Wednesday, June 24, 2009

How to Detect Email Worm with Colasoft Packet Sniffer

What Is an Email Worm
In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers.

What Is the Harm of Email Worm

An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash.

How to Detect Email Worm

If you are suspicious some host in your network is infected with an email worm, here is a process how we can detect email worm" in network with Colasoft Packet Sniffer, step by step.

>Step1. Download a free trial and deploy it properly.

>Step2. Launch a Project and Start Capturing Some Traffic.

>Step3. Switch to “Diagnosis” Tab

Diagnosis tab is a view we can see all the network issues automatically detected by Colasoft Packet Sniffer, also some causes and solutions are suggested.

Diagnosis Tab Screenshot

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:

SMTP Events in Application Layer

>Step4. Locate the Source IP

Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the “Explorer” with the “Locate” shortcut in the right-click menu.

Locate Source IP

>Step5. Switch to “Logs” Tab

Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the Tab like this:

View Email Logs in "Logs" Tab

No doubt the final step is to isolate the host and kill the email worm with some AV software

Also there will be some other process to detect email worm with Colasoft Packet Sniffer, this is the shortest one.

Wednesday, June 17, 2009

14 Tips to Protect Your Organization's Network

Colasoft Network Analyzer

Network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your Organization's LAN.

1, Run Network Analyzer Frequently.Recommend an easy-to-use network analyzer, Colasoft Capsa.

2, Disable drives:Disable floppy drive access, USB ports and serial ports on networked computers.

3, Restrict Permissions: Windows 2000 and 2003 server allow you to set permissions so that users can't run downloaded 'exe' or other executable files.

4, Block Instant Messenger:IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens.

5, Password Protect Your BIOS:A BIOS without an administrator password is an invitation to mischief.

6, Run AV Software: Run anti-virus software on all your computers.

7, Build Your Defenses: Install a firewall or a proxy server.

8, Beware Of Attachments From Unknown, Untrusted Sources:Do not open attachments to email unless you trust the sender.

9, Monitor Your Ports:Install a port monitor to prevent your ports from being scanned.

10, Encrypt Wireless Access.

11, Keep Back Office Systems Off The Organization Network

12, Require passwords to be changed frequently

13, Use CTRL+ALT+DEL to logon

14, Keep your networking skills up to date.

Thursday, June 11, 2009

How to detect the network malfunction via the end-point view with Colasoft Packet Sniffer

Brief introduction about the Endpoint view in Colasoft Packet Sniffer

It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).

In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.

According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.

Application case study Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Packet Sniffer 6.9(figure 1):

In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):

The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization. 


Next, check the TCP packets, we can check them out in Summary and Graphic as follows:

In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.

Please go to the Colasoft Official FAQ page for more "How-tos"

Wednesday, June 10, 2009

How to Track BitTorrent User in Network with Colasoft Packet Sniffer

BitTorrent Consumes Big Bandwidth

Based on the working principle of BitTorrent protocol, if somebody is downloading big files with BitTorrent software, it will be a disaster for other users who need bandwidth for business operations as the user will consume large amount of bandwidth, thus causing long time network slowness, intermittence, even disconnections; because meantime the user downloading files from others, others are downloading files from him.

So it is necessary for IT administrators to track BitTorrent user at first place to regain network bandwidth for business operations. Blocking BitTorrent protocol can be one way; this article is to discuss how to track BitTorrent user with Colasoft Packet Sniffer.

How to Track BitTorrent User?

>Step1. Download a free trial and implement it correctly

>Step2. Launch a project and start capturing data

>Step3. Find BitTorrent Protocol in the "Protocols" Tab

Track BitTorrent User Screenshot 1

>Setp4. Locate BitTorrent Protocol in the "Explorer"

Use the "Locate" function to locate BitTorrent protocol in the "Explorer" to analyze dedicated data.

Track BitTorrent User Screenshot 2

>Step5. Track BitTorrent User in LAN in the "Endpoint" Tab

This is the way how to track the BitTorrent user in our network and who are connected with him. There is a lot more we can see from this tab, such as how much data has been downloaded and uploaded via BitTorrent protocol.

Track BitTorrent User Screenshot 3

View how many connections have been built in "Matrix"

You’ll be shocked to see how many connections have been built in the "Matrix" Tab. In this case, we can see this user has built more than 1000 connections with other hosts.

Track BitTorrent User Screenshot 4

About BitTorrent

BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files.

The protocol works when a file provider initially makes his/her file (or group of files) available to the network. This is called a seed and allows others, named peers, to connect and download the file. Each peer that downloads a part of the data makes it available to other peers to download. After the file is successfully downloaded by a peer, many continue to make the data available, becoming additional seeds. This distributed nature of BitTorrent leads to a viral spreading of a file throughout peers. As more peers join the swarm, the likelihood of a successful download increases. Relative to standard Internet hosting, this provides a significant reduction in the original distributor's hardware and bandwidth resource costs. It also provides redundancy against system problems and reduces dependence on the original distributor.

Next Step

>>Download a Free Trial

Monday, June 8, 2009

How to Monitor MSN Chat with Free Unipeek MSN Monitor

For some purposes we want to monitor MSN chat around the network, for example, parents want to monitor MSN chat of their kids to ensure their safety; bosses want to monitor MSN chat of employees for company assets security and to improve work efficiency by minimizing none-business chat during working hours. You may still remember Colasoft MSN Monitor, now it is called Unipeek MSN Monitor and it is distributed completely Free for none commercial users.

Now let’s see how we can monitor MSN chat with Unipeek MSN Monitor, the free tool.

Step1. Download Unipeek MSN Monitor

Download Unipeek MSN Monitor, the free edition; from the website. As a matter of fact there is no function difference between Unipeek MSN Monitor the free edition and the commercial edition. The only difference is Unipeek MSN Monitor Free Edition only supports 10 MSN accounts maximum, but quite enough for family users.

Step2. Install and Deploy Unipeek MSN Monitor

The installation is quick and simple, just click “next” all the way to complete the installation. But the deployment is somewhat different. As Unipeek MSN Monitor is designed based on Colasoft’s packet capturing technology, so it has to be deployed properly like a packet sniffer if you want to monitor all MSN chat around the network. Of course, you don’t have to do it if you only want to monitor MSN chat of a single computer. To monitor multiple computers, you can install multiple copies.

How to Monitor MSN Chat Screenshot 1

Setp3. Run it and Start Monitor MSN Chat

After proper installation and deployment, we can start monitoring MSN chat right away.

How to Monitor MSN Chat Screenshot 2

About Unipeek MSN Monitor
Unipeek MSN Monitor (MSN sniffer) is Free MSN monitoring software for MSN chat monitoring and MSN message archiving. Based on Colasoft's packet analysis technology, Unipeek MSN Monitor is able to deliver the most accurate MSN monitoring statistics, and automatically record data for future reference. You need only install Unipeek MSN Monitor once to monitor all MSN chats over the local network.

Key Features include:

• Real-time and 24/7 MSN chat monitoring

• Automatically archive MSN messages for future reference

• Export messages of a custom time range

• Customize MSN account list to be monitored

• Unique Conversation Matrix showing account relations

• Support emotion icons, message font size and color.

Download Now

Download Unipeek MSN Monitor

How to Monitor Emails with Colasoft Packet Sniffer

Some people may doubt if it is legal to monitor emails of employees with an email monitor software (aka. email spy or email checker), but this is not the topic of this article. We are going to discuss how we can monitor emails with some technical methods, especially how we can monitor emails with this packet sniffer – Colasoft Capsa.

Step 1. Still we need to download a free trial and deploy it correctly.

Step 2. Launch a project

If we have not set Capsa to save email logs to a local disk, we’ll not be able to monitor email contents but we can monitor all email logs. So we must set the log settings to save email logs to a local path in order to monitor email contents. Also there will be a notice when start a new project.

Monitor Email Screeshot1

Setp3. Set Email Logs Settings

View full image to set the email logs setting correctly.

Monitor Email Screenshot2 - Click to view Large

Advanced Email logs settings to split email logs and keep the most recent email logs to save disk space.

Monitor Email Screeshot3

Step 4. Start Capturing and Monitoring Emails in “Logs” Tab

After email log settings is finished, we can do a test to see if we can get some email monitoring logs. Let’s launch Outlook and start sending and receiving emails. We can see that we’ve received many spam email in my email box. We can see a lot of information in the logs Tab, such as date and time, client name, email subject, sender and receiver name, size, and more.

Monitor Emails Screeshot - Click to View Large

Step 5. Monitor Email Contents

In order to view the original content of an email, the process is quite simple, just double-click on the logs, then Capsa will call an email software to display the email content, basically Outlook.

Monitor Email Screeshot5 - Click to View Large

Now this is the entire process how we can monitor emails with Colasoft Capsa, we hope you enjoy this article.

Next Step

>>Download a Free Trial

Thursday, May 14, 2009

Ten Reasons Make Packet Sniffers an Essential Network Tool

colasoft packet snifferNo matter whether you are network administrators or IT managers, you should not be unfamiliar to the network analysis tool - packet sniffer, also known as a network analyzer, protocol analyzer or sniffer) which has been widely used by kinds of organizations, schools, enterprises, government institutions etc.

Maybe you are yet supirsed at why more and more enterprises, like IBM, Intel, Epson, Airbus, Ericsson etc, love to deploy packet sniffer to their company's network? OK, take a fresh coffee now, then look at the following problems, and ask yourself, as a network administrator or IT manager, if these issues are just what you have met?

Rushing from one network problem to another every day?
Have no way to judge if your network has been intruded?
Helpless collecting convincing information to submit your boss even if you have realized that your network system has been intruded.
No idea if current network usage is equal to actual need?
Know nothing of how many staffs are not killing their time by chatting with friends, browsing irrelevant webpage etc, but focusing on their job?

Yes, every question listed above has puzzled many network administrators, but no worry, packet sniffer can easily help you out with its strong functions, here are ten reasons make packet sniffers an essential network tools.

* Analyze network problems
* Detect network intrusion attempts
* Gain information for effecting a network intrusion
* Monitor network usage
* Gather and report network statistics
* Filter suspect content from network traffic
* Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
* Reverse engineer proprietary protocols used over the network
* Debug client/server communications
* Debug network protocol implementations

Currently, there are dozens of packet sniffers in the market, some are very complex to use like wireshark, you must be versed in networking,; some are designed for common network administrators, such as Colasoft Network Analyzer, all-in-one & easy-to-use, which are more and more accepted and welcome.

Wednesday, May 13, 2009

Top 5 Most Welcomed Packet Sniffers

Colasoft Network AnalyzerAccording to the latest statistic from famous download sites regarding to downloads of packet sniffer softwares, the following products are very honored to be listed as top 5 most welcome packet sniffers by network engineers, IT managers, and network administrators etc.

#1 Wireshark - A Free Open Source Network Sniffer for Top Network Engineers

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

#2 Colasoft Packet Sniffer - All-In-One & Easy-To-Use Network Analyzer and Packet Sniffers Available For Most Network Administrators.

Colasoft Packet Sniffer - Capsa performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the complex network, conduct packet level analysis, and troubleshoot network problems.

Whether you're a network administrator who needs to identify, diagnose, and solve network problems, a company manager who wants to monitor user activities on the network and ensure that the corporation's communications assets are safe, or a consultant who has to quickly solve network problems for clients, Capsa is the tool you need.

#3 Tcpdump: The Classic Sniffer For Network Monitoring And Data Acquisition

Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

#4 Etherdetect : Connection-Oriented Packet Sniffer And Protocol Analyzer

EtherDetect Packet Sniffer is an easy for use and award-winning packet sniffer and network protocol analyzer, which provides a connection-oriented view for analyzing packets more effectively. With the handy tool, all you need to do is to set up the filter, start capturing, and view connections, packets as well as data on the fly.

#5 Ettercap : In Case You Still Thought Switched Lans Provide Much Extra Security

Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Monday, May 11, 2009

How to Find MAC Address with Colasoft MAC Scanner and More

Colasoft MAC Scanner ScreenshotIn computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sublayer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address.

Since a MAC Address is unique for most network adapters or network interface cards (NICs), it is important for IT administrators to know all the MAC addresses in LAN so as to quickly locate a network device when a network issue arises. Luckily we have tools to help us out. Let’s see how we can easily find MAC address in LAN with Colasoft MAC Scanner.

Colasoft MAC Scanner is a Free software to find MAC address and IP address. It can automatically detect all subnets according to the IP addresses configured on multiple NICs of a machine and find MAC addresses and IP addresses of defined subnets as your need. Users can custom own scan process by specifying the subsequent threads.

Step 1. Download Colasoft MAC Scanner

Step2. Install Colasoft MAC Scanner

The installation of Colasoft MAC Scanner is quick and easy, it is suggested to install Colasoft MAC Scanner on a laptop as it only scans and finds MAC addresses and IP addresses in the subnet to which the laptop is connected.

Step3. Start a Scan

It’s easy and quick, just press the start button, the Colasoft MAC Scanner will scan and find MAC addresses and IP addresses in the subnet and list them out. The results can be “copy and paste” or exported for future reference.

Now the problem is: if a LAN is divided into several subnets, we’ll have to move the laptop around and scan each subnet in order to find all MAC addresses and IP addresses. Then what’s the solution?

Find MAC Address and IP Address with Colasoft Packet Sniffer

Colasoft Packet Sniffer allows us to find MAC addresses and IP addresses both local and remote in the network as long as there is network communication initiated.

Find MAC Address in Colasoft Packet Sniffer

>>>>Download Colasoft Packet Sniffer Now

Find Out the Top Network Administrator Tools

Packet Sniffers/Network Protocol Analyzer

With packet sniffers and network protocol analyzers, you can monitor network activity, analyze network performance, enhance network security, and troubleshoot network issues.

1, Colasoft Packet Sniffer - Colasoft Capsa performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the complex network, conduct packet level analysis, and troubleshoot network problems.
2, Ethereal –
3, EtterCap –
4, Snort –
5, WinDump / TCPDump -
6, DSniff –

Scanning Tools
1, Nmap –
Nmap is a port scanner. A port scanner scans for open ports, such as 80 (http) or 25 (SMTP)

2, Sam Spade –
Sam Spade is a multi network query tool with many extra built in utilities, even a tool for spam. It includes utilities such as ping, whois, traceroute, and finger

3, NetScanTools Pro ($199) –
NetScanTools Pro Edition is an integrated collection of internet information gathering utilities for Windows Vista/2008/2003/XP/2000. Use it to research IP addresses, hostnames, domain names, email addresses, URLs automatically** or with manual tools.

4, SuperScan –
SuperScan has the primary purpose of scanning an IP range. It supports extremely fast Host Discovery lookups as well as TCP and UDP port scans thanks to its multi-threaded and asynchronous techniques.

UserManagement -
Complete user account management featuring advanced user creation, modification, removal, mass creation/removal and delegation of administrative tasks. The UserManagemeNT Suite consists of three modules, Professional, Import and Delegation. These modules can operate independently or seamlessly integrated with each other.

AdminMagic -
Full control: Using AdminMagic, you can take over and control users' desktops from your own workstation. Featuring complete mouse and keyboard emulation, you can execute programs, login/logoff, modify device drivers and reboot all from a central location. You can also take screenshots of remote desktops and store/print them for later use. Remote users will not be interrupted and can continue working as they always do.

Advanced System Optimizer -
Advanced System Optimizer is a system tweaking suite that includes around 30 tools to improve and tweak your PC's performance. It offers an attractive and easy to use interface that organizes all tasks into categories and provides graphical statistics whenever possible. The tools include junk file cleaner, memory optimizer, system information, system files backup, file encryption, safe uninstaller, duplicate file finder, taskbar manager and much more. Advanced System Optimizer also includes an Internet tracks eraser with cookie manager and secure deletion, and even a desktop sticky notes application. Overall, a great bundle that offers a wide range of system tools with extra benefits that are hardly ever found.

Thursday, May 7, 2009

How Public Key Encryption Can Make Email More Private

colasoft packet snifferWhen you are entering your credit card number, talking with your lover, chatting with your business partners, can you imagine what will happen if everything you are doing is exposing to everybody?

Yes, it is unbelievable but it is quite true, hackers can easily obtain your private information like crecit card number, email logs, chat logs etc. by using some network analytic tools, such as Colasoft Packet Sniffer.

Protect Your Email Secure And Safe

So if we are helpless with our private information from being monitored or stolen? Of course not, to keep data sent via email private, you just need to encrypt it, as only unencrypted content can be monitored by network analytic tools like Network Analyzer. Only the targeted recipient will be able to decipher the message.

How to Encrypt Your Message?

Public key encryption is a special case of encryption, it operates using a combination of two keys: one is a private key, the other is a public key which together form a pair of keys. The private key is kept secret on your computer since it is used for decryption, the public key, which is used for encryption, is given to anybody who wants to send encrypted mail to you.

How Public Key works?

When you send public-key encrypted mail, the sender's encryption program uses your public key in combination with the sender's private key to encipher the message. When you receive public-key encrypted mail, you need to decipher it.colasoft packet sniffer
Decryption of a message enciphered with a public key can only be done with the matching private key. This is why the two keys form a pair, and it is also why it is so important to keep the private key safe and to make sure it never gets into the wrong hands (or in any hands other than yours).

Why the Integrity of the Public Key is Essential

Another crucial point with public key encryption is the distribution of the public key.
Public key encryption is only safe and secure if the sender of an enciphered message can be sure that the public key used for encryption belongs to the recipient.
A third party can produce a public key with the recipient's name and give it to the sender, who uses the key to send important information in encrypted form. The enciphered message is intercepted by the third party, and since it was produced using their public key they have no problem deciphering it with their private key.
This is why it is mandatory that a public key is either given to you personally or authorized by a certificate authority.

Wednesday, May 6, 2009

Monitor Your Network Traffic with Colasoft Packet Sniffer

Importance of Network Monitoring

Reading network traffic is essential for system administrators, network engineers, and security analysts. At some point there will be a need to read the network traffic directly instead of monitoring application level details. Examples of situations that might require monitoring network traffic are, auditing network security, debugging network configurations, and analyzing usage patterns. For this task we use network monitoring software, or packet sniffers, that sniff the traffic your computer is able to see on the network. What exactly your computer can see really depends on how the network is laid out, but the easiest way to figure out what it can see is just start sniffing.

The most common tool to do the job is readily available. One of the most popular and easy – to - use tool for monitoring network traffic is Colasoft Packet Sniffer.

How to Monitor Network Traffic

As a packet sniffer, Capsa make it easy for us to monitor and analyze network traffic in its intuitive and information-rich tab views. With Capsa's network traffic monitor feature, we can quickly identify network bottleneck and detect network abnormities. This article is to discuss how we can Monitor Network Traffic with Capsa's network traffic monitor feature.

1, Monitor Network Traffic in "Summary"

"Summary" is a view that provides general information of the entire network or the selected node in the "Explorer". In "Summary" we can get a quick view of the total traffic, real-time traffic, broadcast traffic, multicast traffic and so on. When we switch among the node from the explorer, corresponding traffic information will be provided.

Monitor Network Traffic in Summary

(pic 1. monitor-network-traffic-in-summary)

2, Monitor Network Traffic in "Endpoints" tab

In "Endpoints" view, we can Monitor Network Traffic information of each node, both local and remote. With its easy sorting feature we can easily find out which host is generating or has generated the largest traffic.

Monitor Network Traffic in Endpoints

(pic 2. monitor-network-traffic-in-endpoints)

3, Monitor Network Traffic in "Protocols" tab

"Protocols" view will list all protocols applied in network transmission. In "Protocols" view we can Monitor Network Traffic by each protocol. By analyzing network traffic by protocol, we can understand what applications are using the network bandwidth, for example "http" protocol stands for website browsing, "pop3" stands for email, etc.

Monitor Network Traffic by Protocol

(pic 3. monitor-network-traffic-by-protocol)

4, Monitor Network Traffic in "Conversations" tab

In "Conversations" tab we can Monitor Network Traffic by each conversation and the figure out which conversation has generated the largest network traffic.

Monitor Network Traffic by Conversation

(pic 4. monitor-network-traffic-by-conversation)

5, Monitor Network Traffic in "Matrix" tab

"Matrix" is a view that visualizes all network connections and traffic details in one single graph. The weight of the lines between the nodes indicates the traffic volume and the color indicates the status. As we move the cursor on a specific node, network traffic details of the node will be provided.

Monitor Network Traffic In Matrix

(pic 5. monitor-network-traffic-in-Matrix)

6,Monitor Network Traffic in "Graphs" tab

If we want to get a trend chart of the network traffic, then we need to use the "Graphs" tab. "Graphs" view allows us view network statistics dynamically in different chart types, such as ling chart, bar chart, and pie chart. By selecting "Utilization" we get a real-time traffic trend chart.

Monitor Network Traffic in Graphs

(pic 6. monitor-network-traffic-in-graphs)

As we can see, with Capsa we can not only Monitor Network Traffic in convenience, but also analyze network traffic in deferent levels, thus enables us quickly and efficiently detect network abnormities and troubleshoot network problems.

Monday, May 4, 2009

Kismet, an 802.11 Layer2 Wireless Network Detector and Packet Sniffer

Kismet ScreeshotWhat is Kismet

Kismet is an 802.11 layer2 wireless network detector, packet sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, 802.11n, and 802.11g traffic (devices and drivers permitting). Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non-beaconing networks via data traffic.

Feature Overview

Kismet has many features useful in different situations for monitoring wireless networks:

- Ethereal/Tcpdump compatible data logging
- Airsnort compatible weak-iv packet logging
- Network IP range detection
- Built-in channel hopping and multicard split channel hopping
- Hidden network SSID decloaking
- Graphical mapping of networks
- Client/Server architecture allows multiple clients to view a single Kismet server simultaneously
- Manufacturer and model identification of access points and clients
- Detection of known default access point configurations
- Runtime decoding of WEP packets for known networks
- Named pipe output for integration with other tools, such as a layer3 IDS like Snort
- Multiplexing of multiple simultaneous capture sources on a single Kismet instance
- Distributed remote drone sniffing
- XML output

Typical Uses

Common applications Kismet is useful for:

- Wardriving: Mobile detection of wireless networks, logging and mapping of network location, WEP, etc.
- Site survey: Monitoring and graphing signal strength and location.
- Distributed IDS: Multiple Remote Drone sniffers distributed throughout an installation monitored by a single server, possibly combined with a layer3 IDS like Snort.
- Rogue AP Detection: Stationary or mobile sniffers to enforce site policy against rogue access points.


Kismet can be downloaded here

Monday, April 27, 2009

How to Monitor Internet Traffic with Packet Sniffer

Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks.

In case we want to monitor internet traffic generated or is generating in LAN, here is a detailed process how we can do it with Colasoft Packet Sniffer – Capsa.

Again we must make sure the packet sniffer software is correctly implemented so we can capture all the traffic in LAN, if you don’t know how to do it, please make sure you read how to implement a packet sniffer.

First let’s launch a new project with Colasoft Packet Sniffer, then do some online activities, such as chatting, browsing a website, sending and receiving emails, downloading some files. All these activities will generate different kinds of internet traffic. We may keep the project running to continuously monitor internet traffic or stop the project to do some analysis.

To monitor internet traffic, we’d better first select the “Internet Addresses” in the “Explorer” on the left window:

Monitor Internet Traffic Screenshot1

We can see that all the internet addresses are listed by countries, to monitor internet traffic of a specific country, we just need click on it; If we want to monitor internet traffic of a specific IP address within one country, we need to expand the country node and select the IP address in it.

Also we can monitor internet traffic aggregated or internet traffic in real-time

Monitor Internet Traffic Screenshot2

To view what online activities have generated or are generating internet traffic, we need to use the “Protocols” Tab.

Monitor Internet Traffic Screenshot1

We can see there are protocols which separately stand for different internet activities:

HTTP – Website browsing

MSN – online chatting with Live Messenger

POP3 – Email

HTTPS - Website browsing via a secure link

QQ- online chatting with QQ

DNS – Domain Name System

About Capsa

Colasoft Capsa is a network analyzer (packet sniffer or protocol analyzer) designed for network monitoring and troubleshooting. It performs packet capturing, network monitoring, protocol analyzing, packet decoding, and automatic diagnosing. By giving users insights into all of network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities. Learn more about Capsa, please visit

Thursday, April 23, 2009

What Can Hackers Do with a Packet Sniffer

What Can Hackers Do with a Packet Sniffer?

A packet sniffer in the wrong hands is a deadly weapon. A packet sniffer is a real danger because it is a very powerful and difficult to detect tool
colasoft packet sniffer
Security breaches of all kinds are reported all the time. Everyday we hear of hackers who managed to steal sensitive data, of people who become victims of identity theft, etc. Very often the breaches are so incredible that you wonder if hackers have supernatural powers. Well, hackers hardly have supernatural powers but they don't need them –supernatural powers are not necessary when a networklacks security and one has the right tools to break in.

Hackers Can Monitor Networks With a Packet Sniffer

The tools hackers use to break into networks are more or less the same tools network admins use to monitor and maintain their network with. For example, packet sniffers are among the tools hackers love most. A packet sniffer captures packets and shows you their contents.This means that with the help of a packet sniffer running somewhere into the network, hackers can monitor all the unencrypted traffic to and from this network.

This is really scary – just imagine a malicious hacker who knows all the secrets of your company. It gets even more dangerous for networks, where hubs (and not switches) are used because in this case a packet sniffer can be installed on any computer and the hacker will monitor all the traffic in that segment, not only the traffic to and from the host. The good news is that hubs are almost out of use today and because of that hackers can do less damage with a packet sniffer.

Hackers Can Obtain Passwords and Credit Card Numbers With a Packet Sniffer

When a hacker uses a packet sniffer to monitor your network, this is not nice but when he or she steals passwords, credit card numbers and other types of sensitive data, this is a real danger. Unencrypted passwords, credit card numbers and other sensitive data are an easy target for a hacker with a packet sniffer.

In many of the cases of mass theft of credit card numbers and passwords happen because hackers use a packet sniffer on an unencrypted network. For truth's sake, it is important to mention that even if all the traffic is encrypted, there are still many other ways to obtain sensitive data. But when the traffic over a network is not encrypted and nobody monitors the network for unauthorized packet sniffers, sooner or later data will be stolen.

One of the greatest achievements for hackers with a packet sniffer is to capture the administrator's password. When the administrator's password is transmitted over the network in an unencrypted form, this is an easy target for hackers. If hackers manage to intercept the admin password, they have the power to do everything they want to on your network – delete data, modify data, etc. So, do you see why hackers don't need supernatural powers but only the admin password?

About Colasoft

Ever since 2001, Colasoft has been an innovative provider of all-in-one and easy-to-use network analyzer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit

How to Monitor http Traffic with Packet Sniffer

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. Its use for retrieving inter-linked resources led to the establishment of the World Wide Web.

In order to monitor http traffic, we will need a packet sniffer (or a protocol analyzer) software. Here is a detail process how we can monitor http traffic in LAN with Colasoft Packet Sniffer – Capsa.

Again let’s launch Colasoft Packet Sniffer and start a new project. Don’t forget one thing, we have to deploy the packet sniffer to the mirror port of the core switch in order to monitor all http traffic in LAN, if not, we can only monitor http traffic of our own computer.

Then let’s start browsing a website, for example,, to generate some http traffic. Now let’s get back to the packet sniffer and see if there is http traffic. OK, we can see the packet sniffer has already captured some http traffic in the “Protocols” Tab

Monitor http Traffic Screenshot 1

We can see both the aggregated http traffic since start capturing and the real-time http traffic in this tab.

If we want to do a deeper analysis on http traffic, we will need to use the “Locate” function to locate http protocol in the Explorer to let the packet sniffer display only the data that is http protocol. Right click on the protocol and select “Locate Explorer Node” in the pop-up menu.

Locate Explorer Node

If we want to know who are using http protocol and what they are actually browsing, we are going to use two tabs, the “Endpoints” Tab and “Logs” Tab.

Let’s see who are using http protocol:

Who is Using http Protocol

And what they are actually browsing:

Monitor http Traffic Screenshot 4

Wednesday, April 22, 2009

5 Things IT Department had to skip in Recession

In last blog, we have talked about the 5 items IT department must do even in the big recession, in addition to the things we can't do without, there are many more things we had to skip. We are not exactly happy to stop doing these things but desperate times cry for desperate measures and since these activities are something we can do without we had to either quit them, or drastically reduce them:
  • No purchases of new hardware. Though it is not precise to say that we haven't bought a single piece of hardware in the last year, we have definitely cut hardware spendings. For the time being we do not plan to make major hardware purchases.

  • Capital expenditures. Capital expenditures are another budget item we had to drastically shrink. We had schedules projects but the current economic situation made us have second thoughts and now capital expenditures are on hold.

  • Software that is nice to have but we can do without it. Similarly to hardware and capital expenditures, some major software expenses had to be cut. Yes, there are many products, for instance accounting, HR, or ERP modules, which are great to have but we'll go for them when the economic outlook is less gloomy.

  • Standardization. You know that IT people generally hate when they have to deal with bureaucracy and standardization, so if there is an item, we are happy to skip, this is standardization. More or less we skipped all standardization-related activities except those, that are related to regulations compliance. Standardization is put on hold, especially if it requires investment or other resources.

  • No infrastructure upgrades. We are not exactly happy about this one but since there are more important items we can't skip, we had to significantly reduce the planned network upgrades. Some of the projects in this area are put on hold, while others are canceled.

It wasn't easy to decide what to skip and what to keep but when times are tough, it is not possible to pretend that everything is OK and go on as planned. We hope that we are right in our choices and time will show if we did wise choices or not.

James Ackland is Author of this article from

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use packet sniffer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft Packet Sniffer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit

Sunday, April 19, 2009

Top 5 Items IT Department Must Do

Even though it is a basic economic fact that recessions happen once or twice in a decade, when the economy is in a good shape, like it was a couple of years ago, people, including IT managers, tend to forget that the summer will be over and hard times will come soon. On the other hand, recessions might be bad but the current one is certainly worse than many of the ones before. Actually, this is the worst recession since the Great Depression in the 1930s and even the most optimistically-minded managers have really serious reasons to fear and be cautious.

We can't say that the recession took us by surprise but certainly we didn't expect it to be that fierce. However, recession or no recession, life must go on and if a company wants to make it, there are many things which can't be skipped. So, no matter that IT budgets are tight, there are items a company can't save on. Here are the top 5 items our IT department will not sacrifice:

1, Network security and security in general. Being in the network security business themselves, we know that network security and security in general is paramount and no matter how hard the economic situation might be, this is not an item to save on because the price is too high. Certainly, we are not buying the most expensive solutions, even though they are incredibly great but we also do not make compromises with the quality either.

2, Going green. Going green is also an item we can't skip. Green technology saves money and now this benefit is more important than ever. So, if we buy new IT stuff, we definitely go for the green items.

3, Compliance. Regulations compliance is another item we can't afford to skip, unless we really want to go out of business (and we don't). So, when there are steps in this direction to be taken, we do them – no way!

4, Training. Training is also important and even though our training budget has shrunk, we still try to keep our staff qualified.

5, Outsourcing. Outsourcing has been a successful strategy for our company at all times and now, when money issues start to surface, we are happy that outsourcing helps us cut cost with no sacrifice of quality.

Kevin Chou is Author of this article from

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use Packet Sniffer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft
Packet Sniffer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit

Thursday, April 16, 2009

Analyze Protocols With Packet Sniffer

What is Network Protocol?
A Protocol can be defined as rules governing the syntax, semantics and synchronization of communication.
In computing, A Protocol is a convention or standard that controls or enables the connection, communication and data transfer between two computing endpoints.
Protocols may be implemented by Hardware, Software or a Combination of two. At the lowest level, a protocol defines the behaviour of a hardware connection.

Why Protocol Analyzing Important?
Since all network communications are based on protocols and different protocols indicates varieties of network behaviours, by analyzing protocols using a Packet Sniffer, we get to know what network applications are used on the network and what network behaviour is taken against your network. You may check out our protocols database to get an explanation of each protocol.

Analyze Protocols With Packet Sniffer
A Packet Sniffer is an important part of the Network Manager's toolkit. Traditionally sniffers are useful for troubleshooting networks and SNMP tools are better for trending and service management. The combination of an SNMP based Performance Manager and a well-featured Packet Sniffer will allow you to perform many of the fundamental tasks required for successful network management.

Packet Sniffers, often called "packet sniffers" after Network Associates market leading Sniffer product, capture packets and decode them into their component parts. It's fairly obvious how sniffers can be used to troubleshooting network problems. Once a problem is detected packets are captured and analyzed and the details of the communication can be worked out. But sniffers can do more than this and, in fact, turn out to be surprisingly useful in many aspects of network management.

Unexpected Traffic
The obvious thing to do is monitor the network for unexpected traffic. Most network managers know the types of application that they expect to see and can point out anything unusual. If anything unexpected is spotted then a capture of some of the traffic is usually sufficient to pinpoint the machines involved.

Unnecessary Traffic
Many machines to be set by default to run protocols that may not be required.
For Example: Many printers broadcast using Novell's IPX protocol. It is fine if you are using NetWare, but not always necessary. It's good housekeeping to remove any protocols that you do not need. You may be concerned about how your users are using the available bandwidth. A good sniffer will allow you to filter specific types of traffic, so that you can keep an eye on any traffic that may cause you a problem.

Unauthorized Program Use
It is useful to check the specific port numbers for services on your Servers. Most common services operate on defined port numbers, a packet capture on a Server will soon reveal what services are running. You can disable any services that you do not need. This has two benefits, one, it avoids unnecessary traffic on the network, and second it means that no unauthorized user can take advantage of that service. If anyone is using a service a packet capture will show you the address. Most sniffers allow filtering on specified port numbers so it is possible to monitor continuously for specified port numbers.

Email Problems
Email systems typically use standard port numbers, 25 for SMTP, 143 for IMAP, 110 for POP3. Setting filters for these ports will usually help to discover the cause of problems with email.

Virus Detection and Control
Antivirus software manufacturers offer updates services. Armed with the information on new threats it is often possible to build suitable filters to detect viruses. For example many sniffers allow you to specify a text pattern, so a virus contained in a message containing a known text string could be detected. Analysis of the capture will show the source and destination of the packets.

Firewalls need to be checked for outgoing and incoming traffic. You will have to define a set of filters for traffic in both directions. Should the firewall begin to let unauthorized traffic through you need to be able to detect it.

For Example:
TCP is a Reliable connection oriented Protocol. Common Applications of TCP are Email and File Transfer. TCP is optimized for accurate delivery rather than timely delivery, and therefore, TCP sometimes incurs relatively long delays (in the order of seconds) while waiting for out-of-order messages or retransmissions of lost messages. So TCP analysis is required with Colasoft Packet Sniffer for finding delays.
UDP is a Reliable Connectionless Protocol. Common Applications of UDP are DNS, VOIP, IPTV and FTP.Sometimes Packet loss will happen during transmission and no help for this. Using Colasoft Packet Sniffer we can find the loss
HTTP is a request/response standard of a client and a server. A client is the end-user; the server is the web site. The client making a HTTP request—using a web browser, spider or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. Certain design features of HTTP interact badly with TCP, causing problems with performance and with server scalability. Latency problems are caused by opening a single connection per request, through connection setup and slow-start costs. Scalability problems are caused by TCP requiring a server to maintain state for all recently closed connections. Colasoft Packet Sniffer is used to detection such problems.

How to Protect Your Network with Packet Sniffer

A packet sniffer (also called a network analyzer) can help you make your network more secure by identifying what's going on in it

Networks are large entities, even if they don't consist of thousands of machines. Large networks are especially vulnerable because they are a fruitful ground for attacks and hacking of all kinds. Even if a system administrator is a genius, he or she can't fight network security threats with bare hands.

Why Do You Need to Protect Your Network?

One of the major principles in network security is that a network is as secure as its weakest part is. In other words, it makes no sense to invest tons of money and spend many hours to secure some of the parts of a network, when there are small vulnerabilities that can be easily abused.

With networks small vulnerabilities are very common and even though one can never be sure that his or her network is secure, when no efforts in that direction are made, it is as sure as hell that this network is at risk. That is why it is absolutely clear that nobody can afford to leave a network unprotected. Fortunately, there are many tools, which help to protect a network and packet sniffers are one of them.

How a Packet Sniffer Can Protect Your Network?

Packet sniffers (or network analyzers, as they are also called) can be one of the best tools you can use to protect your network. There are many types of network threats and there is no universal tool that can help you protect your network against all of them, so if you expect that a packet sniffer can safeguard your network against all kinds of threats, this is not so but it is a fact that a packet sniffer can help you against many threats, both internal and external.

colasoft packet sniffer

A packet sniffer captures all the packets which go to and from your network and shows you their contents. While a packet sniffer is helpless against encrypted traffic, with unencrypted traffic a packet sniffer is an indispensable tool. When you have the chance to know what's going on in your network, you can easily spot the activities, which shouldn't be taking place.

colasoft packet sniffer

For instance, if somebody is downloading files with BitTorrent, or is generating any other kind of substantial traffic, a packet sniffer, such as Colasoft Packet Sniffer, will display this immediately and you will know that you should take the adequate measures to stop it. Actually, a packet sniffer allows to monitor all incoming and outgoing traffic and keep logs of this, so even if you don't react immediately when suspicious traffic occurs, all the traffic is logged and you can view it later.

Depending on the features of the packet sniffer you have selected, you will have different options to protect your network. Some of the packet sniffers with a rich feature set, for instance Colasoft Packet sniffer, offers a lot in terms of traffic monitoring. Generally, even the packet sniffers with less features allow to monitor suspicious activity at least from a given host or protocol.

One of the cases when packet sniffers don't offer much help is with encrypted traffic. This is a technical limitation and even though packet sniffers can intercept encrypted packets, they can't break the encryption and show the actual content of the packet. However, when you are monitoring a network and you notice that there is unauthorized encrypted traffic (for instance from a given host), this should ring a bell that something not nice is probably going on and you should take the adequate measures to investigate what exactly is happening.

Tuesday, April 14, 2009

How to Sniff All Images of a Webpage

In case we want to sniff all images of a webpage, here is a detailed process how we can do it with Colasoft Packet Sniffer’s "Logs" feature. I will take the home page as an example.

Step 1. Open Log Settings

Log settings allows us to set up some conditions or exceptions whether or not record some logs in the Logs tab. If we want to display just images in the Logs tab, we must enable the HTTP Log conditions.

How to Sniff Images Screenshot 1

Step 2. Enable Http Log Conditions

We must tick before Conditions to enable it

How to Sniff Images Screenshot 2

Step 3. Input "Image" into Content Type

On the right hand, lets’ input the content type in order to filter contents

How to Sniffer Images Screenshot 3

Here is an explanation of Content Type

How to Sniff Images Screeshot 4

Step 4. "OK" to Activate the Setting

Now we’ve done with the Log Settings, let’s see whether we can sniff all images of index page. First of all, let’s start capturing with Colasoft Packet Sniffer, then let’s input the URL into the address bar and start browsing.

Results start showing in the Logs Tab – Http Request Option, we can see all results are in image formats. We have successfully sniffed all the images on this webpage.

How to Sniff Images Screeshot 5

To view the image, we can click on the record, and it will be shown in a browser.

How to Sniff Images Screenshot 6

Free counter and web stats