Archive

Posts Tagged ‘Capsa network analyzer’

How to Detect Routing Loops and Physical Loops with a Network Analyzer

July 28th, 2015 No comments

When working with medium to large scale networks, IT departments are often faced dealing with network loops and broadcast storms that are caused by user error, faulty network devices or incorrect configuration of network equipment.  Network loops and broadcast storms are capable of causing major network disruptions and therefore must be dealt with very quickly.

There are two kinds of network loops and these are routing loops and physical loops.

Routing loops are caused by the incorrect configuration of routing protocols where data packets sent between hosts of different networks, are caught in an endless loop travelling between network routers with incorrect route entries.

A Physical loop is caused by a loop link between devices. A common example is two switches with two active Ethernet links between them. Broadcast packets exiting the links on one switch are replicated and sent back from the other switch. This is also known as a broadcast storm.

Both type of loops are capable of causing major network outages, waste of valuable bandwidth and can disrupt network communications.

We will show you how to detect routing loop and physical loop with a network analyzer such as Colasoft Capsa or Wireshark.

We’ve selected Colasoft Capsa 8.0 as our preferred packet analyzer because of its new feature that allows the quick diagnosis of routing loops and physical loops.

If there are routing loops or physical loops in the network, Capsa will immediately report them in the Diagnosis tab as shown below. This makes troubleshooting easier for network managers and administrators:

how-to-detect-routing-and-physical-loops-using-a-network-analyzer-01

Figure 1. Capsa quickly detects and displays Routings and Physical Loops

Further examination of Capsa’s findings is possible by simply clicking on each detected problem. This allows us to further check the characteristics of the related packets and then decide what action must be taken to rectify the problem.

DRILLING INTO OUR CAPTURED INFORMATION

Let’s take a routing loop for example. First, find out the related conversation using Filter (red arrow) in the MAC Conversation tab. MAC addresses can be obtained easily from the notices given in the Diagnosis tab:

how-to-detect-routing-and-physical-loops-using-a-network-analyzer-02

Figure 2. Obtaining more information on a Routing Loop problem

Next, Double-click the conversation to load all related packets and additional information. Click on Identifier, to view the values of all packets under the Decode column, which in our case are all the same, This effectively means that the packets captured in our example is the same packet which is continuously transiting our network because its caused in a loop.  For example, Router-A might be sending it to Router-B, which in turn sends it back to Router-A.

how-to-detect-routing-and-physical-loops-using-a-network-analyzer-03

Figure 3. Decoding packets caught in a routing loop

Now click on the Time To Live section below, and you’ll see the Decode value reduces gradually. It is because that TTL value will decreased by 1 after transiting a routing device. When TTL reaches the value of 1, the packet will be discarded, to help avoid ICMP packets travelling indefinitely in case of a routing loop in the network. More information on the ICMP protocol can be found in our ICMP Protocol page:

how-to-detect-routing-and-physical-loops-using-a-network-analyzer-04

Figure 4. Routing loop causing ICMP TTL to decrease

The method used to analyze physical loops is almost identical, but the TTL values of all looped packets remain the same, instead of decreasing as we previously saw. Because the packet is trapped in our local network, it doesn’t traverse a router, therefore the TTL does not change.

Below we see a DNS Query packet that is trapped in a network loop:

how-to-detect-routing-and-physical-loops-using-a-network-analyzer-05

Figure 5. Discovering Network loops and why their TTL values do not decrease

Advanced network analyzers such as Colasoft’s Capsa allows us to quickly detect serious network problems that can cause network outages, packet loss, packet flooding and more. If you’re a network administrator, engineer or IT manager, we strongly suggest you try out Capsa v8 today and discover how easy you can discover and deal with network problems.

View more:http://www.firewall.cx/networking-topics/general-networking/1102-how-to-detect-routing-and-physical-loops-using-a-network-analyzer.html

Review: Colasoft Capsa Network Analyzer Enterprise Edition 7.8 – software.informer.com

October 15th, 2014 No comments

Colasoft Capsa Enterprise is a network management solution aimed at small and medium-sized businesses and network administrators. This network traffic analyzer lets users monitor, detect, and troubleshoot network issues in a fast and simple manner. Among the powerful features this edition of Capsa includes is the ability to monitor both Ethernet and wireless networks.

As a comprehensive network sniffer, Capsa Enterprise is able to perform different types of analysis and tests over one or multiple wired and wireless connections (like 802.11a/b/g/n). It lets you run analysis of specific aspects of your network or a full Test providing an exhaustive level of detail. Capsa is able to perform packet capture in real time, monitor traffic, run security analysis to detect potential security risks, map the traffic and MAC, IP addresses of every host on the network, as well analyse different protocols like HTTP, FTP, and DNS, and applications like IM, Email (POP3, IMAP4, SMTP), and VoIP, letting you log and save data to disk. These complex tasks are carried out in a fast and simple way, with literally a few clicks.

Besides its straightforward interface, it is worth highlighting the way Capsa displays the data obtained by means of graphs, charts, and statistics that are easy to read and interpret, letting users detect and address potential issues in the most effective way. With the analysis results ordered in tabs and the several filters available it is easy to find the information you want to focus on. The Dashboard is the first section you will see once the analysis is on; and there are several view modes to choose from, including the possibility of adding or removing panels. Another tab that deserves particular mention is the Matrix tab, which maps network traffic between network nodes in a graph.

Other tools available in the pack include Packet Player, Packet Builder, Ping, and MAC Scanner, the possibility of scheduling tasks and adding alarms.

To sum up, Colasoft Capsa Enterprise is a tool that combines powerful features with in-depth analysis and statistics, essential for network adminitrators and engineers. This network sniffer has a cost of $995 and the free demo version is fully functional for 15 days.

Pros

  • Comprehensive network analyzer with powerful features.
  • In-depth network analysis.
  • Data is displayed in easy-to-read graphs.
  • User-friendly.

Cons

  • None.
Download Capsa
 
       from:  http://colasoft-capsa-enterprise.software.informer.com/

What’ s new in Capsa 7.8

August 28th, 2014 No comments

What’ s new in Capsa 7.8

 VoIP Analysis

Capsa 7.8 provides a VoIP analysis module to capture and analyze VoIP calls and graphically display VoIP analysis results, which helps IT staff baseline and troubleshoot VoIP-based networks.

A VoIP view is provided to list all VoIP calls as well as their related statistics and has a lower pane for analyzing voice and video control flows and media flows as well as their jitter, loss, MOS, etc., to visualize analysis data and assess voice and video quality.

Download Capsa

A VoIP Explorer groups private and public IP addresses for VoIP calls.

Furthermore, there are VoIP diagnosis events and VoIP logs. A VoIP dashboard contains the VoIP analysis charts graphically.

Together with VoIP Explorer and VoIP diagnosis, the VoIP view helps users visualize analysis data and assess voice and video quality, to thereby assist you troubleshooting VoIP networks, software and hardware.

Top Domain Name Statistics

Earlier versions of Capsa provide a Name Table feature to help network administrators conveniently manage staff’s network activities by displaying the IP address as names instead of figures. Capsa 7.8 here now provides a top domain feature which shows top visited Internet IP addresses as domain names. We know that one domain name may be resolved to be multiple IP addresses, and Capsa can identify all these IP addresses as one domain name if they are actually directed to that domain, and graphically display the top resolved domain names:

Port – Based Statistics

A Port view is provided to present traffic statistics based on TCP/UDP port numbers. This feature is useful when you want to analyze a specific application. The port numbers are provided with above layer protocol, packets, bytes, average packet size, and common application.

In addition, the Dashboard view provides a Port panel to graphically display top port statistics:

Learn more

Colasoft Announces Capsa Data Packet Analyzer v7.8 Release

August 20th, 2014 No comments

August 20, 2014– Colasoft, an Oklahoma company, is a leading provider of innovative, affordable, network analysis software solutions. Colasoft today announced the release of its latest Capsa Network Analyzer, version 7.8, a real-time portable network analyzer for wired and wireless network monitoring, bandwidth analysis, and intrusion detection.

In addition to Bandwidth Monitoring and Traffic Analysis, Capsa Enterprise has added full support for VoIP communication analysis. Capsa customers can now, not only monitor VoIP calls, but also drill into a vast collection of call statistics detailing their jitter, loss, and MOS. The new VoIP Explorer and VoIP Diagnostic views allow users to visualize the VoIP data as Capsa visually displays the voice and video quality, assisting users in troubleshooting VoIP networks, software and hardware.

Colasoft has also added a new detailed Port Analysis view to their Capsa Enterprise packet capture application. This new Port Analysis view is quite useful in the analysis of application management issues to determine where the problem actually originates.

In addition to VoIP, Colasoft has added a new “Top Domain Name” view of the network traffic. Colasoft users can now view the traffic utilization by Domain Name in addition to IP Address. Additionally, this new release of Capsa Enterprise has added full support of IMAP4 to the hundreds of already supported protocols. A Free Trial version is available for download at: http://www.colasoft.com/download/products/download_capsa.php

With the increasing number of companies being hacked, Colasoft has seen a dramatic increase in the interest of its Capsa and nChronos products. As noted by Brian K. Smith, Vice President at Colasoft LLC, “Capsa is the only Packet Sniffer and Packet Decoder to provide an easy to use GUI combined with CyberAttack Detection features that were previously found only in more expensive Intrusion Detection Applications. Colasoft Capsa now offers the Network Engineer one of the most robust Bandwidth and Packet Analysis tools available.”

With the release of Capsa 7.8 there is now added support for protocols like: IMAP4, SIP, SDP, MEGACO/H.248, MGCP, Q.931, SAP, H.225, RMI, Oracle, MMS, GOOSE, SMV, and GMRP. Capsa also added several new VoIP protocols. Capsa inherently analyzes VoIP issues, like voice quality QOS, dropped packets and connectivity issues.

Capsa 7.8 is compatible with Windows XP/2003/2008/Vista/Windows 7/Windows 8 and Windows Server 2012. A trial version is available for download at: http://www.colasoft.com/download/products/download_capsa.php

Source Link

Capsa How-to : Migrating Capsa Configuration Files

July 15th, 2014 No comments

Capsa Professional and Capsa Enterprise packet capture application provides the ability feature to backup configurations, including analysis profile settings and network profile settings.

Download Capsa

To migrate configuration files from a Capsa Demo version to Capsa licensed version you should:

1. On the Start Page, click the menu button, go to Configurations Backup, and click Export to save the configurations as a file:

2. Uninstall the Capsa Demo version and install the Capsa licensed version.

3. From the new Capsa licensed version go to the Start Page, click the menu button, select Configurations Backup, finally click Import to import the saved file in step 1.

4. After the import, Capsa will restart automatically. Your configuration data is now migrated.

Download Capsa

From: colasoft.com

How to Monitor Network Packet Loss

June 10th, 2014 No comments

When data is transmitting over computer network, one or more packets may fail to reach their destinations, and this is packet loss.

Packet loss can be caused by multiple factors including network congestion, the performance or policy of networking devices, and networking hardware faults.

Download Capsa

To test the packet loss rate, you can use Colasoft Ping Tool:

To monitor network packet loss to thereby monitor the quality of the network, you can use Colasoft Capsa.

There is a Diagnosis view on Capsa.

  1. If you have a diagnosis event of TCP Retransmission, it means there is maybe packet loss on the network (according to the transmission policy based on TCP/IP protocols, the packet will be retransmitted if it is lost).

  2. Then, double-click the event on the Details pane:

  3. A window pops up to show the decoding information. According to the Sequence number and the Acknowledge number, it is determined that there is packet loss on the network.

Packet loss is not always a bad thing. It depends on the type of data being sent. For example, when a text document is transmitted, it is unacceptable to drop a single packet. But, for VoIP (Voice over IP) traffic, it is acceptable to drop one or two packets every now and then.

Download Capsa

source: www.colasoft.com

How to Capture Wireless Network Traffic

June 9th, 2014 No comments

As an innovative and high quality network analysis solution, Capsa network analyzer is not only designed to monitor and analyze wired network traffic, but also for wireless LAN traffic, including 802.11 a/b/g/n networks.

The Enterprise Edition of Capsa network analyzer provides you the capability of wireless network capturing and encrypted wireless data decoding. No matter which encryption type an AP uses, all WEP, WPA and even the hardest WPA2 wireless traffic can be decrypted with the pre-specified security key. Additionally you do not have to figure out the encryption type of an AP, Capsa identifies and matches the encryption type of keys automatically.

Download Capsa

We all know that users have to connect to an AP (Access Point) in order to access wireless network; users must have a wireless network adapter in order to access a wireless AP. Therefore, to capture wireless traffic, we use Capsa to monitor a wireless network adapter.

Please follow steps below to monitor and capture the traffic of wireless network.

1. On the Start Page, choose a wireless network adapter. Once a wireless network adapter is enabled, Capsa automatically detects and displays all available APs.

2. Choose an AP that you want to monitor, and if the AP is encrypted, enter the password for it. Once an encrypted AP is enabled, a dialog box pops up to let you enter the key. If the dialog box doesn’t pop up, just double-click the AP to open the box.

3. Click Start to start monitoring; or if you want to set up alarms, capture filters, packet auto-saving, choose a proper network profile and a proper analysis profile and then click Start to start monitoring

  • Once a wireless network adapter is used for capturing packets, it cannot be used for accessing the network anymore.
  • If you enter the wrong key for an AP, the analysis project will run as well but it will not decode any packets.
  • One analysis project can monitor multiple APs at a time, but the APs must be at the same channel.

 To decode and analyze wireless traffic, you are recommended to:

  • Make sure the password for monitored AP is correct.
  • Be close enough to the wireless router (signal source) to thereby capture all packets.
  • Monitor the AP before other hosts access the network to thereby capture EAPOL handshake packets.

Download Capsa

from www.colasoft.com

Colasoft Capsa Free Review – Capsa Is A Comprehensive Network Analysis Tool For LAN & WLAN

May 26th, 2014 No comments

by  on 

If you’re a network administrator, you already know how critical it is to have tools at your disposal to keep you apprised of the status of your network and its connected systems. Among the gazillion different apps for Windows, there are numerous different tools and utilities that can aid in network administration. Colasoft’s Capsa desktop application for Windows is one such highly feature-laden, comprehensive network analyzer that can help you in analyzing both your LAN and WLAN in real-time. The application carries a wide array of features including 24 hour network monitoring, advanced protocol analyses, in-depth packet decoding and capturing, and automatic diagnosis.

The software can be deployed in a number of scenarios and usage needs, for instance, troubleshooting various network related issues, analyzing your networks performance and pinpointing any bottlenecks, detecting malicious activities in the network, for example, presence of virus or worm, as well as debugging other similar problems.

Capsa is a freeware program but you need a free license key in order to activate it. To get your license, simply fill in the sign up form at Capsa’s website  and the developer will email the key to you.

Capsa_Download

Once you have received the key, enter it in the ‘Serial Number’ field during the setup wizard, enable ‘Activate Online’ and click Next.

Capsa_Reg

Capsa basically comprises of two different windows. The one that pops up upon launch, looks fairly understandable. It carries two tabs at the top labeled Capture and Replay. Under Capture, you can select the network interface you require to monitor or analyze. As stated earlier, Capsa works well with all wired and wireless interfaces, including Bluetooth, Wi-Fi and Ethernet. And toggling an interface displays its bandwidth stats in real time.

Colasoft Capsa 7 Free

Capsa houses a number analyses profiles, and it’s up to the users which profile they want to deploy. For an in-depth analyses, you can choose Full Analyses, but if you need to analyze different network modules separately you can do that too by choosing the appropriate profile name. These analyses types include Traffic, HTTP, Email, DNS, FTP and IM. After selecting the analyses type, you can click ‘Start’ to initiate the capture process.

The main window of Capsa then shows up, providing a wide range of statistics and analysis results. The Ribbon-like UI of Capsa carries a menu bar at top, the main Ribbon, a node explorer to the left, status bar, and the main view at center. You can also stop and resume the capture process anytime. The application displays various different kinds of information and its up to the users how they approach with the analyses of the network.

Analysis Project 1 - Full Analysis - Colasoft Capsa 7 Free

The sub-tabs within the main view section of Capsa allow you to navigate between various sub sections, fourteen in total, such as statistics, logs, reports, graphs, data packets, diagnosis results and so on. There’s also a Node Explorer to the left which gives an overview of physical and IP addresses of the network, giving you a general understanding of your network.

Full Analysis - Colasoft Capsa 7 Free

Capsa also lets you save captured packets by exporting the results as a Capsa-compatible file and save it to your hard disk. You can then replay the same file later from the ‘Replay’ tab that I mentioned earlier. To do that, click Replay button when Capsa is relaunched, under Replay tab, click Add, select the packet file you saved and click Start to initiate replay.

Full Analysis - Replay

Overall, Capsa is an extremely useful and feature-rich program if you need to monitor and analyze various aspects of the network. Besides its Free version that we reviewed, it also comes in Enterprise and Professional editions both of which offer additional features. It works on all versions of Windows.

Download Capsa

From: addictivetips.com

iLoveFreeSoftware Review: Free Software to analyze LAN and WLAN network – Colasoft Capsa Packet Analyzer

March 24th, 2014 No comments

By Shobhan Mandal

Colasoft Capsa Packet Analyzeris a free network analyzer software which can be used toanalyze and monitor WLAN andLAN networks. What it actually provides is network monitoring,in depth packet decoding, andadvanced protocol analysis of the network you are connected to. The best part is you do not have to install this software on a server to view the details; installing in any client machine of the network will provide you with all the necessary details.

Colasoft Capsa-Home Screen

 

Well the software has a number of functionalities, like:

  • Troubleshooting Network Problems.
  • Know about the performance of the network thus finding any bottlenecks.
  • Can be used to detect virus,worms, or network attacks.
  • It can also be used to teach and learn various things about network.

Here we will talk about the free version of Colasoft Capsa which has limited capabilities, like you can monitor the network continuously for 4 hours only using a profile and you can use only 1 analysis at a time.

How to use Colasoft Capsa Free Network Analyzer:

When you are downloading Colasoft Capsa, you will be asked to register with your email address. On this email address, you will be sent activation key, which will be valid for 4 months, after which you have to renew. The installation process will take a minute or two. After the installation is over you will get the home screen which looks like the first screenshot of this review.

At first, you have to select the connection from the adapter which you would like to monitor. When selected, it immediately shows a graph for the speed of the network.

The profile section allows you to select what type of analysis you would like to do. The software offers:

  • Full Analysis
  • HTTP Analysis
  • Email Analysis
  • DNS Analysis
  • FTP Analysis
  • IM Analysis
  • Traffic Monitor

Full Analysis

Clicking on Full Analysis gives you various information regarding broadcast addresses, multicast addresses, local subnet, the IP addresses of the computer connected, etc. The center screen has various tabs like Protocol- tells about different protocols like IP, ARP, IPv6 and the amount of data and packets being transferred.

Physical Endpoint, IP Endpoint which tells about the MAC address and the IP address of the connected systems. Other tabs include TCP, IP, and UDP conversations. Somefunctionalities may not work in the free version.

Colasoft Capsa-Full Analysis

HTTP Analysis

The HTTP analysis gives you the various results regarding HTTP protocol. At any normal instance it will give the IP address of the computers with which your computer has a HTP connection. Through the IP, TCP, and UDP conversation you can know the amount of data and packets being shared among the computers.

Colasoft Capsa-HTML Analysis

The other analysis gives out more information regarding data and packet movements in the network you are connected to.

Talking to one of my friends who is a ethical hacker and wants to remain anonymous, said that the software is great. According to him:

  • This is really a great software and very powerful.
  • It helps the network administrator to get various details about the network in real time.
  • It can be used for educational purposes as the software tells how packet movement works actually in the network.

Downsides of the software

In the free version, the user cannot use more than one analysis simultaneously. If he wants to have a different analysis he must close the ongoing analysis. The free version has most of the good features restricted not allowing users to know the software’s working properly.

Also check out other network packet sniffer software.

Conclusion

It is a cool software to monitor the data traffic of your network. If you setup a private network you can watch out for any wrongdoings that might happen be happening in the network. It is very much useful for those who want to know more about computer networking.

Get Colasoft Capsa Packet Analyzer here.

Colasoft Capsa Reviewed by Gizmo’s as the Friendliest Network Traffic Monitor Ever

March 6th, 2014 No comments

Gizmo’s Freeware , a non-commercial community website staffed entirely by volunteers, published an article about Colasoft Capsa on Mar.6 2014 which reviewed Colaosft Capsa as the friendliest network traffic monitor ever.

Here’s the review written by Rob.Schifreen.

If you’ve ever wanted to be able to view a log of all the data that passes through your PC’s network connection (either wired or wifi), you may know that this is possible with a network protocol analyzer utility.  Such programs let you find out who your PC’s been talking to, and what was said.  You can view the content of every packet of data that travels to/from your PC and all of the remote computers and websites that you connect to.

By far the best-known of the network protocol analyzer software products is Wireshark.  It’s powerful, free, and does the job.  However, it also has a very steep learning curve and is far from intuitive to use.

Which is why I was so impressed to learn about a product recently called Capsa, which does a similar job but is way more friendly and much easier to understand.Capsa is from Colasoft, and you’ll find it at http://www.colasoft.com/capsa-free/.  Considering the full Enterprise version costs around $1000, the free no-commercial-use version, which offers pretty much all the features you’ll need, is a bargain.

It’s a 20 MB download, malware-free according to VirusTotal, and should work on all recent versions of Windows. So next time you need to know what’s eating up all the network bandwidth on a computer, or precisely what information a certain application is sending out about your PC, you can track it down with Capsa.

See more at Gizmo’s.