Colasoft Blog

I work for a small company as a network administrator. There’s no doubt I’m the person who is responsible for the security of network. Despite those complicated network problems, I’m sure many network admins have the same headache as me. When network problems occur and the internet could not work as usual, absolutely we are the persons to be blame first. We must try to find out the source of the problems as soon as possible. This is why we need a network sniffer to monitor our network. With the limited budget, I search on the internet, and finally I found Colasoft Capsa. I just download a free trail to see if it really works as is said.

Now, I have being using it for more than two weeks, and I found it is quite easy to use. The function of Capsa is not what I’m going to talk about in this article, because it may cost a dayJ Here I’m going to share with you a small but quite useful setting-Add physical group in network.

First, we open Settings, and click network, and click add:

Then write down the group name and the IP ranges of this group:

Well, it’s done, we can see it in the Explore:

In conclusion, with this setting, it’s very convenient to see the traffic of any specific group or department in our company. If you want to do that, just follow the above steps. Hope you enjoy this article!

To be honest, I am a little ashamed to share my experience here, however, I wish to learn more from you. Let me introduce myself briefly, my name is Don Smith, the network administrative of a small online business company in Texas.

As a small company, cost is a very sensitive problem to us especially under the recession. With a limited bandwidth, we need to make sure the core business goes steadily, I need to find out the illegal download activities in time. We bought Capsa last year after the evaluation and compare with other similar network monitoring software.

Ok, let’s see how I find out the illegal download in the network.

After the correct deployment of Capsa in our network, let’s run capsa and start the capture at first.

Figure 1.Summary View

As we can see in figure 1,the utilization is normal.

Now I will start a download, and check it again. See Figure 2:

We can see that in the packet size distribution, there are a lot of packets listed from 1024-1517,

Then we need to check how these packets generated.

Now, we will go to the protocol view to check whether there is any protocol for download.

We can see that there is http download in our network. Then we need to locate the computer which are downloading and deal with it.

Right click on the protocol, like Figure 4 showed, we can see the option: Locate Explore Node.

Then we can check the endpoints view for more details.

It is apparently that the node 192.168.6.8 is downloading, the bytes out is only 1.04MB, but the bytes out is 10.153MB.

Now we have find out the computer which are downloading the files and so we can deal with it.

As I know, this function is just a tip of iceberg. Capsa can do a lot of things like this.

Let’s share it.