Colasoft Blog

 

Capsa Network Analyzer Free Edition 7.7 Video Review

 

Today we use the Internet on a regular basis and in order to have a better experience while browsing we need a stable network.Capsa Network Analyzer Free Edition will provide it to you, because it constantly monitors your network, analyzes it and helps you prevent troubleshooting. The only limitation of the program is that you can start one project at a time. If you want more you have to buy the Enterprise version, which costs USD 995 for a one year license and maintenance. If you want to increase the time limit with one more year you have to buy it for additional USD 245. But if you don’t need the app for commercial usage you can use it for free without limitations.

Features

Several working modes
Analyzes networks
Monitors traffic
Shows statistics
Capsa Network Analyzer Free Edition lets you use several modes that are specialized for different tasks. With them you can make a full analysis of your network or you can choose to start theTraffic Monitor. Also, you can make a profile that is aimed at HTTP Analysis, Email Analysis, DNS Analysis, FTP Analysis and IM Analysis.

Interface

The interface of Capsa Network Analyzer Free Edition seems simple at first, but when you start any of the modes you see that it actually has a lot of sides to it. When you double-click on any of the profiles the app offers a lot of setup options that are used for the analysis. If you want to start the monitoring or the analysis you can click on the Start button and you will see that the app has a lot of instruments, which leads to a bit of a complicated interface. But after you spend some time with it you will see that all the monitoring and analysis utilities are easily used and you don’t have to be a specialist in order to use them.

Basic Operations

When you start the Full Analysis option of Capsa Network Analyzer Free Edition it opens a window for you that is comprised of different panes which show the most important functions of the program. With them you can monitor the traffic in bytes, the protocols, the IP conversations and perform many more analyses and monitoring functions. There are a lot of other instruments that you will find useful after you get used to them.

Conclusion

Capsa Network Analyzer Free Edition is a nice application not only because it is free, but also because with it you will be able to monitor all the aspects of your network. It offers a nice visualization for a vast number of utilities, so even though they are a lot you will still be able to use them without any problems.

Pros
Many utilities
Nice visualizations
Completely free version
Cons
None really

Editor review by softplanet.com

Learn more from Colasoft official website.

Reviewed by Michael Black on 13 Feb 2014 (version tested: 7.7.2)

Overview

Anyone working in the IT Industry could benefit from using Capsa Professional, this software is capable of tracking network activity to a very extensive degree. The list of available features goes on and on, with the main feature being detailed packet monitoring, and a tremendous amount of information regarding traffic on your network. Capsa also offers some really helpful guides for new users who aren’t familiar with this type of interface. Using this software can help you track down the root cause of a slow or unstable network, and also assist in fixing the problem.

Installation

You can download and install the 15 day trial of Capsa Professional for free, and it is only compatible with Windows. The trial is also limited in features, but you’ll still get the look and feel of the full program. No bundled software included, just a regular installation and you’re on your way.

Interface

Capsa Professional offers a large, scale-able interface, and is all around pretty easy to navigate once you become acquainted with the software. Most of the tools will open up in a new window, which ensures that your main screen never gets cluttered with different tabs. However, with this much information, it’s pretty much guaranteed to be overwhelming at first — unless you’re a seasoned network professional. In general, Colasoft did a great job organizing the extensive list of features, which is not an easy task.

Interface is a major issue with most suite-style network monitoring software, and it’s very refreshing to see something as well put together as Capsa.

Pros

Along with the aforementioned packet monitoring capabilities, intelligently organized UI, and the fact that it can narrow down network issues to help find the root cause of a problem, there’s plenty more. Capsa Professional can be used to scan all MAC addresses on your network, as well as grab their IPs, names, and information about the manufacturer. You can also monitor a specific network adapter, or multiple, such as your ethernet port, wfii adapter, or both.

The tutorials are fantastic as well, as mentioned above, and there are even specific guides such as “How to monitor Employee Website Visits”.

Cons

The program is stable, offers everything you’ll need in network monitoring, and there’s really nothing I can say that needs work at this point. Obviously the heavy price tag is a bit daunting, but considering this software is really only necessary in a large work environment, it’s nothing to complain about.

Alternatives

Also, Capsa even offers a free version, much more suited towards troubleshooting home network issues.

Conclusion

Troubleshooting network issues can be a major pain for any IT Technician, and I’ve personally been in that situation numerous times. Using Colasoft Capsa Professional will greatly reduce the time you spend trying to find the cause of these problems, and will help you get the issues resolved much quicker.

Requirements: P4 2.8G CPU, 2G RAM, Internet Explorer 6.0 or higher

From: download3k.com

Lee H.Badman, Wirednot, Dec. 28th, 2013

A few weeks back, I was invited by Colasoft to take a look at their Capsa 7 Enterpriseanalyzer. Having a little time off around the holidays, I finally got around to spending a couple of hours with the product. This hardly constitutes an in-depth review, but I can share some of the first impressions this interesting and powerful tool made on me during playtime.

I was vaguely familiar with Colasoft, having looked at some of their rather nifty freebies (like a multi-host ping tool) in the past. Wanting to get oriented before digging in, I popped in on the website to see what the promise of Capsa 7 Enterprise amounts to. Lifted from Colasoft’spages:

Key Features of Capsa Enterprise:

• Real-time packet capture as well as the ability to save data transmitted over local networks, including wired network and wireless network like802.11a/b/g/n;
• Identify and analyze more than 500 network protocols, as well as network applications based on the protocol analysis;
• Identify “Top Talkers” by monitoring network bandwidth and usage by capturing data packets transmitted over the network and providing summary and decoding information about these packets;
• Overview Dashboard allows you to view network statistics at a single glance, allowing for easy interpretation of network utilization data;
• Monitor and save Internet e-mail and instant messaging traffic, helping identify security and confidential data handling violations;
• Diagnose and pinpoint network problems in seconds by detecting and locating suspicious hosts;
• Ability to Map the traffic, IP address, and MAC of each host on the network, allowing for easy identification of each host and the traffic that passes through each;
• Visualize the entire network in an ellipse that shows the connections and traffic between each host.

It’s a pretty ambitious feature set, for a $995 price tag. (“Enterprise” differs from “Professional” in that Professional doesn’t do WLAN.) Capsa is only available for Windows (all versions), and this is a laptop analysis tool rather than a datacenter-racked super-sleuther. Also- WLAN support includes up to 802.11n, but not .11ac yet.

That’s the intro, but how does the product actually perform? I’ll admit to being impressed.

Though I know my way around plenty of CLIs, I’m a UI guy- I hate sucky, confusing, ill-laid out interfaces. Colasoft passes my muster in this regard- Capsa 7 packs a surprising amount of analysis info into a peppy and nicely designed dashboard. Having little Ethernet in my home these days and not wanting to get up off my duff to set up a wired test scenario (it’s the holiday break, after all) I aimed most of my tire-kicking at my home WLAN environment (currently a mix of Aerohive and Meraki). As with any analysis tool, you start by selecting your adapter, and in this case a WLAN channel and one or more SSIDs, and off you go- no AirPcap needed or any sort of special drivers (I tested it with a number of adapters, all did well).

You get variety of analysis profiles to pick from (Full, Traffic Monitoring, Security, HTTP, Email, DNS, FTP, Instant Messaging), and deep views into the gory details of 802.11/802.3 packets as you would with any competing tool. You also get just a nice range of different views that feel AirMagnet-y (or WildPackets-y) at times, but what you don’t get is any of the spectrum type channel plots that MetaGeek gives. Short of that, Capsa 7 is pretty comprehensive.

My “testing” amounted to generating a bunch of nothing-special network traffic both locally and across the Internet, and then drilling into it looking for anyplace I might want to go for analysis that Capsa fell short on. There just wasn’t any.

I am intrigued enough to play further, and my fully-functional eval copy will also get turned loose on my big WLAN when I get back to work to see how it does in the presence of an enterprise-grade 802.1x Wi-FI environment with a ridiculous order of magnitude more clients than I have at home. If there is anything good or bad to add, I’ll come back and amend this post.

Meanwhile, Colasoft does make Capsa 7 available for free 15-day trials.

If you’re in the market for a decent all-in-one wired/wireless analyzer, AND you don’t need 11ac support, AND you run Windows, you might want to have a look at Capsa 7 Enterprise.

 

 

http://www.networkcomputing.com/data-networking-management/10-free-network-analysis-tools/240163757?queryText=capsa

The article was written by Ericka Chickowski .She is an award-winning freelance writer, Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. Chickowski’s perspectives on business and technology have also appeared in dozens of trade and consumer magazines, includingChannel Insider, Consumers Digest,  Entrepreneur,  InformationWeek, Network Computing and SC Magazine.(Information from http://www.networkcomputing.com)

Ericka Chickowski  recommended 10 free network analysis tools in her article,the first one is Capsa Free.

This is how Ericka Chickowski describes Capsa Free.

“Capsa Free is an network analyzer designed for monitoring, troubleshooting and analysis, Capsa Freefrom Colasoft provides the capability to identify and monitor more than 300 different protocols. Users can record network profiles, create customizable reports and set customizable alarm trigger combinations. Additionally, Capsa offers MSN and Yahoo Messenger monitoring statistics, email monitoring and auto-saving of email content and an easy-to-use TCP timing sequence chart.” (Actually Capsa can  identify and monitor more than 400 different protocols now.)

Thanks Ericka, Thanks all the people who like Capsa.

 

 

 

 

Tulsa, OK – November 11, 2013 – Colasoft LLC, an innovative developer of network management and packet analysis software and solutions, today announced the release of a new version of its flagship product, nChronos, a Forensic Network Analysis Application. Customizable and schedulable reporting are now available in nChronos 4.1, allowing network administrators to easily generate and schedule various reports on the traffic for a specific time period.

nChronos’ new reporting engine now provides 12 statistical system reports based on:

1)       Traffic

2)       Addresses

3)       Communication

4)       Applications

5)       Top Talkers

6)       Alarms

Users can customize reports for a specific network scope, like addresses, network segments, and applications, based on 17 built-in report modules. Network Administrators will have comparison data for all reports. nChronos 4.1 allows more effective analysis because not the data from all reports can be compared with historical indicators. Both system reports and user-defined reports can be scheduled to generate hourly, daily, weekly and monthly reports, and sent to any email recipients as specified.

nChronos 4.1 strives to provide greater convenience for network administrators through the reports delivered by email.  This new reporting includes, but is not limited to:

1)       Bandwidth Consumption

2)       Application Activity

3)       Trending Traffic

4)       Network Anomalies

With the new innovative comparison function, the nChronos reports can be presented to the management without any extra effort because everything is already so designed for you.

In addition to reports, traffic alarms based on network segments are provided in nChronos 4.1, with 27 available trigger parameters. A Transaction Content Analysis window is provided for transaction logs to display the details of an application transaction, including the client and server IP and port number, the request and response time and content.

The reporting and transaction analysis are great features we have added to nChronos because of customer demand”, said Brandon Lewis, Director of Customer Support at Colasoft, “This new release makes nChronos a more comprehensive forensic network analysis solution for critical enterprise networks”.

The evaluation version of nChronos 4.1 is now available at Colasoft website www.colasoft.com.

Read the full press release here.

As thanksgiving is on the way, to show our appreciations, Colasoft is offering a special offer for its flagship product, Capsa Network Analyzer. Capsa network analyzer is favored by network administrators as one of the most easy-to-use and powerful network analysis tools.

We have lowered the price of the Enterprise edition of Capsa network analyzer $200 for the entire month of November.  Now by entering the coupon code THANKS, you can purchase Capsa Enterprise at only $795.

We are very happy today to announce a new version of our flagship product, the nChronos Network Forensic Data Recorder application. The new nChronos version 4.0 has enhanced application monitoring and alerting capability.

This release of nChronos provides the user with the capability of monitoring the performance and real-time availability of custom applications.  nChronos has also added the ability to monitor transaction analysis of HTTP-based web applications.  nChronos has the ability to monitor Standard Applications, Web Applications, and Signature Applications.

The nChronos Expert Analyzer module now offers the ability to perform Custom Reporting of network parameters. Additionally, in response to customer demands and industry trends nChronos now supports IPv6 analysis.  The nChronos is fully supported on Microsoft Operating Systems running in 64 bit OS’s.

“Application monitoring and alerting are mission critical to many of our customers”, said Brandon Lewis, Director of Customer Support at Colasoft. “This new release of nChronos provides users the capability to ‘rewind’ their network traffic and troubleshoot application issues as if it were real-time.”

 

nChronos 4.0 now gives network engineers the ability to monitor from the application to the packet level and set alarms that trigger when network performance parameters are exceeded or security conditions are tripped.  nChronos performs like a Digital Video Recorder for your Data Network now alerting you of an issue before your phone rings.

 

A Free Evaluation version of nChronos 4.0 is now available at Colasoft website www.colasoft.com.

February 26, 2013 – Colasoft, an Oklahoma company, is a leading provider of innovative, affordable, network analysis software solutions. Colasoft today announced the release of its latest Capsa Network Analyzer, version 7.7, a real-time portable network analyzer for wired and wireless network monitoring, bandwidth analysis, and intrusion detection.

In addition to Bandwidth Monitoring and Traffic Analysis, Capsa Enterprise now has Filters and Views to not only alert of a CyberAttack, but also provide the ability to perform detailed packet analysis to assess the impact of the CyberAttack. A Free Trial version is available for download at:   http://www.colasoft.com/download/products/download_capsa.php

Capsa now has the ability allow network engineers to create custom alarm rules to monitor for network anomalies, such as excessive traffic throughput, excessive broadcast packets, suspicious conversations, and much more.  Capsa 7.7 will now provide alarm alerts and email notification the moment an alert is triggered allowing you to react in minutes to a network violation or CyberAttack.

 

“Capsa is the only Packet Sniffer and Packet Decoder to provide an easy to use GUI combined with CyberAttack Detection features”, said Brian K. Smith, Vice President at Colasoft LLC, “found only in a more expensive Intrusion Detection Application. Colasoft Capsa now offers the Network Engineer one of the most robust Bandwidth and Packet Analysis tools available.”

With the release of Capsa 7.7 over 10 new decoders were added for protocols like; SIP, SDP, MEGACO/H.248, MGCP, Q.931, SAP, H.225, RMI, Oracle, MMS, GOOSE, SMV, and GMRP. Capsa also added several new VoIP protocols. Capsa inherently analyzes VoIP issues, like voice quality QOS, dropped packets and connectivity issues.

 

The following are brief descriptions for some of these protocols:

• SIP (Session Initiation Protocol): a widely used protocol for controlling communication sessions such as voice and video calls over Internet Protocol (IP).
• SDP (Session Description Protocol): a format for describing streaming media initialization parameters [RFC 4566].
• MEGACO/H.248: known as Gateway Control Protocol, a recommendation from ITU Telecommunication Standardization Sector (ITU-T) which defines protocols that are used between elements of a physically decomposed multimedia gateway.
• MGCP (Media Gateway Control Protocol): a protocol used for controlling media gateways on Internet Protocol (IP) networks and the public switched telephone network (PSTN).
• Q.931: the ITU standard ISDN connection control signaling protocol, forming part of Digital Subscriber Signaling System No. 1.
• SAP (Session Announcement Protocol): an experimental protocol for broadcasting multicast session information [RFC 2974].
• H.225: part of the H.323 family of telecommunication protocols.
• Oracle: a protocol used by Oracle database to transfer data.

Additionally Capsa now offers the ability to alert on “Suspicious Conversations”, to track employee activity or even log and view IM conversations. Capsa helps not only identify “Top Talkers” but also help protect your company against internal employee theft of Intellectual Property.

Capsa 7.7 is compatible with Windows XP/2003/2008/Vista/Windows 7/Windows 8.
A trial version is available for download at:   http://www.colasoft.com/download/products/download_capsa.php

About Capsa

Capsa is an easy-to-use Ethernet packet sniffer (network analyzer or network sniffer) for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24×7 network monitoring, reliable network forensics, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving you insights into all of your network’s operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.

About Colasoft

Since 2001, Colasoft, an Oklahoma Company, has been an innovative provider of all-in-one and easy-to-use software solutions for users to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Currently, more than 5,000 customers in over 80 countries trust the company’s flagship product, Capsa Packet Sniffer, as their network monitoring and troubleshooting solution.  Please visit http://www.colasoft.com for more information.

by Tony Fortunato

Source: http://www.lovemytool.com/blog/2013/02/nat-packet-analysis-using-wireshark-by-tony-fortunato.html

One of the most popular questions I get when people get the hang of protocol analysis is the daunting exercise of multitrace analysis. As with anything else the best advice is to start with the basics before tackling anything complicated.

Multitrace analysis is only effective if you truly understand your vendors products, networking and how it relates to the OSI model or packet analysis. I always suggest that you start at layer 1 and work yourself up. The key is to know what fields in the frame or packet changes, or remains the same. Ideally when you figure this out you can use a better capture or display filter

A multitrace capture of a hub, switched, or bridged network is most straight forward since a hub or switch is transparent at layer 1 or 2 and doesn’t change anything in the packet.

When you move up to layer 3 or routing, several things change in the packet such as MAC address, IP TTL and TOS. Of course your mileage will vary, and any device could be configured to muck with more bits in the packet, but I figure I would give you a point of reference.

At layer 4 we get into application gateways, proxy, firewalls and NAT type devices where the following packet fields gets modified; MAC address, IP address, IP TOS, TCP/UDP port numbers, TCP ACK/SEQ values, etc.

Lastly at layer 7, we are dealing with multi-tiered applications and basically everything changes in the packet.

In this video example I do a multitrace analysis of a simple netgear router/NAT/firewall device where I take a trace from the WAN and LAN side to compare. Not to sound like a broken record, but please remember that your devices might behave totally differently and these notes and techniques should only be used as a reference  in your environment.

Check the video here:
http://www.youtube.com/embed/J9FzaFryQIw?feature=oembed

Source: http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/940-cisco-switches-span-monitoring.html

Being able to monitor your network traffic is essential when it comes to troubleshooting problems, performing a security audit, or even casually checking your network for suspicious traffic.

Back in the old days, whenever there was a need to monitor or capture network traffic, a hub would be introduced somewhere in the network link and thanks to the hub’s inefficient design, it would copy all packets incoming from one port, out to all the rest of the ports, making it very easy to monitor network traffic. Those interested on hub fundamentals can read our Hubs & Repeaters article.

Of course switches work on an entirely different principle and do not replicate unicast packets out every port on the switch, but keep them isolated unless it’s a broadcast or multicast.

Thankfully, monitoring network traffic on Cisco Catalyst switches is a straight forward process, and does not require the presence of a hub. The Cisco method is called Switched Port Analyser also known as  SPAN.

Understanding SPAN Terminology

• Ingress Traffic: Traffic that enters the switch
• Egress Traffic: Traffic that leaves the switch
• Source (SPAN) port: A port that is monitored
• Source (SPAN) VLAN: A VLAN whose traffic is monitored
• Destination (SPAN) port: A port that monitors source ports. This is usually where a network analyser is connected to.
• Remote SPAN (RSPAN): When Source ports are not located on the same switch as the Destination port. RSPAN is an advanced feature that requires a special VLAN to carry the monitored traffic and is not supported by all switches. RSPAN explanation and configuration will be covered on another article.

The network diagram above helps us understand the terminology and implementation of SPAN.

Source SPAN ports are monitored for received (RX), transmitted (TX) or bidirectional (both) traffic.  Traffic entering or exiting the Source SPAN ports are mirrored to the Destination SPAN port. Typically, you would connect a PC with a network analyser (we trust and use Colasoft’s Capsa Enterprise) on the Destination SPAN port, and configure it to capture and analyse the traffic.

The amount of information you can obtain from a SPAN session really depends on how well the captured data can be interpreted and understood.  Tools such as Capsa Enterprise will not only show the captured packets, but automatically diagnose problems such as TCP retransmissions, DNS failures, slow TCP responses, ICMP redirect messages and much more. These capabilities help any engineer quickly locate network problems which otherwise could not be easily found.

Basic Characteristics and Limitations of Source Port

A source port has the following characteristics:

• It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet, and so forth.
• It can be monitored in multiple SPAN sessions.
• It cannot be a destination port (that’s where the packet analyser connects to)
• Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group.
• Source ports can be in the same or different VLANs.
• For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.

Basic Characteristics and Limitations of Destination Port

Each SPAN session must have a destination port that receives a copy of the traffic from the source ports and VLANs.

A destination port has these characteristics:

• A destination port must reside on the same switch as the source port (for a local SPAN session).
• A destination port can be any Ethernet physical port.
• A destination port can participate in only one SPAN session at a time.
• A destination port in one SPAN session cannot be a destination port for a second SPAN session.
• A destination port cannot be a source port.
• A destination port cannot be an EtherChannel group.

Limitations of SPAN on Cisco Catalyst Models

Following are the limitations of SPAN on various Cisco Catalyst switches:

• Cisco Catalyst 2950 switches are able only to have one SPAN session active at a time and can monitor source ports. These switches cannot monitor VLAN source.
• Cisco Catalyst switches can forward traffic on a destination SPAN port in Cisco IOS 12.1(13)EA1 and later
• Cisco Catalyst 3550, 3560 and 3750 switches can support up to two SPAN sessions at a time and can monitor source ports as well as VLANs
• The Catalyst 2970, 3560, and 3750 Switches do not require the configuration of a reflector port when you configure an RSPAN session.
• The Catalyst 3750 Switches support session configuration with the use of source and destination ports that reside on any of the switch stack members.
• Only one destination port is allowed per SPAN session, and the same port cannot be a destination port for multiple SPAN sessions. Therefore, you cannot have two SPAN sessions that use the same destination port.

Configuring SPAN On Cisco Catalyst Switches

Our test-bed was a Cisco Catalyst 3550 Layer 3 switch, however the commands used are fully supported on all Cisco Catalyst 2940, 2950, 2955, 2960, 2970, 3550, 3560, 3560−E, 3750, 3750−E and 4507R Series Switches.

The diagram below represents a typical network setup where there is a need to monitor traffic entering (Ingress) and exiting (Egress) the port to which the router connects to (FE0/1). This strategically selected port essentially monitors all traffic entering and exiting our network.

Since router R1 connects to the 3550 Catalyst switch on port FE0/1, this port is configured as the Source SPAN port.  Traffic copied from FE0/1 is to be mirrored out FE0/24 where our monitoring workstation is waiting to capture the traffic.

Because serious network procedures require serious tools, we opted to work with Colasoft’s Capsa Enterprise edition, our favourite network analyser. With Caspa Enterprise, we were able to capture all packets at full network speed and easily identify TCP sessions and data flows we were interested in. If you haven’t tried Capsa Enterprise yet, we would highly recommend you do by visiting Colasoft’s website and downloading a copy.

Once we got our network analyser setup and running, the first step is to configure FastEthernet 0/1 as a source SPAN port:

Next, configure FastEthernet 0/24 as the destination SPAN port:

After entering both commands, we noticed our destination’s SPAN port LED (FE0/24) begun flashing in synchronisation with that ofFE0/1’s LED – an expected behaviour considering all FE0/1 packets were being copied to FE0/24.

Confirming the monitoring session and operation requires one simple command, show monitor session 1:

To display the detailed information from a saved version of the monitor configuration for a specific session, issue the show monitor session 1 detailcommand:

Notice how the Source Ports section shows Fa0/1 for the row named Both . This means that we are monitoring both RX & TX packets for Fa0/1, while the Destination Port is set to Fa0/24.

Turning to our Capsa Enterprise network analyser, thanks to its predefined filters, we were able to catch packets to and from the worksation monitored:

This completes our discussion on SPAN configuration and how to monitor/capture packets on a Cisco Catalyst switch.  Upcoming articles will cover RSPAN and more advanced packet capturing techniques using dedicated VLANs for captured traffic and other complex scenarios.