Colasoft Blog

Service Port Monitor

nChronos 4.3 provides a Port view and a Service Access view to monitor and analyze service ports. The Port view calculates the statistics based on IP address + TCP/UDP service port. Together with the sorting function of nChronos, you can easily know which service ports are running on the network, and running for which IPs. The Port view further provides other information about the service port, including the application, the uplink and downlink traffic, the service access time, access times, etc. The Service Access view calculates the statistics based on server and client IPs, port number and applications. It provides the access details for each service port. You can drill a service port down to a specific service access session.

VLAN and VPN Virtual Link Support

nChronos 4.3 provides support for virtual links, including VLAN and MPLS VPN. You can add virtual interfaces and set up network links based on the virtual interfaces. There is a VLAN view, which displays traffic statistics based on VLAN ID. An MPLS VPN view is also provided to display traffic statistics based on MPLS VPN label. Together with the name table function of nChronos, you can add names for VLANs and MPLS VPNs.

Millisecond Analysis

Millisecond analysis provides traffic analysis accurate to one millisecond. It is important for users who care about transient traffic burst. Colasoft nChronos 4.3 provides millisecond traffic statistics and millisecond traffic alarm. Users can define any millisecond traffic alarm according to the need. The Millisecond Analysis window displays the millisecond traffic statistics trend charts in real-time.

Multi-Segment Analysis

Sometimes the responses from large websites are very slow, and to find out the system bottleneck for the websites, it is necessary to analyze each link of the websites. Colasoft nChronos 4.3 provides a multi-segment analysis function, which associates and correlates the data of the same conversation collected on two or more network segments, and displays graphical performance analysis results, like packet loss, delay, retransmission, etc., thus providing visibility into the areas where bottlenecks may occur. A Multi-Segment Analysis window has a timeline pane to show the traffic trends of monitored links. When a conversation is analyzed, the conversations on other segments will be picked up and analyzed automatically.

A Multi-Segment Detail Analysis window shows the detailed analysis results and visualizes the conversation flow across multiple segments. When clicking and hovering a packet, correlated packets will be highlighted, the time difference between the packets will be displayed, and the packet view will show the in-depth decoding information for that packet.

Storage Filter

nChronos 4.3 provides Storage Filter for users to store packets that match the filer rules. You can define the filter rules based on IP/MAC address, port number, protocol type, packet size, etc., and only packets matching the rules will be stored. Besides the filter rules, Storage Filter provides a functionality to truncate the stored packet to a specified size. With Storage Filter, you can store interested packets, and even store only the first few bytes of interested packets. It saves storage space, and helps you avoid from policy problems in some environment.

from: http://www.colasoft.com/nchronos/whatsnew.php

Reviewed by Michael Black on 13 Feb 2014 (version tested: 7.7.2)

Overview

Anyone working in the IT Industry could benefit from using Capsa Professional, this software is capable of tracking network activity to a very extensive degree. The list of available features goes on and on, with the main feature being detailed packet monitoring, and a tremendous amount of information regarding traffic on your network. Capsa also offers some really helpful guides for new users who aren’t familiar with this type of interface. Using this software can help you track down the root cause of a slow or unstable network, and also assist in fixing the problem.

Installation

You can download and install the 15 day trial of Capsa Professional for free, and it is only compatible with Windows. The trial is also limited in features, but you’ll still get the look and feel of the full program. No bundled software included, just a regular installation and you’re on your way.

Interface

Capsa Professional offers a large, scale-able interface, and is all around pretty easy to navigate once you become acquainted with the software. Most of the tools will open up in a new window, which ensures that your main screen never gets cluttered with different tabs. However, with this much information, it’s pretty much guaranteed to be overwhelming at first — unless you’re a seasoned network professional. In general, Colasoft did a great job organizing the extensive list of features, which is not an easy task.

Interface is a major issue with most suite-style network monitoring software, and it’s very refreshing to see something as well put together as Capsa.

Pros

Along with the aforementioned packet monitoring capabilities, intelligently organized UI, and the fact that it can narrow down network issues to help find the root cause of a problem, there’s plenty more. Capsa Professional can be used to scan all MAC addresses on your network, as well as grab their IPs, names, and information about the manufacturer. You can also monitor a specific network adapter, or multiple, such as your ethernet port, wfii adapter, or both.

The tutorials are fantastic as well, as mentioned above, and there are even specific guides such as “How to monitor Employee Website Visits”.

Cons

The program is stable, offers everything you’ll need in network monitoring, and there’s really nothing I can say that needs work at this point. Obviously the heavy price tag is a bit daunting, but considering this software is really only necessary in a large work environment, it’s nothing to complain about.

Alternatives

Also, Capsa even offers a free version, much more suited towards troubleshooting home network issues.

Conclusion

Troubleshooting network issues can be a major pain for any IT Technician, and I’ve personally been in that situation numerous times. Using Colasoft Capsa Professional will greatly reduce the time you spend trying to find the cause of these problems, and will help you get the issues resolved much quicker.

Requirements: P4 2.8G CPU, 2G RAM, Internet Explorer 6.0 or higher

From: download3k.com

By ZhaoRui Meng — CCIE Security

Wireless technology is one of the most fast-growing network technologies. It has been spreading rapidly around the company, campus, public area etc. Unfortunately, many implementations are being done without attention to issues of security and authentication. As a result, many wireless networks are set up so that anyone with mobile equipment can access, even from outside the building. Anyone with the proper equipment can also spy on traffic. The problem with WLAN users is that very few understand how their data is sent through the air, much less comprehend the associated risks.

Recently a study discovered that 40 – 50% of the wireless users aren’t implementing any form of protection. Some wireless networks are encrypted with WEP key, which is significantly less secure than WPA. To prove my point, I randomly scanned wireless networks around my office building and found out 7 WLANs were encrypted by WEP keys, one network unencrypted among 15 SSID received. It takes no more than 10 minutes to crack a WEP password by BT3. WPA has helped to increase the security available to wireless network. But a good dictionary may brute forcing a WPA password when the pre-defined key is weak.

Due to the broadcasting nature of radio propagation at typical Wi-Fi frequencies, anyone on the street or in the neighborhood will have chance to access to it. A whole subculture has sprung up of people going around, scanning for open wireless nodes, and publicizing them to people who want free wireless access. Capsa for WiFi helps network administrators manage access control by monitoring access IP addresses and security. Capsa for WiFi can detect all access IP addresses as well as peer hosts activities, to monitor network activities and identify network penetration and scanning anomalies. More specifically, any wireless engineers can use Capsa for WiFi to lock down network intruders, monitor clients’ online activities, and spot malware like worms, ARP attacks, Trojan horses etc. To deploy Capsa for WiFi is as simple as to connect your Caspa for WiFi equipped station with a common wireless card to your AP and enable traffic capturing on the fly. You can realize wireless network management without setting up port mirroring.

What Is an Email Worm
In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers.

What Is the Harm of Email Worm
An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash.

How to Detect Email Worm
If you are suspicious some host in your network is infected with an email worm, here is a process how we can detect email worm in network with Colasoft Packet Sniffer, step by step.

>Step1. Download a free trial and deploy it properly.

>Step2. Launch a Project and Start Capturing Some Traffic.

>Step3. Switch to “Diagnosis” Tab
Diagnosis tab is a view we can see all the network issues automatically detected by Colasoft Packet Sniffer, also some causes and solutions are suggested.

Diagnosis Tab Screenshot

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:

SMTP Events in Application Layer

>Step4. Locate the Source IP
Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the “Explorer” with the “Locate” shortcut in the right-click menu.

Locate Source IP

>Step5. Switch to “Logs” Tab
Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the Tab like this:

View Email Logs in "Logs" Tab

No doubt the final step is to isolate the host and kill the email worm with some AV software

Also there will be some other process to detect email worm with Colasoft Packet Sniffer, this is the shortest one.

For some purposes we want to monitor MSN chat around the network, for example, parents want to monitor MSN chat of their kids to ensure their safety; bosses want to monitor MSN chat of employees for company assets security and to improve work efficiency by minimizing none-business chat during working hours. You may still remember Colasoft MSN Monitor, now it is called Unipeek MSN Monitor and it is distributed completely Free for none commercial users.

Now let’s see how we can monitor MSN chat with Unipeek MSN Monitor, the free tool.

Step1. Download Unipeek MSN Monitor

Download Unipeek MSN Monitor, the free edition; from the website. As a matter of fact there is no function difference between Unipeek MSN Monitor the free edition and the commercial edition. The only difference is Unipeek MSN Monitor Free Edition only supports 10 MSN accounts maximum, but quite enough for family users.

Step2. Install and Deploy Unipeek MSN Monitor

The installation is quick and simple, just click “next” all the way to complete the installation. But the deployment is somewhat different. As Unipeek MSN Monitor is designed based on Colasoft’s packet capturing technology, so it has to be deployed properly like a packet sniffer if you want to monitor all MSN chat around the network. Of course, you don’t have to do it if you only want to monitor MSN chat of a single computer. To monitor multiple computers, you can install multiple copies.

How to Monitor MSN Chat Screenshot 1

Setp3. Run it and Start Monitor MSN Chat

After proper installation and deployment, we can start monitoring MSN chat right away.

How to Monitor MSN Chat Screenshot 2

About Unipeek MSN Monitor
Unipeek MSN Monitor (MSN sniffer) is Free MSN monitoring software for MSN chat monitoring and MSN message archiving. Based on Colasoft’s packet analysis technology, Unipeek MSN Monitor is able to deliver the most accurate MSN monitoring statistics, and automatically record data for future reference. You need only install Unipeek MSN Monitor once to monitor all MSN chats over the local network.

Key Features include:
•    Real-time and 24/7 MSN chat monitoring
•    Automatically archive MSN messages for future reference
•    Export messages of a custom time range
•    Customize MSN account list to be monitored
•    Unique Conversation Matrix showing account relations
•    Support emotion icons, message font size and color.

Download Now
Download Unipeek MSN Monitor