VIDEO: What is ColaSoft Packet Builder?

by packetpro on August 28, 2016

Here is a good rundown of what Colasoft’s extremely helpful packet builder software is, the features within, and the options you have as an anaylst with the program. Please be careful as it is really powerful and only should be used by professionals.

{ 0 comments }

How can the Capsa Network Analyzer help you?

by packetpro on June 16, 2016

In general, Network Protocol Analyzers are there to tell you what is going on in your network. They don’t just give you a bandwidth utilization gauge. They REALLY tell you what that traffic is that is using your network bandwidth and where it is coming from. They tell you if there are errors on the network and if traffic has to be retransmitted. Even more than that, protocol analyzers can go deep into packets to show you the bits that make up a TCP/IP packet. This can help you to troubleshoot why a network transaction isn’t completing, for example. Capsa Network Analzyer does all this and more.

How can Capsa help me Troubleshoot my Network?

Some common network troubleshooting questions that Capsa can answer are:

  • Where is most of my network traffic coming from and going to?
  • Are there any protocols in use on my network like Instant Messaging, P2P file sharing (like Bittorrent), or unauthorized email applications?
  • Can I have an expert quickly tell me where potential issues are in my network?

To try it out for myself, I requested a download> of the fully functioning evaluation copy and installed it.

I was impressed that there was just a single quick installation. There was no separate capture program to install and I didn’t even have to reboot my PC. Once installed, to capture network data, all I had to do was click Start. Packets began filling the capture buffer. I was not on a promiscuous port on my switch or adaptor card so I only saw traffic sourced or destined for my PC. Still, in just a few minutes, over 13,000 packets went into the capture buffer before I clickedStop.

Here is what it looked like:

colasoft-5-capturing-packets-with-capsa-network-analzyer-798x1024

 

Figure 1 – Capturing packets with Capsa Network Analzyer

I learned that captured data in Capsa is called a project. I like the Project Explorer, Project Status, and Online Resources boxes on the left of the interface. The Project Explorer allowed me to quickly tree out everything that was found in my network. The Online Resources contained a number of interesting “how to” articles for Capsa.

From here, I went through the tabs on the top of the main window, starting with Summary,Diagnosis, etc. The Diagnosis tab told me that there were 52 “Diagnosis Events” on my network (this really means there are some issues).

colasoft6-expert-diagnosis

 

Figure 2 – Expert Diagnosis

This “Expert Diagnosis” let me to know that I had 2 HTTP slow response, 5 TCP slow ACK, and 45 ICMP issues (none of which I knew I had). By clicking on each of these, I was taken to the packets that caused this issue.

The Conversations tabs show me showed me what devices are on my LAN and who is talking to whom. I like the Matrix tab that gave me a graphical view of the conversations.

Typically, this is something that I would expect to see on a higher end network analyzer.

colasoft-7-capsa-network-matrix

 

Figure 3 – Capsa Network Matrix

You can, of course, drill into the individual packets using the packets tab, like this:

colasoft-8-packet-capture-detail

 

Figure 4 – Packet Capture Detail

The Logs tab told me what type of traffic was out there and who was talking to who (IE, Bittorrent, IM, and web browsing).

colasoft-9-logs-showing-different-types-of-traffic

 

Figure 5 – Logs showing different types of traffic

These logs would be a great way to catch people in your company who are using ICQ, MSN, Yahoo, AIM, or performing unauthorized email & web surfing.

And finally, the graphs and reports were very adequate, I thought. Here is the “Graphs” tab:

colasoft-10-graphs-from-capsa-network-analyzer

 

Figure 6 – Graphs from Capsa Network Analyzer

How does the Capsa Network Analyzer stack up against the competition?

I have used a number of protocol analyzers in my years as a network admin and troubleshooter. In fact, I even graduated from Network General’s “Sniffer University”. But that protocol analyzer will likely cost you much more than you would like to pay. Besides that “gold standard” of protocol analyzers, there other options like the no-cost WireShark and the much more expensive WildPackets OmniPeek.

However, I think that Capsa Network Analzyer may be the best of all worlds. No, it isn’t free (but it is free to evaluate for 30 days) but it also has so many more features than that “free analyzer”. On the other hand, Capsa costs 1/2 or 1/3 (depending on the version you select) of OmniPeek and has similar features.

Capsa Network Analzyer comes in 2 versions – Professional and Enterprise. The Pro version starts at $399 and the Enterprise version starts at $549. I think that you will find that both are extremely affordable when compared to other protocol analyzers with similar features.

I encourage you to check it out for yourself and see if it can help you solve your network troubles (or point out some trouble that, maybe, you didn’t even know you had).

{ 0 comments }

What is a packet analyzer?

June 11, 2016

A Packet Analyser is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic. Like a telephone wiretap allows the FBI to listen in on other people’s conversations, an “analysing” program lets someone listen in on computer conversations. However, computer conversations consist of apparently random binary data. Therefore, network wiretap programs […]

Read the full article →

VIDEO: Quick Detect of ARP Poisoning, Spoofing, and Flooding

May 16, 2016

Let’s start our first real post off with an informative video from Hackaholic of how to quickly detect ARP Poisoning and ARP Flooding… Note: Please do not attempt to hack unless you are doing it for real purposes. Hacking company software is illegal and punishable by law. Use the video for informative purposes only. Let me know what […]

Read the full article →

Welcome to the new Packet-analyzer.com!

May 14, 2016

Welcome to my new blog – Packet-Analzyer.com! In this blog, I will cover IP Packet Analysis, Step by Step How-To using IP Packet Analysis Tools, and how all this can help you in the real-world. Thank you for following us through our RSS Feed!

Read the full article →