Colasoft Blog

As the big holiday Thanksgiving is coming very soon, Colasoft are wishing all of our customers and software users a great Thanksgiving! It’s time to sharing and spreading happiness, to celebrate this great holiday, we are preparing a big sale to offer you the most cost-effective software. It is coming very soon and up to 40% discount for both Capsa network analyzer and Colasoft nChronos will be available.

Free trail of Capsa network analyzer and nChronos is available for download at our website www.colasoft.com.

In business network settings, network administrators manage a large number of devices, like laptops, desktops, printers, switches and routers and they all have IP and MAC addresses. When we use a network analyzer to monitor the network traffic on the network, we can see lots of IP and MAC addresses. These addresses, however, aren’t friendly to read so we’d like to show their host names or give them labels.

In Capsa we use Name Table to do this job for us. With name table we can not only label IP addresses but also MAC addresses and we can delete, export or reload the address items there. We can right-click on an IP address or MAC address and we see Add to name table in context menu.

On the dialog box we can give the IP (or MAC) address and alias, also we can choose a color for it. If we don’t know the host name, we can click Resolve address to automatically look up its host name. Then click OK to save the input.

Now back to Capsa and we can see the address is already replaced by the name alias we just created. The Add to name table function is applicable to any item on Node Explorer and all other views except Summary, Protocol and Report views.

If we need upgrade or reinstall Capsa, we can use Export function to back up the name items. Click Name Table icon on the ribbon, and click Export button to save the name table file. Then after installation or upgrade we can use the Import function to reload the name items back to the system.

We are very excited to release the availability of Capsa Network Analyzer7.5. Except for the enhanced user interface, the biggest highlight of Capsa Network Analyzer7.5 is TCP flow analysis which makes it easier for network administrators to analyze application performance and pinpoint critical performance issues.

Capsa Network Analyzer 7.5 presents a comprehensive high-level overview of application health on your network. From TCP transaction analysis, you can easily access to more detailed information, including TCP server/client response time, delay, retransmissions, and further down to the server flow to observe the actual media content of the flow. “This unparalleled level of control and visibility speeds time to resolve application problems and minimize overall network downtime,” said Ocean Yu, Vice President at Colasoft.

In addition to MSN and Yahoo Messenger monitor, Capsa Network Analyzer 7.5 added ICQ monitor to meet the market demands. ICQ logs can be easily found at the log tab where detailed information is vividly displayed. Moreover, RADIUS protocol is supported as a new member in the more than 300 protocol analysis family.

Top Highlights of Capsa Network Analyzer 7.5:

1. Powerful TCP flow analysis for application performance optimization
2. Add ICQ monitor to analyze and log ICQ activities
3. Support RADIUS protocol analysis
4. Intuitive TCP transaction sequence diagram
5. Enhanced user interface & performance

Capsa 7.5 runs under Windows XP/2003/2008/Vista/7. A trial version is available for download.

Today we are very happy to announce the release of nChronos Free, the industry’s first retrospective network analysis freeware and rapid continuous network traffic capturing and analysis solution which offers great capabilities in troubleshooting real-time networks and fastest drilling down to back-in-time network analysis to thousands of network professionals.

nChronos Free enables network administrators and professionals to realize high-speed massive network packet real-time capture and record, provides efficient data mining, in-depth network traffic analysis, drill down to isolate performance issues and troubleshooting high-priority and critical network issues. nChronos Free offers home offices or SMB who could not afford costly network analysis solutions the capability of remote data capturing, efficient network troubleshooting, application and device performance evaluation and optimization.

“The advanced capabilities of nChronos Free are very essential to enterprises or organizations whose networks are challenged by growing network traffic and performance expectations, said Roy Luo, CEO at Colasoft. “nChronos Free make it easy for network professionals to maintain a well-performed and productive network by quickly pinpointing critical network issues”.

“Network professionals are not only able to capture network traffic in real-time and display detailed statistics including protocols, network utilization, and so on, but also to view analysis results of any specific time duration, benchmark the network performance, and audit network user activities with forensics from the historical network traffic”, said Eddie Gao, CTO at Colasoft. “By continuously recording network traffic for back-in-time analysis, all critical network issues that threaten network performance and network security would be proactively resolved”.

Key Features of nChronos Free

Perform 7×24 real-time packet capturing to storage for application and network forensics analysis and back-in-time troubleshooting
Efficient drill-down for traffic data-mining and index for rapid data retrieval and application isolation
Provide detailed statistics of protocols, IP/TCP conversations, network utilization to baseline and visualized trends of network performance
Monitor critical events on any critical links with customizable alerts
In-depth network traffic analysis to optimize performance

nChronos retrospective network analysis freeware is available for download HERE .

It is one of the essential duties for network administrators to monitor their network traffic like HTTP traffic to see what applications are running on the network. There are countless network traffic monitor tools in the market which make us dazzling and hard to choose. Except for those costly network monitors, Capsa Free is a totally network freeware which serves much better than common network monitors in monitoring network traffic like HTTP traffic.

This article is mainly to guide you through the steps of how to monitor HTTP traffic with Capsa Free.

Capsa Free is a must-have freeware network analyzer for network monitoring, network troubleshooting and network analysis. It provides users with great experience to learn how to monitor network activities, pinpoint network problems,enhance network security and so on. Moreover, Capsa Free is a perfect choice for students, teachers and computer geeks to learn protocols and networking technology knowledge.

Step 1: Download and install Capsa Free.
Step 2: Initiate Capsa Free, choosing HTTP Analysis as the analysis profile.

Step 3: View the HTTP traffic statistics in different tabs of Capsa Free.

a. Summary view: overall statistics of the capture.
b. Log view: webpage visiting records (anyone visited a website, logged here).
c. Dashboard view: important statistic data showing in visualized charts.
d. Diagnosis view: auto detected network errors.
e. Protocol view: the applications/protocols running on the network, traffic statistics.
f. Physical Endpoint & IP Endpoint views: traffic volume statistics of each node (by MAC address or IP address).
g. IP Conversation, TCP Conversation & UDP Conversation views: statistics on two communication nodes (from layer 3 to layer 4).
h. Matrix view: map of how hosts are communicated (MAC or IP addresses).

For the different tabs view, please click here.

May 31, 2011, Colasoft, the leading provider of innovative network analysis solutions, today announces the launch of nChronos retrospective network analysis software, providing customers with great capabilities to troubleshoot high performance networks and pinpoint critical performance & application issues.

As a brand new retrospective product, nChronos’ release has poured fresh and great power to Colasoft Network Analysis Technology. It performs massive packet capturing and recording, efficient data mining and in-depth network traffic analysis to empower customers the capability of visualizing the overall enterprise network activities, drilling down to isolate performance issues and troubleshooting high-priority and critical network issues. Furthermore, it consists of servers and consoles to achieve expediently remote data capture, decoding and analysis for efficient network troubleshooting, application and device performance evaluation and optimization.

“With nChronos, IT professionals are able to view a specific window of time to troubleshoot network problems, benchmark the network performance, and audit network user activities with forensics from the historical network traffic”, said Eddie Gao, CTO of Colasoft, “Exclusively, nChronos provides scalable mass storage capacity varies from 1TB to unlimited storage for packets and statistics retrieval to meet the customizable network requirements”.

Features of nChronos retrospective network traffic software:

7×24 real-time packet capturing and recording for forensics analysis
Retrospectively analyze historical traffic of any time period
Baseline and visualized trends of network performance
Critical links monitoring & alerting
In-depth network traffic analysis to optimize performance
Efficient drill-down for traffic data-mining & index

An evaluation copy of nChronos retrospective network analysis software is available. Click here to request.

We are very pleased to announce that Colasoft Capsa network analyzer has been upgraded to version 7.4, with great new features and enhanced interface and user experience.

Colasoft Capsa 7.4 is now capable of monitoring, troubleshooting and analyzing 802.11 a/b/g/n wireless networks, which make Capsa not only an Ethernet network analyzer, but a packet sniffer for both wired and wireless networks. Besides that, Capsa interface and user experience has been highly enhanced, too. We have made many changes and improvements like optimize start page layout, network profile settings, and so on.

Key Features of Colasoft Capsa 7.4:

Enterprise-class capabilities including NOC level visibility
Network Monitoring and Application Performance Monitoring
24*7 Continuous Network Traffic Capturing
Expert Analytics in Real-time and Post-capture
Extended Security Analysis
Traffic Statistics & Bandwidth Utilization
In-depth Packet Decoding and Ability to Drill Down for Network & Security Forensics

Colasoft Capsa 7.4 now has full different editions to meet different demands: enterprise edition, professional edition, WiFi edition and free edition. Free trails are all available at www.colasoft.com.

We are very glad to share with you that Capsa for WiFi, a professional and powerful wireless network analyzer is coming very soon. Not for long, it will officially be the new member of Colasoft Capsa network analyzer family.

Stay close:-)

During the process of analyzing a network problem with a network analyzer tool or a protocol sniffer, especially when we find a suspicious worm or backdoor activity, we get only useful information like MAC addresses, IP addresses and also the port number in transport layer. The analyzer may not even know which application layer protocol is used, even it tells, we still need to figure out which application or process is using this application layer protocol. Is there any method that we can find out the original application or process using that TCP or UDP port? If you are conducting an on-site analysis, Capsa can easily help find out which process is using what port.
Let’s see how.

Find out Port Number

For example, I spot in Capsa Free the following TCP connection suspicious, which constantly communicates to IP: xx.xx.0.183, on port 8000. So I’m going to look up the process name using this port.

Find Process ID (PID)

At once I evoke Command Prompt, and entered the following string and hit enter.

netstat –aon | findstr :8000

Explanation:

-a: list all active connections and their ports. –o: show process IDs. –n: display the port numbers numerically.

| findstr :8000: display only the items with string :8000 (findstr means find string). Don’t forget the pipe symbol | at the beginning.

Let’s see what we get.

We can read in this case 3968 is the PID, and the source IP address and the target address is the same as the first figure.

Find Process/Application

Next we’ll switch to another tool Process Explorer (a free tool that you can get from: http://technet.microsoft.com/en-us/sysinternals/bb896653) immediately. And we can easily find out the process or application of this PID: 3968.

I’m sure it’s an instant messenger used internal in my office and it’s safe. You can also try to find this PID in Windows Task Manager if you don’t have Process Explorer installed.

However task Manager will not provide as much information as Process Explorer. And command prompt is quite handy for geeks.

tasklist | findstr 3968

This command will list only the task items with string 3968. Please refer to previous command if you not sure about | findstr parameter.

Kill Process/Application

So next, you may want to kill a process when you find it’s malicious and want to end it at once? If you are with Process Explorer, you just right-click on a process item and choose Kill Process (Press Del button for short) to kill that process (you can do the same in Task Manager). Again, you may run the following in Command Prompt:

taskkill /F /PID 3968

Explanation:

/F means force to kill the process. And I suppose you understand PID so far.

Now we successfully detect and target the suspicious process with the specific port number, no matter UDP or TCP. And of course this procedure is reversible, you can find out the port number from the process’s PID.

It’s always a challenge for IT departments to anticipate how corporate technical demands will evolve, especially when IT budgets have been as tight as a drum for two years.

How do you “do more with less” and prepare for an explosion in bandwidth demand, a need to upgrade both software and hardware, and employees asking that work data be available on their personal smartphones?
The post-recession enterprise IT environment is only going to get more chaotic, but opportunities abound for the savvy IT manager, according to a new report from Technisource, a technology staffing and services company with clients ranging from the mid-market to global Fortune 500 companies.

The pressure to have “efficient operations and visibility into every aspect of the organization despite strict budget constraints has been the genesis of strategic trends that are re-shaping IT priorities, whether you are supporting an online retail portal, a university, or a high-tech manufacturing operation,” writes report authors Andrew Speer, Chad Holmes and Dick Mitchell.

Here are four trends Technisource says will play a key role in defining your organization’s priorities for the next year or more.

1. You’re Gonna Need More Bandwidth

It’s almost a guarantee that organizations of all sizes will increase bandwidth in 2011 and 2012 to support growing multimedia within the corporate network. The main technologies driving this need are video conferencing and tele-presence, VoIP and distributed storage networks.

The smart IT manager will stay ahead of the bandwidth curve by assessing WAN and LAN environments frequently and looking for ways to save money.
“Regularly review WAN options, with special emphasis on emerging access technologies that offer better deals on bandwidth and flexible provisioning plans,” the Technisource report states.

“On the LAN side, pay attention to your cabling plant as well as your switch and router fleet to ensure that there are no hidden bottlenecks to impede the inevitable upgrades you’ll be making.”

2. Prepare for More Mobility and User-Owned Devices

Mobile business apps are no longer a luxury, but a necessity at every level of the organization. Advances in Wi-Fi and other wireless technologies can put much of the corporate network in a worker’s pocket. Handheld devices are now commonly used to access corporate e-mail and sales reports, and track supply chain inventory in real time.

Looking ahead, Technisource predicts companies will establish their own internal “apps stores” that give employees password-protected access to software tools and other corporate resources.

IT departments should also prepare to use mobility asset management software to remotely configure and upgrade mobile apps and secure lost or stolen mobile devices by remotely wiping them clean of sensitive data. Finally, network and security admins must prepare for the inevitable: corporate users requesting to use their personal iPhones, Droids and other consumer-friendly smartphones for work purposes.

3. Ascending to the Cloud, One Careful Step at a Time

Companies are slowly but surely moving to some sort of cloud computing model. According to Gartner Group research, 8% of U.S. corporations had implemented a cloud service at the end of 2010, and Gartner expects that number to jump to over 50% by the end of 2012.

A cloud model offers obvious benefits: cheaper pay-as-you-go delivery methods, less operational complexity and fewer, if any, servers to manage.
But a cloud migration is complex, particularly at the enterprise level where data security is paramount.

“You’ll need to develop heightened level of data security for the cloud computing environment, where some, or all, of your critical data resides outside the traditional corporate firewall,” the Technisource report states, adding that cloud-based apps are also not as flexible, providing users with only a simplified menu of configuration and control options.

“Expect some snags when integrating several applications from different vendors into the seamless cloud platform of your dreams,” the report states.
As for return on investment guidance: Technisource writes that initial cloud ROI gain is in the first two years due to a decrease in infrastructure costs, but fee structures should be reviewed in the third year to make sure you’re getting the best deal.

4. The Windows 7 Upgrade Catch-Up

For most businesses, the Great Recession put a hold on any non-essential technology upgrades. But the standard four-year refresh cycles are timing out and hardware and software are getting long in the tooth, to the point where user productivity is sapped and security is at risk.

While users with old PCs obviously need newer and faster hardware, the main driver for upgrades in 2011 is to migrate from Windows XP to Windows 7-capable PCs.
“In 2009 only 7% of businesses had adopted Windows 7, or planned to do so over the next 12 months,” the Technisource report states, “but this has skyrocketed to 46 % in 2010.”

But migrating a large installed base of Windows XP machines to Windows 7 is an IT resource drain and a complicated process that includes re-loading user data, applications, drivers, preferences and settings.

By Shane O’Neill from arnnet.com.au