Archive

Posts Tagged ‘Colasoft Capsa’

Case Study: TripleTech IT Solutions

January 13th, 2016 No comments
  “Colasoft’s Capsa is exactly what we are looking for. After the first time using it, we just stopped searching for any other network analysis software. It is a great product with competitive price. Besides, Colasoft’s Capsa is easy to implement and has a lot of features and very good reports.”

– Vinicius Barrado, IT Director, TripleTech IT Solutions

Company Brief

TripleTech IT Solutions offers outsourcing and consulting/services in network, security and database.

The Challenge

As a consulting and outsourcing company, TripleTech IT Solutions needs software which could analysis clients network in an easy and clear way and counts a lot whether the software could provide them a detail report. Besides, TripleTech IT Solutions needs software which could cost less time to generate reports of network.

The Solution

Easy to implement, Colasoft Capsa gives a quick report which is the principal criteria for TripleTech IT Solutions to find a network analyzer.

After using Capsa, business process Network analysis of TripleTech IT Solutions is enhanced, because it saves TripleTech IT Solutions a lot of time and money in producing the final report for their clients.

Voice

“Capsa enhanced my Network Analysis process and save me time and money.”

Contact Info

Address: Av. Nazare, 1139, São Paulo – SP
Phone: +5511995886048
Email: vinicius.barrado@tripletech.com.br
Website: www.tripletech.com.br

Learn More

Categories: News & Events Tags:

Improve Network Efficiency With Colasoft Capsa Conversation Colorization Feature

October 10th, 2015 No comments

Troubleshooting network problems can be a very difficult and challenging task. While most IT engineers use a network analyzer to help solve network problems, whenanalyzing hundreds or thousands of packets, it can become very hard to locate and further research conversations between hosts. Colasoft’s Capsa v8 now introduces a new feature that allows us to highlight-colorize relevant IP conversations in the network based on their MAC address, IP Addresses, TCP or UDP conversations.

Download your copy of Colasoft Capsa v8 and discover how easy it is to identify network related problems.

This great new feature will allow IT engineers to quickly find the related packets of the conversations they want to analyze emphatically, using just a few clicks.

As shown in the screenshot below, users can colorize any Conversation in the MAC Conversation View, IP Conversation View, TCP Conversation View and UDP Conversation View. Packets related to that Conversation will be colorized automatically with the same color.

Take TCP conversation for example, choose one conversation, right-click it and choose “Select Conversation Color” in the pop-up menu:

Figure 1. Selecting a Conversation Color in Capsa v8.0

Next, select the color you wish to use to highlight the specific conversation:

Figure 2. Selecting a color

Once the color has been selected, Capsa will automatically find and highlight all related packets of this conversation using the same background color:

Figure 3. Colasoft Capsa automatically identifies and highlights the conversation

The relevance between a conversation and its packets is enhanced by colorizing packets which greatly improves analysis efficiency.

If you’re a network administrator, engineer or IT manager, we strongly suggest you try out Capsa and see how easy you can discoverand resolve network problems.

From: http://www.firewall.cx/general-topics-reviews/colasoft/capsa-network-analyzer/1106-colasoft-capsa-colorization-feature-improve-network-analysis.html

 

Capsa by Colasoft: A Network Engineer’s Product Review

February 9th, 2015 No comments

By Shane Killen

I wanted to take the opportunity to do a review of the Colasoft Capsa program.  I have been asked about this program often, and I think it is time I do a review. Everyone knows that I like this program and I personally use this network analyzer all the time in my consulting position.  I love it and I have recommended this program on my blog and to customers of the company I work for.  It has saved me time and money in diagnosing problems.  And if I’m saving money, that means my customers are saving money.  And everyone loves that!

A personal story:
Just to start this out, I want to tell you a quick, condensed story.  I had a customer that called me up one morning.  They told me that their network was “crawling” and they wanted to know if I knew of anything going on.  I was at another client at the time, and all I knew to say at that point was that I could come over and take a look.  They told me to hold off at the moment, and they would call me if you needed me.  By the time 4PM came, I called that customer back to see what they had found.  He told me that they still had the problem, and they wanted me to come on in and see if I could find the problem.  I did just that.  From the time I got there and started working on the problem, I set up a monitor session and connected my laptop up.  Within 10 minutes, I told them what was the problem, what was causing the problem, and how it needed to be resolved.  It was a device that had a NIC that started flooding the network.  180K packets per second (Capsa told me this).  They went and disconnected the offending network cable for the device, and everything came back up without issue.  Key NOTE:  They had been working all day on this problem without resolution.  I came in and within 10 minutes pointed out what the problem was, what was causing the problem, and what to do to fix it.  I was able to do this with the Capsa network analyzer within 10 minutes of starting the troubleshooting.  In this example, think of how much money and productivity was lost. The very next day, this customer bought Capsa.

Now, the review:
At first look, the Capsa dashboard has a very nice look and feel to it. The dashboard colors are easy on the eyes when looking at it for long periods time, which is important when needing to troubleshoot problems.  You don’t need something hard to look at on top of using your brain to pinpoint issues, and Capsa is certainly easy on the eyes.  See below for the first look.

The layout is also well designed.  The tabs across the display make it easy to navigate to areas you need to get to.  Its almost like the company had true technical engineers design the layout.

The first display I tend to look at and use is the default view.  You can easily customize this to whatever it is you are looking for.  Capsa puts out some displays for you by default.  The defaults are good, but if you need more for what you are trying to accomplish, they made it very easy to add to this display if you want to.  I personally modify it to what I like to see.

The “Summary” tab has very good statistical information in it.  I personally dont use this tab much, but if you are looking for general statistical information about your network, this is a good place to view.  I do know engineers that just want to take samplings on a network, and this is a good tab to view for just that.  Things like Diagnosis statistics, Traffic statistics, Packet size Distribution statistics, Protocol statistics by OSI model, etc.  Again, very good for taking statistical snapshots during timed intervals.

This next tab is really handy for doing network assessments.  Its called the “Diagnose” tab, and this tab will tell you potential problems on the network that Capsa sees.  Anything from delays, re-transmissions, SMTP server slow response, HTTP client error, etc. And when I say “etc”, I mean a lot of “etc”s.  I use this all the time, and its very handy and helpful for the network engineer.  Its handy because it even makes suggestions on what the actual problem resolution might be.  That is a pretty cool feature.

The next tab shows a “Protocol” view of the network.  This is an excellent view into what protocols are traversing your network.  If you see a protocol in this display that you didn’t want on the network, this is a great place to see it quickly.  Easy to see and right in front of your eyes without the need to sift through traffic or selecting a column view and then finding the protocol.  Its just right in front of you with ease to see.  This is very helpful when in a hurry to hunt down what you don’t want on the network, as far as protocol view is concerned.  I have had plenty of times when trying to see what protocol is running on a network, just to know for sure what is there and what is not there.  And when Im doing a deep inspection of a network, this is definitely one view I look at.

The “Physical Endpoint” tab gives you a view into the layer 2 and layer 3 view into the network for statistics.  I personally don’t use this view much.  However, I do see the benefit of this tab.  You can find problems by either MAC address or IP address, like a malfunctioning NIC.  This is a good statistical view of that.  I personally will see it in the default view, because Ill customize the view there to see such things.  But, this is also a great place for that sort of detail.  One thing I really like about this view is that you can see the actual packets if you choose to.  Just like what you would see in a wireshark packet capture.  This is a great feature.

The “IP Endpoint” is a layer 3 view only into this view.  Its very similar to the “Physical Endpoint” tab, with the same features for the most part.  This is mostly a statistical view.  Again, you can see the actual packet here if you want to see it, just like in wireshark.  I have used this screen to find packets from a particular IP address, so that I can use the packet view before.  This is very handy and easy to find what you are looking for if you are looking for a particular IP address.  From the “offender”, you can view all you want as far as raw packets go.  I personally like this and have used this often in the past.

The “Physical Conversation” and “IP conversation” tabs has some important information for troubleshooting delays, etc.  I personally have used this tab a lot, especially when looking for delays in traffic to find out what is actually happening.  There is a lot of good information in these tab views.

The “TCP Conversation” view is an excellent view for seeing delays, etc.  In application type delays, you can easily prove where delta delays are when everyone is pointing at the network as fault.  I have used this many times to prove application delays, and where the network was fine.  This view makes it very easy to see these types of delays with transaction sequence diagrams, along with seeing the actual packet if you want to (which I do).  Again, it just makes it easy.  See below for a screenshot.

The “UDP Conversation” view is similar, with the exception of a data flow view.  After all, its UDP.  I personally dont utilize this tab much.  Although, I do see the value in seeing the conversations between devices.

There is now a new section called “VoIP Call” tab.  I have experimented with this and I do like this tab.  It will show you the calls made via SIP, the status of the calls, duration, invite time, etc.  It even has a “translatorX” like view if you are a visual person and want to see the call setup steps that each call has taken.  This is especially helpful when troubleshooting failed SIP calls.  This is a welcomed addition to the Capsa package.  With that said, I must tell you that for now, it only will recognize SIP calls.  It will not recognize H323, MGCP, or SCCP.  I have to admit, that is a little disappointing.  However, that is really the only negative thing I can say about this tab.  But, I suspect that will change in the future.  But, keep in mind, you can still view H323, MGCP, and SCCP in the other tabs if you looking for them.  Its just not in this tab.  Overall, I’m still impressed with this VoIP capability.  I’d really like to show you this screen, but there is just too much sensitive information I cant give out in my capture.  So I’m only going to show you a piece of the screen, so that you get the idea of what you will see.  I did blot out the personal info on this screenshot, but again, there is more to this screen than what I’m showing below.

There is a new “Ports” tab that shows all the ports being used on the network.  From here, you can view the traffic conversations, along with the data flows.  Again, this is really important in finding delays, etc.  I really like this new addition to the Capsa product.

There is a “Matrix” tab which shows you in a circular diagram the traffic from source to destination.  I dont use this much, except to get an impression on how many devices are actually talking to each other.  From here, you can, again, look at the raw packets.  I have heard other engineers say they like this view.  I think this must be just personal preference.

The “Packet” tab takes you right to the raw packet view.  Again, this is convenient, as you can go directly to search for specific IPs or MAC addresses quickly. And again, with all the info you would need in the display for finding what you want in the packet capture.

The “Log” view is just that.  It shows you a log of successful and failed events.  Anything from a global view of all traffic, to seeing only DNS, Email, HTTP, etc types of traffic.  This is an excellent addition to the product when you need to see events outside a packet view.

The last tab is called “Report”.  I absolutely love this tab.  For the executives, you can run the reports they want to see without them actually being technical in nature.  Lets face it, they just want the high level overview.  They dont want to see the packet details, the troubles, etc.  They just want the facts, and these canned reports will give them just that.  Also, you can customize your own reports as well.  You can even customize this to your company name, logo, etc.  This is a nice feature.

Other features:
You can get Capsa to send you an audible alarm when an event happens, something you customize yourself.  You can also get it to send you an email when the event happens, if you happen to not be in front of your Capsa PC/Server.

I also like the displays across the top of the program.  I use the “utilization” and “pps” (packets per second) displays almost every time I use Capsa.  These views are easy to detect broadcast storms, over utilization, etc. There is also a “Traffic Chart (bps)” chart that is a visual of the amount of traffic that is on the network.  I like these views for sure.  They are always up front and if something starts happening on the network, you can easily see some of these types of events in these displays.  Very handy when you are going through the tabs and still able to see these views at the top.  I personally like that this was carefully thought of for the network engineer.

Another thing I like, is that if you are looking for only certain types of traffic, you can filter Capsa to only display that traffic without seeing all the other traffic you are not looking for.  This is handy when you know where the problem is, but dont know the cause of the problem.

One thing to note here in this review.  I have mentioned a lot of features in this program.  However, what I have not mentioned is ALL of the capabilities in each tab.  There are a ton of things you can do in most of the tabs.  Don’t think I covered everything.  I have only covered a fraction of what you get out of this product. What I suggest is that you go and download a demo of this product.  Try it for yourself and download a trial of this to see if you like it.  Visit Colasoft at www.colasoft.com, and let me know how you like it.

About Shane Killen

Shane Killen currently works at a consulting company in Birmingham, Alabama.  It is a consulting firm that deals with most aspects of IT Technology.
He works as a IT consultant, serving as a Senior Network Engineer. Shane Killen has been working in IT professionally since 1996.  Certifications currently hold –  Cisco CCNP (R&S), Cisco CCNP Voice, Cisco CCDP, Brocade BCNP, ShoreTel Advance Systems and Troubleshooting, CompTIA Network+, CompTIA A+, CSSA, Palo Alto ACE.

From: http://www.shanekillen.com/2015/02/capsa-by-colasoft-product-review.html

Review: Colasoft Capsa Network Analyzer Enterprise Edition 7.8 – software.informer.com

October 15th, 2014 No comments

Colasoft Capsa Enterprise is a network management solution aimed at small and medium-sized businesses and network administrators. This network traffic analyzer lets users monitor, detect, and troubleshoot network issues in a fast and simple manner. Among the powerful features this edition of Capsa includes is the ability to monitor both Ethernet and wireless networks.

As a comprehensive network sniffer, Capsa Enterprise is able to perform different types of analysis and tests over one or multiple wired and wireless connections (like 802.11a/b/g/n). It lets you run analysis of specific aspects of your network or a full Test providing an exhaustive level of detail. Capsa is able to perform packet capture in real time, monitor traffic, run security analysis to detect potential security risks, map the traffic and MAC, IP addresses of every host on the network, as well analyse different protocols like HTTP, FTP, and DNS, and applications like IM, Email (POP3, IMAP4, SMTP), and VoIP, letting you log and save data to disk. These complex tasks are carried out in a fast and simple way, with literally a few clicks.

Besides its straightforward interface, it is worth highlighting the way Capsa displays the data obtained by means of graphs, charts, and statistics that are easy to read and interpret, letting users detect and address potential issues in the most effective way. With the analysis results ordered in tabs and the several filters available it is easy to find the information you want to focus on. The Dashboard is the first section you will see once the analysis is on; and there are several view modes to choose from, including the possibility of adding or removing panels. Another tab that deserves particular mention is the Matrix tab, which maps network traffic between network nodes in a graph.

Other tools available in the pack include Packet Player, Packet Builder, Ping, and MAC Scanner, the possibility of scheduling tasks and adding alarms.

To sum up, Colasoft Capsa Enterprise is a tool that combines powerful features with in-depth analysis and statistics, essential for network adminitrators and engineers. This network sniffer has a cost of $995 and the free demo version is fully functional for 15 days.

Pros

  • Comprehensive network analyzer with powerful features.
  • In-depth network analysis.
  • Data is displayed in easy-to-read graphs.
  • User-friendly.

Cons

  • None.
Download Capsa
 
       from:  http://colasoft-capsa-enterprise.software.informer.com/

Colasoft Capsa Won the Best Products of 2012 Award from PC Magazine

January 23rd, 2013 No comments

Colasoft received the Best Products of 2012 Award from PC Magazine for Colasoft Capsa, one of our flagship software products designed for LAN and WLAN network monitoring, troubleshooting and analysis. Capsa gets a 4.5-star Editors’ Choice pick for networking utilities.

The editors of PC Magazine note that Capsa is a well-designed, fairly user-friendly (at least for network admins), Windows-oriented network analysis tool that offers network admins deep insight into their networks without the steep learning curve required to learn the ins and outs of Wireshark, plus Capsa is heavier on data visualization.

Source: http://www.pcmag.com/article2/0,2817,2408410,00.asp

Categories: News & Events Tags:

Colasoft Capsa 7.4 Now Support 802.11 a/b/n/g Wireless Networks

March 16th, 2011 No comments

We are very pleased to announce that Colasoft Capsa network analyzer has been upgraded to version 7.4, with great new features and enhanced interface and user experience.

Colasoft Capsa 7.4 is now capable of monitoring, troubleshooting and analyzing 802.11 a/b/g/n wireless networks, which make Capsa not only an Ethernet network analyzer, but a packet sniffer for both wired and wireless networks. Besides that, Capsa interface and user experience has been highly enhanced, too. We have made many changes and improvements like optimize start page layout, network profile settings, and so on.

Key Features of Colasoft Capsa 7.4:

Enterprise-class capabilities including NOC level visibility
Network Monitoring and Application Performance Monitoring
24*7 Continuous Network Traffic Capturing
Expert Analytics in Real-time and Post-capture
Extended Security Analysis
Traffic Statistics & Bandwidth Utilization
In-depth Packet Decoding and Ability to Drill Down for Network & Security Forensics

Colasoft Capsa 7.4 now has full different editions to meet different demands: enterprise edition, professional edition, WiFi edition and free edition. Free trails are all available at www.colasoft.com.

Colasoft Capsa is On Big Sale, Up to 50% Off

November 22nd, 2010 1 comment

Dear customers, Colasoft Capsa Thanksgiving Big Sale already begun, we promise you can purchase Capsa Network Analyzer at the most favorable price which save you a huge amount of money. Don’t miss this unique opportunity. Just get your coupon now.

50% off for 3 and 5 Seats License.
40% off for 2 Seats License.
30% off for Single Seat License.
20% off for Renewal.

Colasoft Thanksgiving Big Sale’s Coming Soon

November 16th, 2010 1 comment

Dear customers, with the big holliday-Thanksgiving’s coming very soon, Colasoft are wishing you a great thanksgiving with Capsa Big Sale. We will provide up to 50% off for our flagship product-Colasoft Capsa Enterprise, you can purchase Capsa at the most favorable price on our Big Sale. Please stay close.

How to save monitored email contents with Capsa 7.3

November 4th, 2010 No comments

Colasoft just released a major upgrade of Capsa Network Analyzer a few days ago and we notice that the Security Analysis Profile is the most important new feature in Capsa 7.3 which helps users to locate and troubleshoot network issues and attacks like ARP attack, DoS attack and port scanning. Besides that, the feature of email auto-saving that users appreciated in previous versions had some adjustments. So, this article is aims to teach you how to save monitored email contents.

In Capsa Network Analyzer 7.3, if you need to save a copy of the monitored email to your hard disk, you should do the following:

Step 1. Enable Log Output

a. Go to the Start Page and click the Set Data Storage link on the right panel.
b. You see the Data Storage Options dialog box, highlight the Log Output tab and then check the Save log to disk checkbox.
c. Finish the settings of choosing file folder and setting up the rules to save logs in different files.

log_output

Step 2. Enable Email Copy

a. Double-click the analysis profile you want to use and enable the Email analysis module. Probably you’ll use Full Analysis or Email Analysis because they initially enabled the Email analysis module. This step is very important and if you don’t enable Email analysis module, Capsa will not analyze and capture any email.
b. Click Next and click Log Settings. You will focus on the Output Settings and make sure the Email Copy item is checked.
log_output_settings

Set up as the instructions above, Capsa will save all captured inbound and outbound email contents to your hard disk. Why did you make these adjustments, you may ask? This is because users of the earlier versions might be toggled among different analysis profiles and they often forget to enable log output on different profiles. That means in previous versions, every analysis profile has a switch of email auto-saving. Therefore this time we can see the switch is made globally. Once you enabled log output, the logs will be saved to your hard disk no matter which analysis profile you choose.

It’s also notable that this time Capsa is able to output logs in multiple files as the rules you set. For example, you can set to save logs to a separate file every 10 minutes. It makes it easy for you to find useful logs in time-split small files rather than in a big log file.

I’m sure you already know how to save emails with Capsa 7.3 after reading through this article.

How to keep your network away from FBHOLE worm?

June 9th, 2010 No comments

Facebook users have to be very careful when they’re hanging out on Facebook because a new worm called FBHOLE is out there everywhere. According to the reports that FBHOLE “doesn’t seem to be doing anything else than posting a message to people’s Facebook walls”. As an innovative network security software provider, Colasoft responses to analyze the worm immediately and we do get some ideas to help keep our users away from FBHOLE worm.

Behavior Study

If you click any post link like: http://www.fbhole.com/omg/allow.php?s=a&r=[random number] (post name” try not to laugh xD”) on a post wall, you will probably be lead to a page like the figure below:

try_not_to_laugh
Figure 1: try not to laugh xD with a fbhole.com link

The web page pops up a message box tells that there are some errors. Of course you will click the OK button to close the dialog box readily. Once you click the OK button, you may find there is one more post submitted to your wall.

error_message
Figure 2: Error messages

After the study of the HTML and scripts of the web page, we find that wherever you click on this page, you will trigger a script that tries to submit the same post to your Facebook wall. All these are done by a hidden iframe showing below:

iframe_code
Figure 3: iFrame code

This iframe follows your mouse movements. Wherever you click on the page, you will always click the invisible “Publish” button.

Tips to keep your network away from FBHOLE worm:

Until now we find that is all it does without any further harm to your computer system. To help keep our users to away fromthis worm, we do have some suggestions:

1. Inform the users in your network not click any links shown in the Figure 1.
2. Set up a filter to monitor which users click these links.
3. Locate the computer and scan it with an anti-virus program because there are possibilities that the worm may evolve to infect the operation system.