Archive

Posts Tagged ‘network analyzer’

How to View and Analyze Historical Network Traffic

May 21st, 2014 No comments

How to View and Analyze Historical Network Traffic

As a network forensic analysis application, nChronos allows users to view historical data just by a drag. Below is a screenshot of the Time Window, you can drag the trend charts back and forth to view the network traffic of any interested time period.

Download Capsa

You can click the Set Time Window button  to set which time period to show:

When you select a time slice on the Time Window, the analysis views will only show data related to that time slice, and this is very convenient to analyze a traffic spike. Just select the spike to view and analyze the top talkers in that spike. Furthermore, you can double-click a record item to drill down it:

Download Capsa

from: colasoft.com

iLoveFreeSoftware Review: Free Software to analyze LAN and WLAN network – Colasoft Capsa Packet Analyzer

March 24th, 2014 No comments

By Shobhan Mandal

Colasoft Capsa Packet Analyzeris a free network analyzer software which can be used toanalyze and monitor WLAN andLAN networks. What it actually provides is network monitoring,in depth packet decoding, andadvanced protocol analysis of the network you are connected to. The best part is you do not have to install this software on a server to view the details; installing in any client machine of the network will provide you with all the necessary details.

Colasoft Capsa-Home Screen

 

Well the software has a number of functionalities, like:

  • Troubleshooting Network Problems.
  • Know about the performance of the network thus finding any bottlenecks.
  • Can be used to detect virus,worms, or network attacks.
  • It can also be used to teach and learn various things about network.

Here we will talk about the free version of Colasoft Capsa which has limited capabilities, like you can monitor the network continuously for 4 hours only using a profile and you can use only 1 analysis at a time.

How to use Colasoft Capsa Free Network Analyzer:

When you are downloading Colasoft Capsa, you will be asked to register with your email address. On this email address, you will be sent activation key, which will be valid for 4 months, after which you have to renew. The installation process will take a minute or two. After the installation is over you will get the home screen which looks like the first screenshot of this review.

At first, you have to select the connection from the adapter which you would like to monitor. When selected, it immediately shows a graph for the speed of the network.

The profile section allows you to select what type of analysis you would like to do. The software offers:

  • Full Analysis
  • HTTP Analysis
  • Email Analysis
  • DNS Analysis
  • FTP Analysis
  • IM Analysis
  • Traffic Monitor

Full Analysis

Clicking on Full Analysis gives you various information regarding broadcast addresses, multicast addresses, local subnet, the IP addresses of the computer connected, etc. The center screen has various tabs like Protocol- tells about different protocols like IP, ARP, IPv6 and the amount of data and packets being transferred.

Physical Endpoint, IP Endpoint which tells about the MAC address and the IP address of the connected systems. Other tabs include TCP, IP, and UDP conversations. Somefunctionalities may not work in the free version.

Colasoft Capsa-Full Analysis

HTTP Analysis

The HTTP analysis gives you the various results regarding HTTP protocol. At any normal instance it will give the IP address of the computers with which your computer has a HTP connection. Through the IP, TCP, and UDP conversation you can know the amount of data and packets being shared among the computers.

Colasoft Capsa-HTML Analysis

The other analysis gives out more information regarding data and packet movements in the network you are connected to.

Talking to one of my friends who is a ethical hacker and wants to remain anonymous, said that the software is great. According to him:

  • This is really a great software and very powerful.
  • It helps the network administrator to get various details about the network in real time.
  • It can be used for educational purposes as the software tells how packet movement works actually in the network.

Downsides of the software

In the free version, the user cannot use more than one analysis simultaneously. If he wants to have a different analysis he must close the ongoing analysis. The free version has most of the good features restricted not allowing users to know the software’s working properly.

Also check out other network packet sniffer software.

Conclusion

It is a cool software to monitor the data traffic of your network. If you setup a private network you can watch out for any wrongdoings that might happen be happening in the network. It is very much useful for those who want to know more about computer networking.

Get Colasoft Capsa Packet Analyzer here.

Capsa Network Analyzer Free Edition 7.7 – review by SoftPlanet

March 4th, 2014 No comments

 

Capsa Network Analyzer Free Edition 7.7 Video Review

 

Today we use the Internet on a regular basis and in order to have a better experience while browsing we need a stable network.Capsa Network Analyzer Free Edition will provide it to you, because it constantly monitors your network, analyzes it and helps you prevent troubleshooting. The only limitation of the program is that you can start one project at a time. If you want more you have to buy the Enterprise version, which costs USD 995 for a one year license and maintenance. If you want to increase the time limit with one more year you have to buy it for additional USD 245. But if you don’t need the app for commercial usage you can use it for free without limitations.

Features

Several working modes
Analyzes networks
Monitors traffic
Shows statistics

Capsa Network Analyzer Free Edition lets you use several modes that are specialized for different tasks. With them you can make a full analysis of your network or you can choose to start theTraffic Monitor. Also, you can make a profile that is aimed at HTTP Analysis, Email Analysis, DNS Analysis, FTP Analysis and IM Analysis.

Interface

The interface of Capsa Network Analyzer Free Edition seems simple at first, but when you start any of the modes you see that it actually has a lot of sides to it. When you double-click on any of the profiles the app offers a lot of setup options that are used for the analysis. If you want to start the monitoring or the analysis you can click on the Start button and you will see that the app has a lot of instruments, which leads to a bit of a complicated interface. But after you spend some time with it you will see that all the monitoring and analysis utilities are easily used and you don’t have to be a specialist in order to use them.

Basic Operations

When you start the Full Analysis option of Capsa Network Analyzer Free Edition it opens a window for you that is comprised of different panes which show the most important functions of the program. With them you can monitor the traffic in bytes, the protocols, the IP conversations and perform many more analyses and monitoring functions. There are a lot of other instruments that you will find useful after you get used to them.

Conclusion

Capsa Network Analyzer Free Edition is a nice application not only because it is free, but also because with it you will be able to monitor all the aspects of your network. It offers a nice visualization for a vast number of utilities, so even though they are a lot you will still be able to use them without any problems.

Pros
Many utilities
Nice visualizations
Completely free version
Cons
None really

Editor review by softplanet.com

Learn more from Colasoft official website.

Download3k Review:Colasoft Capsa Professional 7.7.2–Comprehensive and Reliable Packets Sniffer

February 13th, 2014 No comments

Reviewed by Michael Black on  (version tested: 7.7.2)

Overview

Anyone working in the IT Industry could benefit from using Capsa Professional, this software is capable of tracking network activity to a very extensive degree. The list of available features goes on and on, with the main feature being detailed packet monitoring, and a tremendous amount of information regarding traffic on your network. Capsa also offers some really helpful guides for new users who aren’t familiar with this type of interface. Using this software can help you track down the root cause of a slow or unstable network, and also assist in fixing the problem.

Installation

You can download and install the 15 day trial of Capsa Professional for free, and it is only compatible with Windows. The trial is also limited in features, but you’ll still get the look and feel of the full program. No bundled software included, just a regular installation and you’re on your way.

Interface

Capsa Professional offers a large, scale-able interface, and is all around pretty easy to navigate once you become acquainted with the software. Most of the tools will open up in a new window, which ensures that your main screen never gets cluttered with different tabs. However, with this much information, it’s pretty much guaranteed to be overwhelming at first — unless you’re a seasoned network professional. In general, Colasoft did a great job organizing the extensive list of features, which is not an easy task.

Interface is a major issue with most suite-style network monitoring software, and it’s very refreshing to see something as well put together as Capsa.

Pros

Along with the aforementioned packet monitoring capabilities, intelligently organized UI, and the fact that it can narrow down network issues to help find the root cause of a problem, there’s plenty more. Capsa Professional can be used to scan all MAC addresses on your network, as well as grab their IPs, names, and information about the manufacturer. You can also monitor a specific network adapter, or multiple, such as your ethernet port, wfii adapter, or both.

The tutorials are fantastic as well, as mentioned above, and there are even specific guides such as “How to monitor Employee Website Visits”.

Cons

The program is stable, offers everything you’ll need in network monitoring, and there’s really nothing I can say that needs work at this point. Obviously the heavy price tag is a bit daunting, but considering this software is really only necessary in a large work environment, it’s nothing to complain about.

Alternatives

Also, Capsa even offers a free version, much more suited towards troubleshooting home network issues.

Conclusion

Troubleshooting network issues can be a major pain for any IT Technician, and I’ve personally been in that situation numerous times. Using Colasoft Capsa Professional will greatly reduce the time you spend trying to find the cause of these problems, and will help you get the issues resolved much quicker.

Requirements: P4 2.8G CPU, 2G RAM, Internet Explorer 6.0 or higher

From: download3k.com

How to Display IP Address As Host Name

November 2nd, 2011 1 comment

In business network settings, network administrators manage a large number of devices, like laptops, desktops, printers, switches and routers and they all have IP and MAC addresses. When we use a network analyzer to monitor the network traffic on the network, we can see lots of IP and MAC addresses. These addresses, however, aren’t friendly to read so we’d like to show their host names or give them labels.

In Capsa we use Name Table to do this job for us. With name table we can not only label IP addresses but also MAC addresses and we can delete, export or reload the address items there. We can right-click on an IP address or MAC address and we see Add to name table in context menu.

On the dialog box we can give the IP (or MAC) address and alias, also we can choose a color for it. If we don’t know the host name, we can click Resolve address to automatically look up its host name. Then click OK to save the input.

Now back to Capsa and we can see the address is already replaced by the name alias we just created. The Add to name table function is applicable to any item on Node Explorer and all other views except Summary, Protocol and Report views.

If we need upgrade or reinstall Capsa, we can use Export function to back up the name items. Click Name Table icon on the ribbon, and click Export button to save the name table file. Then after installation or upgrade we can use the Import function to reload the name items back to the system.


Capsa for WiFi is coming very soon

February 24th, 2011 No comments

We are very glad to share with you that Capsa for WiFi, a professional and powerful wireless network analyzer is coming very soon. Not for long, it will officially be the new member of Colasoft Capsa network analyzer family.

Stay close:-)

Find out which process/application is using which TCP/UDP port on Windows

January 20th, 2011 3 comments

During the process of analyzing a network problem with a network analyzer tool or a protocol sniffer, especially when we find a suspicious worm or backdoor activity, we get only useful information like MAC addresses, IP addresses and also the port number in transport layer. The analyzer may not even know which application layer protocol is used, even it tells, we still need to figure out which application or process is using this application layer protocol. Is there any method that we can find out the original application or process using that TCP or UDP port? If you are conducting an on-site analysis, Capsa can easily help find out which process is using what port.
Let’s see how.

Find out Port Number

For example, I spot in Capsa Free the following TCP connection suspicious, which constantly communicates to IP: xx.xx.0.183, on port 8000. So I’m going to look up the process name using this port.

find_port

Find Process ID (PID)

At once I evoke Command Prompt, and entered the following string and hit enter.

netstat –aon | findstr :8000

Explanation:

-a: list all active connections and their ports. –o: show process IDs. –n: display the port numbers numerically.

| findstr :8000: display only the items with string :8000 (findstr means find string). Don’t forget the pipe symbol | at the beginning.

Let’s see what we get.

find_pid

We can read in this case 3968 is the PID, and the source IP address and the target address is the same as the first figure.

Find Process/Application

Next we’ll switch to another tool Process Explorer (a free tool that you can get from: http://technet.microsoft.com/en-us/sysinternals/bb896653) immediately. And we can easily find out the process or application of this PID: 3968.

process_explorer

I’m sure it’s an instant messenger used internal in my office and it’s safe. You can also try to find this PID in Windows Task Manager if you don’t have Process Explorer installed.

However task Manager will not provide as much information as Process Explorer. And command prompt is quite handy for geeks.

tasklist | findstr 3968

This command will list only the task items with string 3968. Please refer to previous command if you not sure about | findstr parameter.

Kill Process/Application

So next, you may want to kill a process when you find it’s malicious and want to end it at once? If you are with Process Explorer, you just right-click on a process item and choose Kill Process (Press Del button for short) to kill that process (you can do the same in Task Manager). Again, you may run the following in Command Prompt:

taskkill /F /PID 3968

Explanation:

/F means force to kill the process. And I suppose you understand PID so far.

Now we successfully detect and target the suspicious process with the specific port number, no matter UDP or TCP. And of course this procedure is reversible, you can find out the port number from the process’s PID.

Capsa for WiFi Beta is Now Available to Public Download

December 26th, 2010 No comments

We are very excited to share with you that the beta version of Capsa for WiFi is now available to public download. We’re sincerely inviting you to help us test Capsa for WiFi, your valuable feedback will be highly appreciated.

Capsa for WiFi is a powerful and professional wireless network analyzer for 802.11a/b/g/n networks which is compatible with all NDIS 6.0 wireless adapters. Capsa for WiFi shares not only the friendly user interface, but also the great capacity of capturing, analyzing and reporting that Capsa network analyzer has.

Capsa for WiFi Highlights:

 Support 802.11a/b/g/n
 Auto identify and decode with pre-entered WEP/WPA/WPA2 key
 Compatible with all NDIS 6.0 wireless network adapters
 Auto -scan all access points in the air
 Capture all wireless network packets from one or more APs and keep APs records
 Log DNS, Emails (SMPT POP3), FTP, HTTP & IM messages (MSN & Yahoo Messenger)
 Provide customizable analysis profile and 40 expert diagnosed network problems
 Provide powerful and customizable Reports
 Analyze post-events by replaying packet files

Download Capsa for WiFi beta here.

Detecting Trojan and Worm with Capsa Network Analyzer

April 30th, 2010 9 comments

Trojan and Worms are two major threats to network security. Do you know what exact is a Trojan horse? In Wikipedia, Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, it is possible for a hacker to access it remotely and perform various operations.

Almost all Trojans and worms need an access to network, because they have to send data out to the hacker. Only the useful data are sent to the attacker the Trojan accomplishes its mission. So it should be a good solution that we start from the aspect of traffic analysis and protocol analysis technology. We are going to detect the Trojan horse and worm with the help of a –network analyzer-Colasoft Capsa. Capsa is an easy-to-use and intuitive network analyzer, which provides enough information to help check if there is any Trojan activities in our network. In this article I’m going to show you how to spot a Trojan or worm.

5 solutions to find the trace of a Trojan or worm in LAN network:

Solution 1: The Summary Tab

1
Concentrate on TCP packet summary. We should be alerted when TCP SYN Sent number is much larger than TCP SYN ACK Sent number. Generally the ratio of these two numbers approximately equals 1:1. Trojans and worms always send large amount of TCP SYN packet to the network and try to establish connections with other machines. When a connection established, they try to penetrate into the target machine.

Solution 2: IP Endpoint Tab

2
We can reorder the rows by clicking the column headers of the Packet Sent, Packet Received or IP conversation. Pay attention to the node with big statistics. They, however, might be BitTorrent downloading. But Trojans and worms definitely send out a large amount of packets.

Solution 3: The Log Tab

3
Focus on the DNS Log. We could make a list of target websites of Trojan horses by Google. For example, website like *****.3322.org. Furthermore, we can store the DNS log and analyze by using filters of the Trojans’ keywords.

Solution 4: Using Filters

04
Build filters rules with patterns of some Trojans and worms. Until they send a packet out, we will get those Trojans’ and worms’ activities. This method has its drawback that it does nothing to a new Trojan or worm.

Solution 5: The TCP Conversation Tab & UDP Conversation Tab

5
6
When Trojan or worm activities are found in our network, we can locate the machine’s IP address in the Node Explorer and then check its TCP Conversation or UDP Conversation. In TCP Conversation tab, we can read the reconstructed data of the communication in Data Flow sub tab, (the UDP Conversation is with the Data sub tab). Attentions have to be paid if the conversation is sending your system information.
Above are the featured tabs of Capsa network analyzer that we often use to detect network problems or bottlenecks. Moreover, we can spend some time to study what ports do the Trojans and worms like to use such as Executor:80, Ultors Trojan:1234. Then when we troubleshoot the network and make the analysis, we should pay attention to the node sending or receiving packets to and from these ports as well.

How to find the top bandwidth users with Capsa?

April 12th, 2010 2 comments

Sometimes when our network is going abnormal, we need to find out and check the top bandwidth users for clues, such as BitTorrent downloading, online video, worm activities, and so on. With Capsa 7, you don’t need to do any settings or configurations. All you need to do is to run the program, and get the statistic results with a couple of clicks.

First, let’s start Capsa7.1, we’d better not set any filters, unless we are monitor a specific kind of traffic. Then, we just keep the program running.

1

We first t come to the dashboard. By default, there’re two graphs in the dashboard, providing top talkers statistic results. They are Top physical address by bytes, and top IP address by bytes. By default, they display the top 10s. We can move pointer over a bar to see its address. In this network, the IP address, 192.168.5.24 (one ninety two, dot one sixty eight, dot five dot twenty four), consumes the biggest portion of bandwidth.

2

If we need detailed statistics of those nodes, we can come to the physical endpoint tab, or Ip endpoint tab. We can click the column header to order the list. Click this column to order by bytes. We can see who take the most traffic. We can see these highlighted bars; they help us recognize the column difference. Also we can click packets to see, who send out the most packets. From these statistics, we can get hints of anomalies, such as downloading and online video takes a lot of bandwidth, and some worm or attacks sends a great number of packets. The difference is we get MAC address in this tab, and IP address in another tab.

3

For some occasion, we need to generate a report of the top bandwidth users. Capsa 7.1 has the report function, let’s move on to the report tab. It provides five top statistic groups. Click an item; we see it’s an easy-to-understand table with information of IP address, traffic consumption percentage, bytes and packets.

4

If we want to save the report, click this button, choose a folder, type in a file name, then we can choose to save the report in PDF or html. Click Save. Report saved, and we can see the webpage is the same in the report tab.

5

Watch the video tutorial at http://www.colasoft.com/download/top_10_network_traffic_hosts.php