Colasoft Blog

Dear customers,

Capsa Testing Group, dedicated to advancing the understanding and practice of Capsa software testing, is now established and waiting for your participation!

Join us in the effort to develop a better Capsa for WiFi by enrolling to Capsa Testing Group. You will not only have the chance to make a difference and get your needs implemented into the product, but also win an ipad and free license.

Join Capsa Testing Group now!

By ZhaoRui Meng — CCIE Security

Wireless technology is one of the most fast-growing network technologies. It has been spreading rapidly around the company, campus, public area etc. Unfortunately, many implementations are being done without attention to issues of security and authentication. As a result, many wireless networks are set up so that anyone with mobile equipment can access, even from outside the building. Anyone with the proper equipment can also spy on traffic. The problem with WLAN users is that very few understand how their data is sent through the air, much less comprehend the associated risks.

Recently a study discovered that 40 – 50% of the wireless users aren’t implementing any form of protection. Some wireless networks are encrypted with WEP key, which is significantly less secure than WPA. To prove my point, I randomly scanned wireless networks around my office building and found out 7 WLANs were encrypted by WEP keys, one network unencrypted among 15 SSID received. It takes no more than 10 minutes to crack a WEP password by BT3. WPA has helped to increase the security available to wireless network. But a good dictionary may brute forcing a WPA password when the pre-defined key is weak.

Due to the broadcasting nature of radio propagation at typical Wi-Fi frequencies, anyone on the street or in the neighborhood will have chance to access to it. A whole subculture has sprung up of people going around, scanning for open wireless nodes, and publicizing them to people who want free wireless access. Capsa for WiFi helps network administrators manage access control by monitoring access IP addresses and security. Capsa for WiFi can detect all access IP addresses as well as peer hosts activities, to monitor network activities and identify network penetration and scanning anomalies. More specifically, any wireless engineers can use Capsa for WiFi to lock down network intruders, monitor clients’ online activities, and spot malware like worms, ARP attacks, Trojan horses etc. To deploy Capsa for WiFi is as simple as to connect your Caspa for WiFi equipped station with a common wireless card to your AP and enable traffic capturing on the fly. You can realize wireless network management without setting up port mirroring.

We are very excited to share with you that the beta version of Capsa for WiFi is now available to public download. We’re sincerely inviting you to help us test Capsa for WiFi, your valuable feedback will be highly appreciated.

Capsa for WiFi is a powerful and professional wireless network analyzer for 802.11a/b/g/n networks which is compatible with all NDIS 6.0 wireless adapters. Capsa for WiFi shares not only the friendly user interface, but also the great capacity of capturing, analyzing and reporting that Capsa network analyzer has.

Capsa for WiFi Highlights:

 Support 802.11a/b/g/n
 Auto identify and decode with pre-entered WEP/WPA/WPA2 key
 Compatible with all NDIS 6.0 wireless network adapters
 Auto -scan all access points in the air
 Capture all wireless network packets from one or more APs and keep APs records
 Log DNS, Emails (SMPT POP3), FTP, HTTP & IM messages (MSN & Yahoo Messenger)
 Provide customizable analysis profile and 40 expert diagnosed network problems
 Provide powerful and customizable Reports
 Analyze post-events by replaying packet files

Download Capsa for WiFi beta here.

Dear customers, Colasoft Capsa Thanksgiving Big Sale already begun, we promise you can purchase Capsa Network Analyzer at the most favorable price which save you a huge amount of money. Don’t miss this unique opportunity. Just get your coupon now.

50% off for 3 and 5 Seats License.
40% off for 2 Seats License.
30% off for Single Seat License.
20% off for Renewal.

Dear customers, with the big holliday-Thanksgiving’s coming very soon, Colasoft are wishing you a great thanksgiving with Capsa Big Sale. We will provide up to 50% off for our flagship product-Colasoft Capsa Enterprise, you can purchase Capsa at the most favorable price on our Big Sale. Please stay close.

Colasoft just released a major upgrade of Capsa Network Analyzer a few days ago and we notice that the Security Analysis Profile is the most important new feature in Capsa 7.3 which helps users to locate and troubleshoot network issues and attacks like ARP attack, DoS attack and port scanning. Besides that, the feature of email auto-saving that users appreciated in previous versions had some adjustments. So, this article is aims to teach you how to save monitored email contents.

In Capsa Network Analyzer 7.3, if you need to save a copy of the monitored email to your hard disk, you should do the following:

Step 1. Enable Log Output

a. Go to the Start Page and click the Set Data Storage link on the right panel.
b. You see the Data Storage Options dialog box, highlight the Log Output tab and then check the Save log to disk checkbox.
c. Finish the settings of choosing file folder and setting up the rules to save logs in different files.

Step 2. Enable Email Copy

a. Double-click the analysis profile you want to use and enable the Email analysis module. Probably you’ll use Full Analysis or Email Analysis because they initially enabled the Email analysis module. This step is very important and if you don’t enable Email analysis module, Capsa will not analyze and capture any email.
b. Click Next and click Log Settings. You will focus on the Output Settings and make sure the Email Copy item is checked.

Set up as the instructions above, Capsa will save all captured inbound and outbound email contents to your hard disk. Why did you make these adjustments, you may ask? This is because users of the earlier versions might be toggled among different analysis profiles and they often forget to enable log output on different profiles. That means in previous versions, every analysis profile has a switch of email auto-saving. Therefore this time we can see the switch is made globally. Once you enabled log output, the logs will be saved to your hard disk no matter which analysis profile you choose.

It’s also notable that this time Capsa is able to output logs in multiple files as the rules you set. For example, you can set to save logs to a separate file every 10 minutes. It makes it easy for you to find useful logs in time-split small files rather than in a big log file.

I’m sure you already know how to save emails with Capsa 7.3 after reading through this article.

We are so proud to announces the release of Capsa Network Analyzer 7.3.1. A brand-new analysis profile-Security Analysis Profile is added as well as more powerful Reporting Capabilities to enhance user experience.

The newly-designed Security Analysis Profile makes it more convenient and easier for users to find out potential security events with six new customer-requested Views. With Capsa 7.3.1, users can not only choose to open and close specific View, but also set up the sequences of Views to display. Report Logo Preview is available in this version which highly enhances Capsa’s reporting capabilities.

Roy Luo, CEO of Colasoft, states, “This new version addresses users’ requirement of security events analysis and also demonstrate our responsiveness. We only display security-related information in Diagnosis and Matrix Views before, this time we add six Views to broaden the scope of Capsa and provide better analysis experience. We’ll spare no efforts to provide extended capabilities to Capsa.”

New features of Capsa network analyzer 7.3.1:

Unique security analysis profile, analyzing DoS attack, ARP attack, and worm activities, etc
Flexible tab management panel of the main view
Data Storage option on the Start Page for packet and log save settings
Add Report Logo preview in Report Settings

New Views in Security Analysis Profiles:

ARP Attack: detects ARP attack activities and provides source MAC addresses
Worms: detects suspicious worm activities and provides details including source IP addresses
Dos Attacks: detects devices joining in a DoS attack to attack a remote site, and provides details on the devices
Dos Attacked: detects the devices under a DoS attack and provides details on targeted devices to cut off the attack
TCP Port Scan: detects suspicious TCP port scanning activities and details including attacker addresses
Suspicious Conversation: detects suspicious conversations of HTTP, FTP, SMTP and POP3, and provides details to figure out the problem

Capsa 7.3.1 runs under Windows XP/2003/Vista/7. A trial version is available for download at the company’s website: http://www.colasoft.com/

Ian Harac, PC World, Sept 13th, 2010

When a program has a “free” edition, very often, it is just a demo without a time limit, offering only enough functionality to get you to buy the “real” version. Capsa 7 Free is not such a program; it’s a full-featured network traffic monitoring and reporting tool. The features you get for free, without a time limit or unceasing nags, are exceptional.

This high level overview is just the start of Capsa Free; you can drill down very deep to learn more about your network.

Capsa Free provides an ongoing look at everything that passes through a selected network adapter. (This is one of the few limitations of the Free version vs. the Professional and Enterprise versions; you can analyze only one adapter at a time. For most home or small business users, this will not be an issue.) It breaks the data down by protocol and IP address, the latter of which is very interesting from a home user perspective–a days’ casual surfing, captured and analyzed by Capsa, revealed I contacted computers in over a hundred different nations. You can also set it to store packets, with a variety of options for how many to store and how long to keep them. Later, you can rummage through them with Capsa, if you know what you’re looking for (or just want to peek under the hood and understand more about what happens between when you type an address in your browser and when you see a picture of a cat appear on your screen.)

For network administrators in small businesses, Capsa 7 Free is a potent tool with many analysis and testing abilities. With it, you can see what’s happening on your network, whether you want to monitor usage or determine if a connectivity problem really is on your end, You can hand-code packets and then send them to an adapter, in order to see what happens. The ability to set alarms if particular traffic patterns occur can help you see an attack coming and head it off, and there are tutorials on-line to help you do just that.

Capsa Free is a tool for professionals and enthusiasts. A casual home user will not find much use in Capsa Free, though, being free, it doesn’t hurt to check it out. Using it requires either a good knowledge of internet protocols and low level functionality, or a strong desire to learn such things. If most or all of your traffic routes through a single network adapter, you may never see a need to upgrade to the Professional edition, which starts at $549.00.

August 5, 2010.

Colasoft, an innovative provider of all-in-one and easy-to-use network analyzer software, today announces the release of a free network analyzer software-Capsa Free, which is fully functional with no expiry days. The intuitive, simple graphic network analyzer designed for personal and small business use is now totally free to the public. While Wireshark is regarded as the pioneer of the free network analyzer, Capsa is considered as the great combination of Wireshark and Polit, strong capturing ability plus powerful analyzing and reporting abilities. Seems unbelievable? Without any doubt, another great free network analyzer is born.

“Capsa Free is a great combination of powerful network monitoring, in-depth packet decoding, reliable network diagnosing, real-time alerting and thorough reporting ability, it provides you innovative solutions to numerous network problems”, said Roy, Luo, CEO of Colasoft, “as network security is becoming more and more important, by releasing the free but full functional network analyzer, we are hoping to offer a great chance for small business and networking geeks to learn more about network analysis techniques. We believe there will be more and more network analyst, just like “doctor in networking, more and more people are going to use an easy-to-use and powerful network management software. Capsa Free aims to fulfill our goal of largely promoting the popularization of network analysis techniques and make the maximize value of enterprise network.”

Capsa Network Analyzer Free Edition Highlights:

• Your own dashboard, important parameters in one place and in graphs
• Record network Profile, set your analysis objective and perform customized analysis.
• Powerful customizable alarm, customize dozens of alarm trigger combinations.
• Identify and analyze more than 300 network protocols, create and customize protocols, analyze unique protocol traffic.
• Intuitive TCP timing sequence chart.
• Accurate MSN & Yahoo Messenger monitoring statistics.
• Email monitor and auto-saving Email content.
• Enhanced, Customizable Reports.
Capsa Free runs under Windows XP/2003/Vista/7. Download it here.

There comes the moment when the local network becomes very slow and they are suspicious of downloading in their network. To ensure the normal use of bandwidth, they need to find out who’s downloading in the network quickly and stop them to make sure everyone can work with efficiency. But many just don’t know how where to get started.

With Capsa Network Analyzer, you can find out the downloading computers within five minutes. Capsa captures all the traffics in the network, going-in and coming-out, and analyzes them to provide you enough statistics of the traffic. To find out who is downloading, we always start from looking into traffic volume of each machine.
Why should we start from traffic volume? That’s because when the downloading is digesting your bandwidth greedily, they will always generate greater traffic volume, not packets but bytes number.

Step1. Run Capsa, using Full Analysis with no filter, and capture traffic for three minutes.
Step2. Highlight IP Explorer -> Local Subnet in Node Explorer window.

Step3. Open the IP Endpoint tab in the Main View.Click Bytes column header to rearrange the list in DESC order.

The IP addresses with the longest bars on the top of the list are the suspects. But we need to eliminate the ones we trust. Then, we locate the machines with their IP addresses and warn them to stop downloading right away. It takes no more than five minutes and really it’s simple, right?

This article focuses on normal downloading, while there is another kind of downloading, Bit Torrent, out there. If you are interested about finding out Bit Torrent downloading in your network, please refer to here.