Home > Tips & How-tos > How to detect the network malfunction via the end-point view with Colasoft Capsa

How to detect the network malfunction via the end-point view with Colasoft Capsa

June 11th, 2009 Willis Huang Leave a comment Go to comments

Brief introduction about the Endpoint view in Colasoft Capsa
It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).

In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.

According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.

Application case study
Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Capsa 6.9(figure 1):

endpoint_view_1

In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):

The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization.

endpoint_view_2

Next, check the TCP packets, we can check them out in Summary and Graphic as follows:

endpoint_view_31

endpoint_view_4

In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.

Please go to the Colasoft Official FAQ page for more “How-tos”

Categories: Tips & How-tos Tags: , , ,
  1. Наталья
    June 11th, 2009 at 09:24 | #1
    Reply | Quote

    Хороший пост! Подчерпнул для себя много нового и интересного! Пойду ссылку другу дам в аське :)

  2. mashasa
    June 14th, 2009 at 10:11 | #2
    Reply | Quote

    Довольно интересно конечно. Я немогу подписаться под каждым вашим словом, но в общем соглашусь.

  3. Лилия
    June 14th, 2009 at 16:03 | #3
    Reply | Quote

    Елки, для профессионалов статья

  4. artofx
    June 20th, 2009 at 05:40 | #4
    Reply | Quote

    Уважаемый автор свяжитесь со мно пожалуйста. icq368174445
    на счёт рекламы. или на мыло artofey(гавв)mail.ru

  5. holly.brooking@gmail.com
    June 21st, 2009 at 09:46 | #5
    Reply | Quote

    Your blog is so informative … keep up the good work!!!!

  6. migraine solution
    September 18th, 2009 at 20:42 | #6
    Reply | Quote

    Nice content indeed! i will visit as often as i can.

    cheers

  7. pinksheet news
    September 20th, 2009 at 16:19 | #7
    Reply | Quote

    Please, can you PM me and tell me few more thinks about this, I am really fan of your blog…

  1. No trackbacks yet.