Posts Tagged ‘network security’

Colasoft Announces Capsa Data Packet Analyzer v7.8 Release

August 20th, 2014 No comments

August 20, 2014– Colasoft, an Oklahoma company, is a leading provider of innovative, affordable, network analysis software solutions. Colasoft today announced the release of its latest Capsa Network Analyzer, version 7.8, a real-time portable network analyzer for wired and wireless network monitoring, bandwidth analysis, and intrusion detection.

In addition to Bandwidth Monitoring and Traffic Analysis, Capsa Enterprise has added full support for VoIP communication analysis. Capsa customers can now, not only monitor VoIP calls, but also drill into a vast collection of call statistics detailing their jitter, loss, and MOS. The new VoIP Explorer and VoIP Diagnostic views allow users to visualize the VoIP data as Capsa visually displays the voice and video quality, assisting users in troubleshooting VoIP networks, software and hardware.

Colasoft has also added a new detailed Port Analysis view to their Capsa Enterprise packet capture application. This new Port Analysis view is quite useful in the analysis of application management issues to determine where the problem actually originates.

In addition to VoIP, Colasoft has added a new “Top Domain Name” view of the network traffic. Colasoft users can now view the traffic utilization by Domain Name in addition to IP Address. Additionally, this new release of Capsa Enterprise has added full support of IMAP4 to the hundreds of already supported protocols. A Free Trial version is available for download at:

With the increasing number of companies being hacked, Colasoft has seen a dramatic increase in the interest of its Capsa and nChronos products. As noted by Brian K. Smith, Vice President at Colasoft LLC, “Capsa is the only Packet Sniffer and Packet Decoder to provide an easy to use GUI combined with CyberAttack Detection features that were previously found only in more expensive Intrusion Detection Applications. Colasoft Capsa now offers the Network Engineer one of the most robust Bandwidth and Packet Analysis tools available.”

With the release of Capsa 7.8 there is now added support for protocols like: IMAP4, SIP, SDP, MEGACO/H.248, MGCP, Q.931, SAP, H.225, RMI, Oracle, MMS, GOOSE, SMV, and GMRP. Capsa also added several new VoIP protocols. Capsa inherently analyzes VoIP issues, like voice quality QOS, dropped packets and connectivity issues.

Capsa 7.8 is compatible with Windows XP/2003/2008/Vista/Windows 7/Windows 8 and Windows Server 2012. A trial version is available for download at:

Source Link

Among 10 Free Network Analysis Tools,Capsa Free Ranked First

December 31st, 2013 No comments

The article was written by Ericka Chickowski .She is an award-winning freelance writer, Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. Chickowski’s perspectives on business and technology have also appeared in dozens of trade and consumer magazines, includingChannel Insider, Consumers Digest,  Entrepreneur,  InformationWeek, Network Computing and SC Magazine.(Information from

Ericka Chickowski  recommended 10 free network analysis tools in her article,the first one is Capsa Free.

This is how Ericka Chickowski describes Capsa Free.

Capsa Free is an network analyzer designed for monitoring, troubleshooting and analysis, Capsa Freefrom Colasoft provides the capability to identify and monitor more than 300 different protocols. Users can record network profiles, create customizable reports and set customizable alarm trigger combinations. Additionally, Capsa offers MSN and Yahoo Messenger monitoring statistics, email monitoring and auto-saving of email content and an easy-to-use TCP timing sequence chart.” (Actually Capsa can  identify and monitor more than 400 different protocols now.)

Thanks Ericka, Thanks all the people who like Capsa.





How to keep your network away from FBHOLE worm?

June 9th, 2010 No comments

Facebook users have to be very careful when they’re hanging out on Facebook because a new worm called FBHOLE is out there everywhere. According to the reports that FBHOLE “doesn’t seem to be doing anything else than posting a message to people’s Facebook walls”. As an innovative network security software provider, Colasoft responses to analyze the worm immediately and we do get some ideas to help keep our users away from FBHOLE worm.

Behavior Study

If you click any post link like:[random number] (post name” try not to laugh xD”) on a post wall, you will probably be lead to a page like the figure below:

Figure 1: try not to laugh xD with a link

The web page pops up a message box tells that there are some errors. Of course you will click the OK button to close the dialog box readily. Once you click the OK button, you may find there is one more post submitted to your wall.

Figure 2: Error messages

After the study of the HTML and scripts of the web page, we find that wherever you click on this page, you will trigger a script that tries to submit the same post to your Facebook wall. All these are done by a hidden iframe showing below:

Figure 3: iFrame code

This iframe follows your mouse movements. Wherever you click on the page, you will always click the invisible “Publish” button.

Tips to keep your network away from FBHOLE worm:

Until now we find that is all it does without any further harm to your computer system. To help keep our users to away fromthis worm, we do have some suggestions:

1. Inform the users in your network not click any links shown in the Figure 1.
2. Set up a filter to monitor which users click these links.
3. Locate the computer and scan it with an anti-virus program because there are possibilities that the worm may evolve to infect the operation system.

How to Detect MAC Flooding Attack in your LAN?

April 6th, 2010 9 comments

In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The switch records these addresses to its CAM table. When the table is full, the switch cannot look up the right destination port, but to broadcast out on all ports. A malicious user could then use a packet sniffer running in promiscuous mode to capture sensitive data from other computers, which would not be accessible were the switch operating normally.

How to detect if there’s a MAC flooding attack in the network? In this article, I will demonstrate to you with Colasoft Capsa Analyzer.

For detecting MAC flooding attack. Let’s start capture, we start the analysis from the SUMMARY TAB. All these statistics seem right. Except one when we come to the Physical address count. There are more than a hundred thousand MAC addresses discovered in this network. How could this small network have so many machines? Possibly, it is a mac flooding attack.


We need to check the addresses in the NOD EXPLORE. Open the physical explorer, and look this number; there are more than 1800 MAC addresses in local segment. It’s abnormal; there is no way that so many machines exist in this network. And apparently, these addresses are not real. We are sure that there are worm activities, or attacks in the network.


Let’s see how these nodes are communicating. Open the MATRIX TAB. And we choose Top 1000 physical node matrix type. We see this matrix, what a mess! There are so many nodes communicating, and according to the colors of the line, red means one way transmitting.


And we can go to the PHYSICAL CONVERSATION TAB to read that it’s true. Almost all nodes only send one packet out. Most packets are 64 bytes.
We know that all machines in our network are connected with a switch. This looks like a MAC flooding attack.


Still, to confirm our prediction, we need to see the original data of the packets they send out. Open the PACKET TAB. We see the delta time between packets is very small, which gives a great pressure to the switch. Almost all packets are 64 bytes. And let’s look at the original data in the packets. Almost all packets are randomly generated by padding same digits in the packets.


According to all these behaviors, and decoded information from packets, we are pretty sure that there is MAC flooding in this network. But it’s hard to find the attacker’s address directly because all addresses are forged. However, we can cut some machines off the network to eliminate the innocent machines until we find the target one.
Watch the video tutorial of detecting MAC flooding attack is avaliable at Here!