Colasoft Blog

We are very glad to share with you that Capsa for WiFi, a professional and powerful wireless network analyzer is coming very soon. Not for long, it will officially be the new member of Colasoft Capsa network analyzer family.

Stay close:-)

During the process of analyzing a network problem with a network analyzer tool or a protocol sniffer, especially when we find a suspicious worm or backdoor activity, we get only useful information like MAC addresses, IP addresses and also the port number in transport layer. The analyzer may not even know which application layer protocol is used, even it tells, we still need to figure out which application or process is using this application layer protocol. Is there any method that we can find out the original application or process using that TCP or UDP port? If you are conducting an on-site analysis, Capsa can easily help find out which process is using what port.
Let’s see how.

Find out Port Number

For example, I spot in Capsa Free the following TCP connection suspicious, which constantly communicates to IP: xx.xx.0.183, on port 8000. So I’m going to look up the process name using this port.

Find Process ID (PID)

At once I evoke Command Prompt, and entered the following string and hit enter.

netstat –aon | findstr :8000

Explanation:

-a: list all active connections and their ports. –o: show process IDs. –n: display the port numbers numerically.

| findstr :8000: display only the items with string :8000 (findstr means find string). Don’t forget the pipe symbol | at the beginning.

Let’s see what we get.

We can read in this case 3968 is the PID, and the source IP address and the target address is the same as the first figure.

Find Process/Application

Next we’ll switch to another tool Process Explorer (a free tool that you can get from: http://technet.microsoft.com/en-us/sysinternals/bb896653) immediately. And we can easily find out the process or application of this PID: 3968.

I’m sure it’s an instant messenger used internal in my office and it’s safe. You can also try to find this PID in Windows Task Manager if you don’t have Process Explorer installed.

However task Manager will not provide as much information as Process Explorer. And command prompt is quite handy for geeks.

tasklist | findstr 3968

This command will list only the task items with string 3968. Please refer to previous command if you not sure about | findstr parameter.

Kill Process/Application

So next, you may want to kill a process when you find it’s malicious and want to end it at once? If you are with Process Explorer, you just right-click on a process item and choose Kill Process (Press Del button for short) to kill that process (you can do the same in Task Manager). Again, you may run the following in Command Prompt:

taskkill /F /PID 3968

Explanation:

/F means force to kill the process. And I suppose you understand PID so far.

Now we successfully detect and target the suspicious process with the specific port number, no matter UDP or TCP. And of course this procedure is reversible, you can find out the port number from the process’s PID.

It’s always a challenge for IT departments to anticipate how corporate technical demands will evolve, especially when IT budgets have been as tight as a drum for two years.

How do you “do more with less” and prepare for an explosion in bandwidth demand, a need to upgrade both software and hardware, and employees asking that work data be available on their personal smartphones?
The post-recession enterprise IT environment is only going to get more chaotic, but opportunities abound for the savvy IT manager, according to a new report from Technisource, a technology staffing and services company with clients ranging from the mid-market to global Fortune 500 companies.

The pressure to have “efficient operations and visibility into every aspect of the organization despite strict budget constraints has been the genesis of strategic trends that are re-shaping IT priorities, whether you are supporting an online retail portal, a university, or a high-tech manufacturing operation,” writes report authors Andrew Speer, Chad Holmes and Dick Mitchell.

Here are four trends Technisource says will play a key role in defining your organization’s priorities for the next year or more.

1. You’re Gonna Need More Bandwidth

It’s almost a guarantee that organizations of all sizes will increase bandwidth in 2011 and 2012 to support growing multimedia within the corporate network. The main technologies driving this need are video conferencing and tele-presence, VoIP and distributed storage networks.

The smart IT manager will stay ahead of the bandwidth curve by assessing WAN and LAN environments frequently and looking for ways to save money.
“Regularly review WAN options, with special emphasis on emerging access technologies that offer better deals on bandwidth and flexible provisioning plans,” the Technisource report states.

“On the LAN side, pay attention to your cabling plant as well as your switch and router fleet to ensure that there are no hidden bottlenecks to impede the inevitable upgrades you’ll be making.”

2. Prepare for More Mobility and User-Owned Devices

Mobile business apps are no longer a luxury, but a necessity at every level of the organization. Advances in Wi-Fi and other wireless technologies can put much of the corporate network in a worker’s pocket. Handheld devices are now commonly used to access corporate e-mail and sales reports, and track supply chain inventory in real time.

Looking ahead, Technisource predicts companies will establish their own internal “apps stores” that give employees password-protected access to software tools and other corporate resources.

IT departments should also prepare to use mobility asset management software to remotely configure and upgrade mobile apps and secure lost or stolen mobile devices by remotely wiping them clean of sensitive data. Finally, network and security admins must prepare for the inevitable: corporate users requesting to use their personal iPhones, Droids and other consumer-friendly smartphones for work purposes.

3. Ascending to the Cloud, One Careful Step at a Time

Companies are slowly but surely moving to some sort of cloud computing model. According to Gartner Group research, 8% of U.S. corporations had implemented a cloud service at the end of 2010, and Gartner expects that number to jump to over 50% by the end of 2012.

A cloud model offers obvious benefits: cheaper pay-as-you-go delivery methods, less operational complexity and fewer, if any, servers to manage.
But a cloud migration is complex, particularly at the enterprise level where data security is paramount.

“You’ll need to develop heightened level of data security for the cloud computing environment, where some, or all, of your critical data resides outside the traditional corporate firewall,” the Technisource report states, adding that cloud-based apps are also not as flexible, providing users with only a simplified menu of configuration and control options.

“Expect some snags when integrating several applications from different vendors into the seamless cloud platform of your dreams,” the report states.
As for return on investment guidance: Technisource writes that initial cloud ROI gain is in the first two years due to a decrease in infrastructure costs, but fee structures should be reviewed in the third year to make sure you’re getting the best deal.

4. The Windows 7 Upgrade Catch-Up

For most businesses, the Great Recession put a hold on any non-essential technology upgrades. But the standard four-year refresh cycles are timing out and hardware and software are getting long in the tooth, to the point where user productivity is sapped and security is at risk.

While users with old PCs obviously need newer and faster hardware, the main driver for upgrades in 2011 is to migrate from Windows XP to Windows 7-capable PCs.
“In 2009 only 7% of businesses had adopted Windows 7, or planned to do so over the next 12 months,” the Technisource report states, “but this has skyrocketed to 46 % in 2010.”

But migrating a large installed base of Windows XP machines to Windows 7 is an IT resource drain and a complicated process that includes re-loading user data, applications, drivers, preferences and settings.

By Shane O’Neill from arnnet.com.au

Dear customers,

Capsa Testing Group, dedicated to advancing the understanding and practice of Capsa software testing, is now established and waiting for your participation!

Join us in the effort to develop a better Capsa for WiFi by enrolling to Capsa Testing Group. You will not only have the chance to make a difference and get your needs implemented into the product, but also win an ipad and free license.

Join Capsa Testing Group now!

By ZhaoRui Meng — CCIE Security

Wireless technology is one of the most fast-growing network technologies. It has been spreading rapidly around the company, campus, public area etc. Unfortunately, many implementations are being done without attention to issues of security and authentication. As a result, many wireless networks are set up so that anyone with mobile equipment can access, even from outside the building. Anyone with the proper equipment can also spy on traffic. The problem with WLAN users is that very few understand how their data is sent through the air, much less comprehend the associated risks.

Recently a study discovered that 40 – 50% of the wireless users aren’t implementing any form of protection. Some wireless networks are encrypted with WEP key, which is significantly less secure than WPA. To prove my point, I randomly scanned wireless networks around my office building and found out 7 WLANs were encrypted by WEP keys, one network unencrypted among 15 SSID received. It takes no more than 10 minutes to crack a WEP password by BT3. WPA has helped to increase the security available to wireless network. But a good dictionary may brute forcing a WPA password when the pre-defined key is weak.

Due to the broadcasting nature of radio propagation at typical Wi-Fi frequencies, anyone on the street or in the neighborhood will have chance to access to it. A whole subculture has sprung up of people going around, scanning for open wireless nodes, and publicizing them to people who want free wireless access. Capsa for WiFi helps network administrators manage access control by monitoring access IP addresses and security. Capsa for WiFi can detect all access IP addresses as well as peer hosts activities, to monitor network activities and identify network penetration and scanning anomalies. More specifically, any wireless engineers can use Capsa for WiFi to lock down network intruders, monitor clients’ online activities, and spot malware like worms, ARP attacks, Trojan horses etc. To deploy Capsa for WiFi is as simple as to connect your Caspa for WiFi equipped station with a common wireless card to your AP and enable traffic capturing on the fly. You can realize wireless network management without setting up port mirroring.

We are very excited to share with you that the beta version of Capsa for WiFi is now available to public download. We’re sincerely inviting you to help us test Capsa for WiFi, your valuable feedback will be highly appreciated.

Capsa for WiFi is a powerful and professional wireless network analyzer for 802.11a/b/g/n networks which is compatible with all NDIS 6.0 wireless adapters. Capsa for WiFi shares not only the friendly user interface, but also the great capacity of capturing, analyzing and reporting that Capsa network analyzer has.

Capsa for WiFi Highlights:

 Support 802.11a/b/g/n
 Auto identify and decode with pre-entered WEP/WPA/WPA2 key
 Compatible with all NDIS 6.0 wireless network adapters
 Auto -scan all access points in the air
 Capture all wireless network packets from one or more APs and keep APs records
 Log DNS, Emails (SMPT POP3), FTP, HTTP & IM messages (MSN & Yahoo Messenger)
 Provide customizable analysis profile and 40 expert diagnosed network problems
 Provide powerful and customizable Reports
 Analyze post-events by replaying packet files

Download Capsa for WiFi beta here.

Dear customers, Colasoft Capsa Thanksgiving Big Sale already begun, we promise you can purchase Capsa Network Analyzer at the most favorable price which save you a huge amount of money. Don’t miss this unique opportunity. Just get your coupon now.

50% off for 3 and 5 Seats License.
40% off for 2 Seats License.
30% off for Single Seat License.
20% off for Renewal.

Dear customers, with the big holliday-Thanksgiving’s coming very soon, Colasoft are wishing you a great thanksgiving with Capsa Big Sale. We will provide up to 50% off for our flagship product-Colasoft Capsa Enterprise, you can purchase Capsa at the most favorable price on our Big Sale. Please stay close.

Colasoft just released a major upgrade of Capsa Network Analyzer a few days ago and we notice that the Security Analysis Profile is the most important new feature in Capsa 7.3 which helps users to locate and troubleshoot network issues and attacks like ARP attack, DoS attack and port scanning. Besides that, the feature of email auto-saving that users appreciated in previous versions had some adjustments. So, this article is aims to teach you how to save monitored email contents.

In Capsa Network Analyzer 7.3, if you need to save a copy of the monitored email to your hard disk, you should do the following:

Step 1. Enable Log Output

a. Go to the Start Page and click the Set Data Storage link on the right panel.
b. You see the Data Storage Options dialog box, highlight the Log Output tab and then check the Save log to disk checkbox.
c. Finish the settings of choosing file folder and setting up the rules to save logs in different files.

Step 2. Enable Email Copy

a. Double-click the analysis profile you want to use and enable the Email analysis module. Probably you’ll use Full Analysis or Email Analysis because they initially enabled the Email analysis module. This step is very important and if you don’t enable Email analysis module, Capsa will not analyze and capture any email.
b. Click Next and click Log Settings. You will focus on the Output Settings and make sure the Email Copy item is checked.

Set up as the instructions above, Capsa will save all captured inbound and outbound email contents to your hard disk. Why did you make these adjustments, you may ask? This is because users of the earlier versions might be toggled among different analysis profiles and they often forget to enable log output on different profiles. That means in previous versions, every analysis profile has a switch of email auto-saving. Therefore this time we can see the switch is made globally. Once you enabled log output, the logs will be saved to your hard disk no matter which analysis profile you choose.

It’s also notable that this time Capsa is able to output logs in multiple files as the rules you set. For example, you can set to save logs to a separate file every 10 minutes. It makes it easy for you to find useful logs in time-split small files rather than in a big log file.

I’m sure you already know how to save emails with Capsa 7.3 after reading through this article.

We are so proud to announces the release of Capsa Network Analyzer 7.3.1. A brand-new analysis profile-Security Analysis Profile is added as well as more powerful Reporting Capabilities to enhance user experience.

The newly-designed Security Analysis Profile makes it more convenient and easier for users to find out potential security events with six new customer-requested Views. With Capsa 7.3.1, users can not only choose to open and close specific View, but also set up the sequences of Views to display. Report Logo Preview is available in this version which highly enhances Capsa’s reporting capabilities.

Roy Luo, CEO of Colasoft, states, “This new version addresses users’ requirement of security events analysis and also demonstrate our responsiveness. We only display security-related information in Diagnosis and Matrix Views before, this time we add six Views to broaden the scope of Capsa and provide better analysis experience. We’ll spare no efforts to provide extended capabilities to Capsa.”

New features of Capsa network analyzer 7.3.1:

Unique security analysis profile, analyzing DoS attack, ARP attack, and worm activities, etc
Flexible tab management panel of the main view
Data Storage option on the Start Page for packet and log save settings
Add Report Logo preview in Report Settings

New Views in Security Analysis Profiles:

ARP Attack: detects ARP attack activities and provides source MAC addresses
Worms: detects suspicious worm activities and provides details including source IP addresses
Dos Attacks: detects devices joining in a DoS attack to attack a remote site, and provides details on the devices
Dos Attacked: detects the devices under a DoS attack and provides details on targeted devices to cut off the attack
TCP Port Scan: detects suspicious TCP port scanning activities and details including attacker addresses
Suspicious Conversation: detects suspicious conversations of HTTP, FTP, SMTP and POP3, and provides details to figure out the problem

Capsa 7.3.1 runs under Windows XP/2003/Vista/7. A trial version is available for download at the company’s website: http://www.colasoft.com/