output tab and then check the Save log to disk checkbox.
c. Finish the settings of choosing file folder and setting up the rules to save logs in different files.

Step 2. Enable Email Copy

a. Double-click the analysis profile you want to use and enable the Email analysis module. Probably you’ll use Full Analysis or Email Analysis because they initially enabled the Email analysis module. This step is very important and if you don’t enable Email analysis module, Capsa will not analyze and capture any email.
b. Click Next and click Log Settings. You will focus on the Output Settings and make sure the Email Copy item is checked.

Set up as the instructions above, Capsa will save all captured inbound and outbound email contents to your hard disk. Why did you make these adjustments, you may ask? This is because users of the earlier versions might be toggled among different analysis profiles and they often forget to enable log output on different profiles. That means in previous versions, every analysis profile has a switch of email auto-saving. Therefore this time we can see the switch is made globally. Once you enabled log output, the logs will be saved to your hard disk no matter which analysis profile you choose.

It’s also notable that this time Capsa is able to output logs in multiple files as the rules you set. For example, you can set to save logs to a separate file every 10 minutes. It makes it easy for you to find useful logs in time-split small files rather than in a big log file.

I’m sure you already know how to save emails with Capsa 7.3 after reading through this article.

Ian Harac, PC World, Sept 13th, 2010

When a program has a “free” edition, very often, it is just a demo without a time limit, offering only enough functionality to get you to buy the “real” version. Capsa 7 Free is not such a program; it’s a full-featured network traffic monitoring and reporting tool. The features you get for free, without a time limit or unceasing nags, are exceptional.

This high level overview is just the start of Capsa Free; you can drill down very deep to learn more about your network.

Capsa Free provides an ongoing look at everything that passes through a selected network adapter. (This is one of the few limitations of the Free version vs. the Professional and Enterprise versions; you can analyze only one adapter at a time. For most home or small business users, this will not be an issue.) It breaks the data down by protocol and IP address, the latter of which is very interesting from a home user perspective–a days’ casual surfing, captured and analyzed by Capsa, revealed I contacted computers in over a hundred different nations. You can also set it to store packets, with a variety of options for how many to store and how long to keep them. Later, you can rummage through them with Capsa, if you know what you’re looking for (or just want to peek under the hood and understand more about what happens between when you type an address in your browser and when you see a picture of a cat appear on your screen.)

For network administrators in small businesses, Capsa 7 Free is a potent tool with many analysis and testing abilities. With it, you can see what’s happening on your network, whether you want to monitor usage or determine if a connectivity problem really is on your end, You can hand-code packets and then send them to an adapter, in order to see what happens. The ability to set alarms if particular traffic patterns occur can help you see an attack coming and head it off, and there are tutorials on-line to help you do just that.

Capsa Free is a tool for professionals and enthusiasts. A casual home user will not find much use in Capsa Free, though, being free, it doesn’t hurt to check it out. Using it requires either a good knowledge of internet protocols and low level functionality, or a strong desire to learn such things. If most or all of your traffic routes through a single network adapter, you may never see a need to upgrade to the Professional edition, which starts at $549.00.