Colasoft Blog

We are very excited to share with you that the beta version of Capsa for WiFi is now available to public download. We’re sincerely inviting you to help us test Capsa for WiFi, your valuable feedback will be highly appreciated.

Capsa for WiFi is a powerful and professional wireless network analyzer for 802.11a/b/g/n networks which is compatible with all NDIS 6.0 wireless adapters. Capsa for WiFi shares not only the friendly user interface, but also the great capacity of capturing, analyzing and reporting that Capsa network analyzer has.

Capsa for WiFi Highlights:

 Support 802.11a/b/g/n
 Auto identify and decode with pre-entered WEP/WPA/WPA2 key
 Compatible with all NDIS 6.0 wireless network adapters
 Auto -scan all access points in the air
 Capture all wireless network packets from one or more APs and keep APs records
 Log DNS, Emails (SMPT POP3), FTP, HTTP & IM messages (MSN & Yahoo Messenger)
 Provide customizable analysis profile and 40 expert diagnosed network problems
 Provide powerful and customizable Reports
 Analyze post-events by replaying packet files

Download Capsa for WiFi beta here.

Dear customers, Colasoft Capsa Thanksgiving Big Sale already begun, we promise you can purchase Capsa Network Analyzer at the most favorable price which save you a huge amount of money. Don’t miss this unique opportunity. Just get your coupon now.

50% off for 3 and 5 Seats License.
40% off for 2 Seats License.
30% off for Single Seat License.
20% off for Renewal.

Dear customers, with the big holliday-Thanksgiving’s coming very soon, Colasoft are wishing you a great thanksgiving with Capsa Big Sale. We will provide up to 50% off for our flagship product-Colasoft Capsa Enterprise, you can purchase Capsa at the most favorable price on our Big Sale. Please stay close.

Colasoft just released a major upgrade of Capsa Network Analyzer a few days ago and we notice that the Security Analysis Profile is the most important new feature in Capsa 7.3 which helps users to locate and troubleshoot network issues and attacks like ARP attack, DoS attack and port scanning. Besides that, the feature of email auto-saving that users appreciated in previous versions had some adjustments. So, this article is aims to teach you how to save monitored email contents.

In Capsa Network Analyzer 7.3, if you need to save a copy of the monitored email to your hard disk, you should do the following:

Step 1. Enable Log Output

a. Go to the Start Page and click the Set Data Storage link on the right panel.
b. You see the Data Storage Options dialog box, highlight the Log Output tab and then check the Save log to disk checkbox.
c. Finish the settings of choosing file folder and setting up the rules to save logs in different files.

Step 2. Enable Email Copy

a. Double-click the analysis profile you want to use and enable the Email analysis module. Probably you’ll use Full Analysis or Email Analysis because they initially enabled the Email analysis module. This step is very important and if you don’t enable Email analysis module, Capsa will not analyze and capture any email.
b. Click Next and click Log Settings. You will focus on the Output Settings and make sure the Email Copy item is checked.

Set up as the instructions above, Capsa will save all captured inbound and outbound email contents to your hard disk. Why did you make these adjustments, you may ask? This is because users of the earlier versions might be toggled among different analysis profiles and they often forget to enable log output on different profiles. That means in previous versions, every analysis profile has a switch of email auto-saving. Therefore this time we can see the switch is made globally. Once you enabled log output, the logs will be saved to your hard disk no matter which analysis profile you choose.

It’s also notable that this time Capsa is able to output logs in multiple files as the rules you set. For example, you can set to save logs to a separate file every 10 minutes. It makes it easy for you to find useful logs in time-split small files rather than in a big log file.

I’m sure you already know how to save emails with Capsa 7.3 after reading through this article.

We are so proud to announces the release of Capsa Network Analyzer 7.3.1. A brand-new analysis profile-Security Analysis Profile is added as well as more powerful Reporting Capabilities to enhance user experience.

The newly-designed Security Analysis Profile makes it more convenient and easier for users to find out potential security events with six new customer-requested Views. With Capsa 7.3.1, users can not only choose to open and close specific View, but also set up the sequences of Views to display. Report Logo Preview is available in this version which highly enhances Capsa’s reporting capabilities.

Roy Luo, CEO of Colasoft, states, “This new version addresses users’ requirement of security events analysis and also demonstrate our responsiveness. We only display security-related information in Diagnosis and Matrix Views before, this time we add six Views to broaden the scope of Capsa and provide better analysis experience. We’ll spare no efforts to provide extended capabilities to Capsa.”

New features of Capsa network analyzer 7.3.1:

Unique security analysis profile, analyzing DoS attack, ARP attack, and worm activities, etc
Flexible tab management panel of the main view
Data Storage option on the Start Page for packet and log save settings
Add Report Logo preview in Report Settings

New Views in Security Analysis Profiles:

ARP Attack: detects ARP attack activities and provides source MAC addresses
Worms: detects suspicious worm activities and provides details including source IP addresses
Dos Attacks: detects devices joining in a DoS attack to attack a remote site, and provides details on the devices
Dos Attacked: detects the devices under a DoS attack and provides details on targeted devices to cut off the attack
TCP Port Scan: detects suspicious TCP port scanning activities and details including attacker addresses
Suspicious Conversation: detects suspicious conversations of HTTP, FTP, SMTP and POP3, and provides details to figure out the problem

Capsa 7.3.1 runs under Windows XP/2003/Vista/7. A trial version is available for download at the company’s website: http://www.colasoft.com/

Ian Harac, PC World, Sept 13th, 2010

When a program has a “free” edition, very often, it is just a demo without a time limit, offering only enough functionality to get you to buy the “real” version. Capsa 7 Free is not such a program; it’s a full-featured network traffic monitoring and reporting tool. The features you get for free, without a time limit or unceasing nags, are exceptional.

This high level overview is just the start of Capsa Free; you can drill down very deep to learn more about your network.

Capsa Free provides an ongoing look at everything that passes through a selected network adapter. (This is one of the few limitations of the Free version vs. the Professional and Enterprise versions; you can analyze only one adapter at a time. For most home or small business users, this will not be an issue.) It breaks the data down by protocol and IP address, the latter of which is very interesting from a home user perspective–a days’ casual surfing, captured and analyzed by Capsa, revealed I contacted computers in over a hundred different nations. You can also set it to store packets, with a variety of options for how many to store and how long to keep them. Later, you can rummage through them with Capsa, if you know what you’re looking for (or just want to peek under the hood and understand more about what happens between when you type an address in your browser and when you see a picture of a cat appear on your screen.)

For network administrators in small businesses, Capsa 7 Free is a potent tool with many analysis and testing abilities. With it, you can see what’s happening on your network, whether you want to monitor usage or determine if a connectivity problem really is on your end, You can hand-code packets and then send them to an adapter, in order to see what happens. The ability to set alarms if particular traffic patterns occur can help you see an attack coming and head it off, and there are tutorials on-line to help you do just that.

Capsa Free is a tool for professionals and enthusiasts. A casual home user will not find much use in Capsa Free, though, being free, it doesn’t hurt to check it out. Using it requires either a good knowledge of internet protocols and low level functionality, or a strong desire to learn such things. If most or all of your traffic routes through a single network adapter, you may never see a need to upgrade to the Professional edition, which starts at $549.00.

August 5, 2010.

Colasoft, an innovative provider of all-in-one and easy-to-use network analyzer software, today announces the release of a free network analyzer software-Capsa Free, which is fully functional with no expiry days. The intuitive, simple graphic network analyzer designed for personal and small business use is now totally free to the public. While Wireshark is regarded as the pioneer of the free network analyzer, Capsa is considered as the great combination of Wireshark and Polit, strong capturing ability plus powerful analyzing and reporting abilities. Seems unbelievable? Without any doubt, another great free network analyzer is born.

“Capsa Free is a great combination of powerful network monitoring, in-depth packet decoding, reliable network diagnosing, real-time alerting and thorough reporting ability, it provides you innovative solutions to numerous network problems”, said Roy, Luo, CEO of Colasoft, “as network security is becoming more and more important, by releasing the free but full functional network analyzer, we are hoping to offer a great chance for small business and networking geeks to learn more about network analysis techniques. We believe there will be more and more network analyst, just like “doctor in networking, more and more people are going to use an easy-to-use and powerful network management software. Capsa Free aims to fulfill our goal of largely promoting the popularization of network analysis techniques and make the maximize value of enterprise network.”

Capsa Network Analyzer Free Edition Highlights:

• Your own dashboard, important parameters in one place and in graphs
• Record network Profile, set your analysis objective and perform customized analysis.
• Powerful customizable alarm, customize dozens of alarm trigger combinations.
• Identify and analyze more than 300 network protocols, create and customize protocols, analyze unique protocol traffic.
• Intuitive TCP timing sequence chart.
• Accurate MSN & Yahoo Messenger monitoring statistics.
• Email monitor and auto-saving Email content.
• Enhanced, Customizable Reports.
Capsa Free runs under Windows XP/2003/Vista/7. Download it here.

There comes the moment when the local network becomes very slow and they are suspicious of downloading in their network. To ensure the normal use of bandwidth, they need to find out who’s downloading in the network quickly and stop them to make sure everyone can work with efficiency. But many just don’t know how where to get started.

With Capsa Network Analyzer, you can find out the downloading computers within five minutes. Capsa captures all the traffics in the network, going-in and coming-out, and analyzes them to provide you enough statistics of the traffic. To find out who is downloading, we always start from looking into traffic volume of each machine.
Why should we start from traffic volume? That’s because when the downloading is digesting your bandwidth greedily, they will always generate greater traffic volume, not packets but bytes number.

Step1. Run Capsa, using Full Analysis with no filter, and capture traffic for three minutes.
Step2. Highlight IP Explorer -> Local Subnet in Node Explorer window.

Step3. Open the IP Endpoint tab in the Main View.Click Bytes column header to rearrange the list in DESC order.

The IP addresses with the longest bars on the top of the list are the suspects. But we need to eliminate the ones we trust. Then, we locate the machines with their IP addresses and warn them to stop downloading right away. It takes no more than five minutes and really it’s simple, right?

This article focuses on normal downloading, while there is another kind of downloading, Bit Torrent, out there. If you are interested about finding out Bit Torrent downloading in your network, please refer to here.

by David M Williams
July 26, 2010

If you run any type of network infrastructure there will come a time you need a low-level packet sniffer to work out just what is going on. Colasoft’s Capsa product challenges the myth these tools must be hard to use.

Have you ever had users ask why is the network so slow? Chances are high any IT professional will have looked into network related faults but found it difficult to get a handle on just what is going on because Ethernet is so, well, ethereal.

Here is where a network analyzer comes in handy. It will sniff the raw packets of data flying about as they happen and give you meaningful information to make intelligent determinations.

Previously I have talked about the tremendous open source product WireShark but WireShark isn’t for everyone. For one, the Windows port requires GTK+ and Glib to be installed which some Windows administrators aren’t keen to do. For another, although it is less arcane and cryptic than a command-line tool like tcpdump it’s still not user-friendly enough for many.

Here is where Colasoft’s Capsa product comes in. As you might guess, it is a deep low-level network protocol analyzer and its purpose is to give you the low-down on just what is happening on your network.

Where it stands out from the competition is its brilliant ease of use. Capsa adopts the same ribbon style interface as seen in Microsoft Office 2007 and it is a snap to navigate between tabs and check out the options and power available.

When it comes to network analysis so much is going on that it’s a must to separate out the chatter from the data that matters. Capsa makes it a cinch to hone in on what you want with easy to use filters and rules.

Capsa also has a concept of projects, meaning you can set global filters and rules to always apply but also make specific filters and rules for individual projects, letting you switch between these as needed.

Capsa displays intuitive options and is a genuine pleasure to use. I do not believe I’ve seen a more straightforward or elegant network analysis tool with the majority requiring expert knowledge to get any meaningful results.

Capsa is a commercial product so it does carry a price tag beginning at $US 549 for one license without maintenance but if your job requires you to troubleshoot network faults then the software will pay for itself.
As well as the commercial support Colasoft provide an extensive and helpful FAQ. A free trail of Capsa is avaliable here.

In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers. An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash. This article aims to teach you how to detect an email worm with Capsa network analyzer 7.

About Capsa 7

Capsa 7 is the flagship product of Colasoft. It is based on the second-generation Colasoft Packet Analysis Engine (CSPAE), which substantially improved the data processing speed and guaranteed the analysis performance in large traffic networks. Some unique features and ideas are introduced to Capsa 7, like Network Profile, this function allows user to set and save network profiles for different environments (departments, clients), making their analysis more customized, accurate and efficient. Another prominent feature is Analysis Profile which provides flexible, extensible and effective analysis performance based on user’s analysis objectives.

Step 1 of detecting an email worm with Capsa network analyzer 7: Diagnosis tab

In the Diagnosis tab we can see all the network issues automatically detected by Capsa network analyzer 7 , also some causes and solutions are suggested.

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:


Step 2 of detecting an email worm with Capsa network analyzer 7: Locate the source IP

Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the Node Explorer window with the Locate shortcut in the right-click menu.

Step 3 of detecting an email worm with Capsa network analyzer 7: Log tab

Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the tab like this:

No doubt the final step is to isolate the host and kill the email worm with some AV software.So, I’m sure you already got how to detect an email worm with Capsa network analyzer 7. A free trail of Capsa network analyzer 7 is avaliable at http://www.colasoft.com/.