Colasoft Blog

As the big holiday Thanksgiving is coming very soon, Colasoft are wishing all of our customers and software users a great Thanksgiving! It’s time to sharing and spreading happiness, to celebrate this great holiday, we are preparing a big sale to offer you the most cost-effective software. It is coming very soon and up to 40% discount for both Capsa network analyzer and Colasoft nChronos will be available.

Free trail of Capsa network analyzer and nChronos is available for download at our website www.colasoft.com.

We are very excited to release the availability of Capsa Network Analyzer7.5. Except for the enhanced user interface, the biggest highlight of Capsa Network Analyzer7.5 is TCP flow analysis which makes it easier for network administrators to analyze application performance and pinpoint critical performance issues.

Capsa Network Analyzer 7.5 presents a comprehensive high-level overview of application health on your network. From TCP transaction analysis, you can easily access to more detailed information, including TCP server/client response time, delay, retransmissions, and further down to the server flow to observe the actual media content of the flow. “This unparalleled level of control and visibility speeds time to resolve application problems and minimize overall network downtime,” said Ocean Yu, Vice President at Colasoft.

In addition to MSN and Yahoo Messenger monitor, Capsa Network Analyzer 7.5 added ICQ monitor to meet the market demands. ICQ logs can be easily found at the log tab where detailed information is vividly displayed. Moreover, RADIUS protocol is supported as a new member in the more than 300 protocol analysis family.

Top Highlights of Capsa Network Analyzer 7.5:

1. Powerful TCP flow analysis for application performance optimization
2. Add ICQ monitor to analyze and log ICQ activities
3. Support RADIUS protocol analysis
4. Intuitive TCP transaction sequence diagram
5. Enhanced user interface & performance

Capsa 7.5 runs under Windows XP/2003/2008/Vista/7. A trial version is available for download.

We are very pleased to announce that Colasoft Capsa network analyzer has been upgraded to version 7.4, with great new features and enhanced interface and user experience.

Colasoft Capsa 7.4 is now capable of monitoring, troubleshooting and analyzing 802.11 a/b/g/n wireless networks, which make Capsa not only an Ethernet network analyzer, but a packet sniffer for both wired and wireless networks. Besides that, Capsa interface and user experience has been highly enhanced, too. We have made many changes and improvements like optimize start page layout, network profile settings, and so on.

Key Features of Colasoft Capsa 7.4:

Enterprise-class capabilities including NOC level visibility
Network Monitoring and Application Performance Monitoring
24*7 Continuous Network Traffic Capturing
Expert Analytics in Real-time and Post-capture
Extended Security Analysis
Traffic Statistics & Bandwidth Utilization
In-depth Packet Decoding and Ability to Drill Down for Network & Security Forensics

Colasoft Capsa 7.4 now has full different editions to meet different demands: enterprise edition, professional edition, WiFi edition and free edition. Free trails are all available at www.colasoft.com.

We are so proud to announces the release of Capsa Network Analyzer 7.3.1. A brand-new analysis profile-Security Analysis Profile is added as well as more powerful Reporting Capabilities to enhance user experience.

The newly-designed Security Analysis Profile makes it more convenient and easier for users to find out potential security events with six new customer-requested Views. With Capsa 7.3.1, users can not only choose to open and close specific View, but also set up the sequences of Views to display. Report Logo Preview is available in this version which highly enhances Capsa’s reporting capabilities.

Roy Luo, CEO of Colasoft, states, “This new version addresses users’ requirement of security events analysis and also demonstrate our responsiveness. We only display security-related information in Diagnosis and Matrix Views before, this time we add six Views to broaden the scope of Capsa and provide better analysis experience. We’ll spare no efforts to provide extended capabilities to Capsa.”

New features of Capsa network analyzer 7.3.1:

Unique security analysis profile, analyzing DoS attack, ARP attack, and worm activities, etc
Flexible tab management panel of the main view
Data Storage option on the Start Page for packet and log save settings
Add Report Logo preview in Report Settings

New Views in Security Analysis Profiles:

ARP Attack: detects ARP attack activities and provides source MAC addresses
Worms: detects suspicious worm activities and provides details including source IP addresses
Dos Attacks: detects devices joining in a DoS attack to attack a remote site, and provides details on the devices
Dos Attacked: detects the devices under a DoS attack and provides details on targeted devices to cut off the attack
TCP Port Scan: detects suspicious TCP port scanning activities and details including attacker addresses
Suspicious Conversation: detects suspicious conversations of HTTP, FTP, SMTP and POP3, and provides details to figure out the problem

Capsa 7.3.1 runs under Windows XP/2003/Vista/7. A trial version is available for download at the company’s website: http://www.colasoft.com/

There comes the moment when the local network becomes very slow and they are suspicious of downloading in their network. To ensure the normal use of bandwidth, they need to find out who’s downloading in the network quickly and stop them to make sure everyone can work with efficiency. But many just don’t know how where to get started.

With Capsa Network Analyzer, you can find out the downloading computers within five minutes. Capsa captures all the traffics in the network, going-in and coming-out, and analyzes them to provide you enough statistics of the traffic. To find out who is downloading, we always start from looking into traffic volume of each machine.
Why should we start from traffic volume? That’s because when the downloading is digesting your bandwidth greedily, they will always generate greater traffic volume, not packets but bytes number.

Step1. Run Capsa, using Full Analysis with no filter, and capture traffic for three minutes.
Step2. Highlight IP Explorer -> Local Subnet in Node Explorer window.

Step3. Open the IP Endpoint tab in the Main View.Click Bytes column header to rearrange the list in DESC order.

The IP addresses with the longest bars on the top of the list are the suspects. But we need to eliminate the ones we trust. Then, we locate the machines with their IP addresses and warn them to stop downloading right away. It takes no more than five minutes and really it’s simple, right?

This article focuses on normal downloading, while there is another kind of downloading, Bit Torrent, out there. If you are interested about finding out Bit Torrent downloading in your network, please refer to here.

by David M Williams
July 26, 2010

If you run any type of network infrastructure there will come a time you need a low-level packet sniffer to work out just what is going on. Colasoft’s Capsa product challenges the myth these tools must be hard to use.

Have you ever had users ask why is the network so slow? Chances are high any IT professional will have looked into network related faults but found it difficult to get a handle on just what is going on because Ethernet is so, well, ethereal.

Here is where a network analyzer comes in handy. It will sniff the raw packets of data flying about as they happen and give you meaningful information to make intelligent determinations.

Previously I have talked about the tremendous open source product WireShark but WireShark isn’t for everyone. For one, the Windows port requires GTK+ and Glib to be installed which some Windows administrators aren’t keen to do. For another, although it is less arcane and cryptic than a command-line tool like tcpdump it’s still not user-friendly enough for many.

Here is where Colasoft’s Capsa product comes in. As you might guess, it is a deep low-level network protocol analyzer and its purpose is to give you the low-down on just what is happening on your network.

Where it stands out from the competition is its brilliant ease of use. Capsa adopts the same ribbon style interface as seen in Microsoft Office 2007 and it is a snap to navigate between tabs and check out the options and power available.

When it comes to network analysis so much is going on that it’s a must to separate out the chatter from the data that matters. Capsa makes it a cinch to hone in on what you want with easy to use filters and rules.

Capsa also has a concept of projects, meaning you can set global filters and rules to always apply but also make specific filters and rules for individual projects, letting you switch between these as needed.

Capsa displays intuitive options and is a genuine pleasure to use. I do not believe I’ve seen a more straightforward or elegant network analysis tool with the majority requiring expert knowledge to get any meaningful results.

Capsa is a commercial product so it does carry a price tag beginning at $US 549 for one license without maintenance but if your job requires you to troubleshoot network faults then the software will pay for itself.
As well as the commercial support Colasoft provide an extensive and helpful FAQ. A free trail of Capsa is avaliable here.

In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers. An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash. This article aims to teach you how to detect an email worm with Capsa network analyzer 7.

About Capsa 7

Capsa 7 is the flagship product of Colasoft. It is based on the second-generation Colasoft Packet Analysis Engine (CSPAE), which substantially improved the data processing speed and guaranteed the analysis performance in large traffic networks. Some unique features and ideas are introduced to Capsa 7, like Network Profile, this function allows user to set and save network profiles for different environments (departments, clients), making their analysis more customized, accurate and efficient. Another prominent feature is Analysis Profile which provides flexible, extensible and effective analysis performance based on user’s analysis objectives.

Step 1 of detecting an email worm with Capsa network analyzer 7: Diagnosis tab

In the Diagnosis tab we can see all the network issues automatically detected by Capsa network analyzer 7 , also some causes and solutions are suggested.

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:


Step 2 of detecting an email worm with Capsa network analyzer 7: Locate the source IP

Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the Node Explorer window with the Locate shortcut in the right-click menu.

Step 3 of detecting an email worm with Capsa network analyzer 7: Log tab

Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the tab like this:

No doubt the final step is to isolate the host and kill the email worm with some AV software.So, I’m sure you already got how to detect an email worm with Capsa network analyzer 7. A free trail of Capsa network analyzer 7 is avaliable at http://www.colasoft.com/.

ARP attacks also known as ARP spoofing is a technique used to attack an Ethernet wired or wireless network. It is becoming increasingly popular among internet raggers because of its simpleness, fastness, and effectiveness, thus causing severe influence to the internet environment. As more and more people trust windows 7, it is very important to find a network analyzer that supports windows 7. Capsa network analyzer is such a great software that supports windows 7. The purpose of this article is to teach you how to detect ARP attacks in windows 7 with Capsa network analyzer.

The main point of ARP attacks detection is to locate the source of the attack when there is any ARP attack happens to our network. Capsa network analyzer can do it quickly and accurately. First of all, you need to download Capsa network analyzer at its official site and install it correctly. Now let’s see how we can achieve that.

Solution 1 to detect ARP attacks: Diagnosis Tab

The Diagnosis tab is the most direct and effective place we check the location of ARP attack, and should be our first choice.

Solution 2 to detect ARP attacks: Protocol Tab

As shown in the following figure, the status of ARP packets are displayed in the Protocol tab, Here we must pay special attention to the value of ARP Request and ARP Response. The ratio of ARP Request and ARP Request should be approximately 1:1 under general condition. If there is a great difference between these two values, there may be ARP attacks in the network.

Solution 3 to detect ARP attacks: Packet Tab

Packet decoding information in the Packet tab can tell us the original information of ARP packets, by decoding ARP packets, we can find out the source and destination of the ARP packets, the function and the reality of these ARP packets.

Solution 4 to detect ARP attacks: Physical Endpoint Tab

In the Physical Endpoints tab we can view the correlation of MAC address and IP address. Generally speaking, one MAC address shall have only one IP address corresponding to it. If one MAC address has multiple IP addresses to it, the condition may be:

1.the host with the MAC address is the gateway;
2.these IP addresses are bound to the MAC address manually;
3.ARP attack

Soluton 5 to detect ARP attacks: Matrix Tab

The Matrix tab allows us to see communication information between those hosts in the network, which helps us to fast identify abnormal conditions and locate the attack source.

From the above 5 solutions on how to detect ARP attack in windows 7 with Capsa network analyzer, it will greatly enhance network administrators’ capability to identify ARP attacks and protect the network from ARP attacks, so as to ensure normal network operation.

Network traffic is data in a network. In computer networks, the data is encapsulated in packets. So network traffic monitoring is to capture all the packets going down the network. Sometimes, it will be very useful to check your network activity. When Windows 7 network is very slow, internet browsing is very slow, connection problems and high network activity occurs when you do nothing, you will find this really helpful. The purpose of this article is to help you understand how to monitor network traffic in windows 7 with Capsa network analyzer.

About Capsa Network Analyzer

Capsa is an easy-to-use Ethernet packet sniffer (network analyzer or network sniffer) for network traffic monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, reliable network forensics, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving you insights into all of your network’s operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.

Solution 1. Monitor network traffic in the Dashboard tab of Capsa network analyzer

If we want to have a graphical view of the statistics or get a trend chart of the network traffic, then we can use the graphs in the Dashboard tab. It provides a great many of statistic graphs from global network to a specific node. You are able to as well create almost any kind of graph based on any MAC address, IP address and protocol, etc. With these graphs, you can easily find out anomalies of the network and get useful statistics.

Solution 2. Monitor network traffic in the Summary tab of Capsa network analyzer

The Summary tab provides general information of the entire network or the selected node in the Node Explorer window. In the Summary tab we can get a quick view of the total traffic, real-time traffic, broadcast traffic, multicast traffic and so on. When we switch among the node in the Node Explorer window, corresponding traffic information will be provided.

Solution 3. Monitor network traffic in the Physical Endpoint and IP Endpoint tabs of Capsa network analyzer

In these two endpoint tabs (Physical Endpoint and IP Endpoint), we can monitor network traffic information of each physical address node and IP address node, both local and remote. With their easy sorting feature we can easily find out the nodes with abnormal traffic, such as which hosts are generating or have generated the largest traffic.

Solution 4. Monitor network traffic in the Protocol tab of Capsa network analyzer

The Protocol tab lists all protocols applied in your network transmission. In the Protocol tab we can monitor network traffic by each protocol. By analyzing the protocols in the network traffic, we can easily understand what applications are consuming the network bandwidth, for example, the HTTP stands for website browsing, and the POP3 stands for email, etc.

Solution 5. Monitor network traffic in the Matrix tab of Capsa network analyzer

The Matrix tab visualizes all network connections and traffic details in one single graph. The weight of the lines between the nodes indicates the traffic volume and the color indicates the status. As we move the cursor on a specific node, network traffic details of the node will be provided.

These are the very basic methods of monitoring network traffic in windows 7 with Capsa network analyzer, there are lot of advanced functions available on Capsa Network Analyzer 7 .

Share your experience with this tool and any new findings on this is welcomed.

Author: Chris Partsenidis
July 3, 2010

Introduction

A Network Analyser is without doubt an Engineer’s best friend.
Using network analysing software, we are able to monitor our network and dig into the various protocols to see what’s happening in real time. This can help us understand much better the theoretical knowledge we’ve obtained throughout the years but, most importantly, help us identify, troubleshoot and fix network issues that we wouldn’t be able to do otherwise.
A quick search on the Internet will surely reveal many network analysers available making it very confusing to select one. Some network analysers provide basic functions, such as packet sniffing, making them ideal for simple tasks while others give you all the necessary tools and functions to ensure your job is done the best possible way.
Colasoft’s network analyser is a product that falls in the second category. We had the chance to test drive the Colasoft Network Analyser v7.2.1 which is the latest available version at the time of writing.
Having used previous versions of Colasoft’s network analyser, this latest version we tested left us impressed and does, in fact, promise a lot no matter what the environment demands.

Colasoft’s Capsa network analyser is available as a demo version directly from their website www.colasoft.com. We quickly downloaded the 21.8mb file and began the installation which was a breeze. Being small and compact meant the whole process didn’t take more than 30-40 seconds.
We fired up the software, entered our registration details, activated our software and up came the first screen which shows a completely different philosophy to what we have been used to:

The Software
Before you even start capturing packets and analysing your network, you’re greeted with a first screen that allows you to select the network adaptor to be used for the session, while allowing you to choose from a number of preset profiles regarding your network bandwidth (1000, 100, 10 or 2 Mbps).
Next, you can select the type of analysis you need to run for this session ranging from Full analysis, Traffic Monitoring, Security analysis to HTTP, Email, DNS and FTP analysis. The concept of pre-configuring your packet capturing session is revolutionary and very impressive. Once the analysis profile is selected, the appropriate plug-in modules are automatically loaded to provide all necessary information.
For our review, we selected the ‘100Mb Network’ profile and ‘Full Analysis’ profile, providing access to all plug-in modules, which include ARP/RARP, DNS, Email, FTP, HTTP and ICMPv4 – more than enough to get any job done!
Optionally, you can use the ‘Packet Filter Settings’ section to apply filters to the packets that will be captured:

The full review at http://www.firewall.cx/reviews-colasoft-v721.php