Brief introduction about the Endpoint view in Colasoft Capsa
It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).
In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.
According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.
Application case study
Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Capsa 6.9(figure 1):
In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):
The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization.
Next, check the TCP packets, we can check them out in Summary and Graphic as follows:
In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.
Please go to the Colasoft Official FAQ page for more “How-tos”
Loading ...
#1 by Наталья at June 11th, 2009
Хороший пост! Подчерпнул для себя много нового и интересного! Пойду ссылку другу дам в аське
#2 by mashasa at June 14th, 2009
Довольно интересно конечно. Я немогу подписаться под каждым вашим словом, но в общем соглашусь.
#3 by Лилия at June 14th, 2009
Елки, для профессионалов статья
#4 by artofx at June 20th, 2009
Уважаемый автор свяжитесь со мно пожалуйста. icq368174445
на счёт рекламы. или на мыло artofey(гавв)mail.ru
#5 by holly.brooking@gmail.com at June 21st, 2009
Your blog is so informative … keep up the good work!!!!
#6 by migraine solution at September 18th, 2009
Nice content indeed! i will visit as often as i can.
cheers
#7 by pinksheet news at September 20th, 2009
Please, can you PM me and tell me few more thinks about this, I am really fan of your blog…