存档

文章标签 ‘Colasoft Capsa’

Review: Colasoft Capsa from WindowsITPro.com

2010年6月1日 1 条评论

by Michael Dragone at June 1, 2010.

At some point in the career of almost any IT professional, there comes a time when a detailed examination of network traffic at the packet level is required to troubleshoot a problem. These problems often occur at the worst time, and having the ability to quickly perform a detailed traffic analysis is critical to resolving the problem swiftly and efficiently.

In the field of network analyzers, there’s a range of choices. On the one end, you can obtain free tools that support basic capture tasks but require you to perform much of the analysis. On the other end, you can purchase multifunctional tools that perform the analysis for you.

I took at look at the recently released Capsa 7.1 from Colasoft to see how it performed. I was especially interested to see how it fared against free tools such as Microsoft’s Network Monitor and Wireshark (formerly Ethereal). I ran the software on a Windows XP Professional SP3 computer.

Capsa downloaded quickly, and the installation process was brief. During installation, I was given the opportunity to install additional Colasoft tools such as a packet generator. I declined because I was focusing on the network analyzer, but it was nice to see those tools included as an installation option and not as an additional download. I was also happy that the installation process gave me full control over the creation of the desktop and Quick Launch icons instead of littering my test computer with icons everywhere. Finally, I was expecting to have to reboot my computer after the installation, as I assumed that the installation routine would make changes to the network stack. I was happy to see that this wasn’t the case and no reboot was required.

When you start Capsa, an interface presents you with intuitive options that let you select the network you want to analyze and the type of analysis you want to perform, such as Full Analysis, Traffic Monitor, Security Analysis, and Email Analysis. I wanted to analyze traffic, so I selected Traffic Monitor and clicked the large play button. The analysis began immediately.

As Figure 1 shows, Capsa uses the Fluent interface introduced in Microsoft Office 2007. As such, it’s extremely easy to navigate and almost, dare I say, fun to poke around the various tabs as the product captures network traffic.

ColaSoft-Capsa-125186-Fig1

The information that the product can capture can be daunting, but it was easy to filter the capture to look for only HTTP traffic. The filter interface provides an excellent graphical representation of what your newly created filter will do.

I was able to drill-down into my newly captured HTTP traffic to the packet level and examine all the details. Because it was encrypted HTTP Secure (HTTPS) traffic, I couldn’t look into the data payload, but all the header details were available. I was also able to examine entire TCP conversations, from the initial handshake all the way down to the FIN flag. The graphical representations that this product can produce are simply wonderful.

Overall, Capsa is a joy to use. My only complaint is the high price tag, which might make it difficult to obtain if you don’t spend a majority of your time examining network traffic, as free (and excellent) alternatives exist. Despite this, I highly recommend this product and would be glad to add it to my toolbox.

How to improve network protocols learning and teaching

2010年4月26日 9 条评论

In computing, a protocol is a set of rules which is used by computers to communicate with each other across a network. A protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection. A protocol is a formal description of message formats and the rules for exchanging those messages.

Today, there are many universities or institutes opening training section of network protocols. More and more people interested in computer programming are learning network protocols. They get training, have books or videos, they are fabulous about protocols. Network protocol analyzer is regarded as the best tool to help improve network protocols learning and teaching. There are many people using Wireshark to help learn or teach network protocols, Colasoft Capsa can also do this, and maybe better.

Now, let’s see how Capsa helps to improve network protocols learning and teaching in a more graphical and intuitive way.

Protocol decoding is the basic functionality as well. There is a Packet tab, which collect all captured packets or traffic. Select a packet and we can see its hex digits as well as the meaning of each field. The figure below shows the structure of an ARP packet. This makes it easy to understand how the packet is encapsulated according to its protocol rule.
001

For more complicated study such as how to establish a TCP connection by a three-way handshake, how to close a TCP connection, how the window size changes, and how to calculate the TCP SEQ number and ACK number, the Time Sequence functionality is helpful and intuitive. The Time Sequence tab displays the packet movement of a TCP conversation with two-direction arrows. The following figure sketches a complete process of a TCP conversation, from connection establishment to connection close. The columns on the left side of the arrows show the calculation of sender’s SEQ and ACK numbers. And also we can see the window size. On the right-side of the arrows, they are the receivers’.
002

Furthermore, for scientific research in network communication and protocols, we may need to create protocols of our own. Colasoft Capsa allows us to customize protocols. It’s very easy to create a protocol rule of TCP, UDP, IP and Ethernet II. See figure below.
003

Colasoft Capsa is a powerful protocol analyzer shipped with four powerful tools-packet builder, packet player, ping tool and mac scanner. The packet builder helps teachers and rookies to create or build packets like ARP, IP and TCP packets. The packet player can be used to send packets into the network to test the network. You can also import packet files captured by other network sniffers as well. With the assistance of network protocol sniffer tools, the theories on the book will no longer be dry and boring. Let Caps help you dig into the micro network world.