In general, Network Protocol Analyzers are there to tell you what is going on in your network. They don’t just give you a bandwidth utilization gauge. They REALLY tell you what that traffic is that is using your network bandwidth and where it is coming from. They tell you if there are errors on the network and if traffic has to be retransmitted. Even more than that, protocol analyzers can go deep into packets to show you the bits that make up a TCP/IP packet. This can help you to troubleshoot why a network transaction isn’t completing, for example. Capsa Network Analzyer does all this and more.
How can Capsa help me Troubleshoot my Network?
Some common network troubleshooting questions that Capsa can answer are:
- Where is most of my network traffic coming from and going to?
- Are there any protocols in use on my network like Instant Messaging, P2P file sharing (like Bittorrent), or unauthorized email applications?
- Can I have an expert quickly tell me where potential issues are in my network?
To try it out for myself, I requested a download> of the fully functioning evaluation copy and installed it.
I was impressed that there was just a single quick installation. There was no separate capture program to install and I didn’t even have to reboot my PC. Once installed, to capture network data, all I had to do was click Start. Packets began filling the capture buffer. I was not on a promiscuous port on my switch or adaptor card so I only saw traffic sourced or destined for my PC. Still, in just a few minutes, over 13,000 packets went into the capture buffer before I clickedStop.
Here is what it looked like:
Figure 1 – Capturing packets with Capsa Network Analzyer
I learned that captured data in Capsa is called a project. I like the Project Explorer, Project Status, and Online Resources boxes on the left of the interface. The Project Explorer allowed me to quickly tree out everything that was found in my network. The Online Resources contained a number of interesting “how to” articles for Capsa.
From here, I went through the tabs on the top of the main window, starting with Summary,Diagnosis, etc. The Diagnosis tab told me that there were 52 “Diagnosis Events” on my network (this really means there are some issues).
Figure 2 – Expert Diagnosis
This “Expert Diagnosis” let me to know that I had 2 HTTP slow response, 5 TCP slow ACK, and 45 ICMP issues (none of which I knew I had). By clicking on each of these, I was taken to the packets that caused this issue.
The Conversations tabs show me showed me what devices are on my LAN and who is talking to whom. I like the Matrix tab that gave me a graphical view of the conversations.
Typically, this is something that I would expect to see on a higher end network analyzer.
Figure 3 – Capsa Network Matrix
You can, of course, drill into the individual packets using the packets tab, like this:
Figure 4 – Packet Capture Detail
The Logs tab told me what type of traffic was out there and who was talking to who (IE, Bittorrent, IM, and web browsing).
Figure 5 – Logs showing different types of traffic
These logs would be a great way to catch people in your company who are using ICQ, MSN, Yahoo, AIM, or performing unauthorized email & web surfing.
And finally, the graphs and reports were very adequate, I thought. Here is the “Graphs” tab:
Figure 6 – Graphs from Capsa Network Analyzer
How does the Capsa Network Analyzer stack up against the competition?
I have used a number of protocol analyzers in my years as a network admin and troubleshooter. In fact, I even graduated from Network General’s “Sniffer University”. But that protocol analyzer will likely cost you much more than you would like to pay. Besides that “gold standard” of protocol analyzers, there other options like the no-cost WireShark and the much more expensive WildPackets OmniPeek.
However, I think that Capsa Network Analzyer may be the best of all worlds. No, it isn’t free (but it is free to evaluate for 30 days) but it also has so many more features than that “free analyzer”. On the other hand, Capsa costs 1/2 or 1/3 (depending on the version you select) of OmniPeek and has similar features.
Capsa Network Analzyer comes in 2 versions – Professional and Enterprise. The Pro version starts at $399 and the Enterprise version starts at $549. I think that you will find that both are extremely affordable when compared to other protocol analyzers with similar features.
I encourage you to check it out for yourself and see if it can help you solve your network troubles (or point out some trouble that, maybe, you didn’t even know you had).