SnifferClub - Free Packet Sniffer Software Download, Review, Howto's and Articles

How to Detect Email Worm with Colasoft Packet Sniffer

2009-06-24T02:59:00.000-07:00

What Is an Email Worm
In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers.

What Is the Harm of Email Worm

An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash.

How to Detect Email Worm

If you are suspicious some host in your network is infected with an email worm, here is a process how we can detect email worm" in network with Colasoft Packet Sniffer, step by step.

>Step1. Download a free trial and deploy it properly.

>Step2. Launch a Project and Start Capturing Some Traffic.

>Step3. Switch to “Diagnosis” Tab

Diagnosis tab is a view we can see all the network issues automatically detected by Colasoft Packet Sniffer, also some causes and solutions are suggested.

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:

>Step4. Locate the Source IP

Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the “Explorer” with the “Locate” shortcut in the right-click menu.

>Step5. Switch to “Logs” Tab

Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the Tab like this:

No doubt the final step is to isolate the host and kill the email worm with some AV software

Also there will be some other process to detect email worm with Colasoft Packet Sniffer, this is the shortest one.

14 Tips to Protect Your Organization's Network

2009-06-17T03:23:00.000-07:00

Network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your Organization's LAN.

1, Run Network Analyzer Frequently.Recommend an easy-to-use network analyzer, Colasoft Capsa.

2, Disable drives:Disable floppy drive access, USB ports and serial ports on networked computers.

3, Restrict Permissions: Windows 2000 and 2003 server allow you to set permissions so that users can't run downloaded 'exe' or other executable files.

4, Block Instant Messenger:IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens.

5, Password Protect Your BIOS:A BIOS without an administrator password is an invitation to mischief.

6, Run AV Software: Run anti-virus software on all your computers.

7, Build Your Defenses: Install a firewall or a proxy server.

8, Beware Of Attachments From Unknown, Untrusted Sources:Do not open attachments to email unless you trust the sender.

9, Monitor Your Ports:Install a port monitor to prevent your ports from being scanned.

10, Encrypt Wireless Access.

11, Keep Back Office Systems Off The Organization Network

12, Require passwords to be changed frequently

13, Use CTRL+ALT+DEL to logon

14, Keep your networking skills up to date.

How to detect the network malfunction via the end-point view with Colasoft Packet Sniffer

2009-06-11T00:26:00.000-07:00

Brief introduction about the Endpoint view in Colasoft Packet Sniffer

It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).

In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.

According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.

Application case study Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Packet Sniffer 6.9(figure 1):

In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):

The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization.

Next, check the TCP packets, we can check them out in Summary and Graphic as follows:

In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.

Please go to the Colasoft Official FAQ page for more "How-tos"

How to Track BitTorrent User in Network with Colasoft Packet Sniffer

2009-06-10T02:54:00.000-07:00

BitTorrent Consumes Big Bandwidth

Based on the working principle of BitTorrent protocol, if somebody is downloading big files with BitTorrent software, it will be a disaster for other users who need bandwidth for business operations as the user will consume large amount of bandwidth, thus causing long time network slowness, intermittence, even disconnections; because meantime the user downloading files from others, others are downloading files from him.

So it is necessary for IT administrators to track BitTorrent user at first place to regain network bandwidth for business operations. Blocking BitTorrent protocol can be one way; this article is to discuss how to track BitTorrent user with Colasoft Packet Sniffer.

How to Track BitTorrent User?

>Step1. Download a free trial and implement it correctly

>Step2. Launch a project and start capturing data

>Step3. Find BitTorrent Protocol in the "Protocols" Tab

>Setp4. Locate BitTorrent Protocol in the "Explorer"

Use the "Locate" function to locate BitTorrent protocol in the "Explorer" to analyze dedicated data.

>Step5. Track BitTorrent User in LAN in the "Endpoint" Tab

This is the way how to track the BitTorrent user in our network and who are connected with him. There is a lot more we can see from this tab, such as how much data has been downloaded and uploaded via BitTorrent protocol.

View how many connections have been built in "Matrix"

You’ll be shocked to see how many connections have been built in the "Matrix" Tab. In this case, we can see this user has built more than 1000 connections with other hosts.

About BitTorrent

BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files.

The protocol works when a file provider initially makes his/her file (or group of files) available to the network. This is called a seed and allows others, named peers, to connect and download the file. Each peer that downloads a part of the data makes it available to other peers to download. After the file is successfully downloaded by a peer, many continue to make the data available, becoming additional seeds. This distributed nature of BitTorrent leads to a viral spreading of a file throughout peers. As more peers join the swarm, the likelihood of a successful download increases. Relative to standard Internet hosting, this provides a significant reduction in the original distributor's hardware and bandwidth resource costs. It also provides redundancy against system problems and reduces dependence on the original distributor.

Next Step

>>Download a Free Trial

How to Monitor MSN Chat with Free Unipeek MSN Monitor

2009-06-08T22:26:00.001-07:00

For some purposes we want to monitor MSN chat around the network, for example, parents want to monitor MSN chat of their kids to ensure their safety; bosses want to monitor MSN chat of employees for company assets security and to improve work efficiency by minimizing none-business chat during working hours. You may still remember Colasoft MSN Monitor, now it is called Unipeek MSN Monitor and it is distributed completely Free for none commercial users.

Now let’s see how we can monitor MSN chat with Unipeek MSN Monitor, the free tool.

Step1. Download Unipeek MSN Monitor

Download Unipeek MSN Monitor, the free edition; from the website. As a matter of fact there is no function difference between Unipeek MSN Monitor the free edition and the commercial edition. The only difference is Unipeek MSN Monitor Free Edition only supports 10 MSN accounts maximum, but quite enough for family users.

Step2. Install and Deploy Unipeek MSN Monitor

The installation is quick and simple, just click “next” all the way to complete the installation. But the deployment is somewhat different. As Unipeek MSN Monitor is designed based on Colasoft’s packet capturing technology, so it has to be deployed properly like a packet sniffer if you want to monitor all MSN chat around the network. Of course, you don’t have to do it if you only want to monitor MSN chat of a single computer. To monitor multiple computers, you can install multiple copies.

Setp3. Run it and Start Monitor MSN Chat

After proper installation and deployment, we can start monitoring MSN chat right away.

About Unipeek MSN Monitor
Unipeek MSN Monitor (MSN sniffer) is Free MSN monitoring software for MSN chat monitoring and MSN message archiving. Based on Colasoft's packet analysis technology, Unipeek MSN Monitor is able to deliver the most accurate MSN monitoring statistics, and automatically record data for future reference. You need only install Unipeek MSN Monitor once to monitor all MSN chats over the local network.

Key Features include:

• Real-time and 24/7 MSN chat monitoring

• Automatically archive MSN messages for future reference

• Export messages of a custom time range

• Customize MSN account list to be monitored

• Unique Conversation Matrix showing account relations

• Support emotion icons, message font size and color.

Download Now

Download Unipeek MSN Monitor

How to Monitor Emails with Colasoft Packet Sniffer

2009-06-08T22:24:00.000-07:00

Some people may doubt if it is legal to monitor emails of employees with an email monitor software (aka. email spy or email checker), but this is not the topic of this article. We are going to discuss how we can monitor emails with some technical methods, especially how we can monitor emails with this packet sniffer – Colasoft Capsa.

Step 1. Still we need to download a free trial and deploy it correctly.

Step 2. Launch a project

If we have not set Capsa to save email logs to a local disk, we’ll not be able to monitor email contents but we can monitor all email logs. So we must set the log settings to save email logs to a local path in order to monitor email contents. Also there will be a notice when start a new project.

Setp3. Set Email Logs Settings

View full image to set the email logs setting correctly.

Advanced Email logs settings to split email logs and keep the most recent email logs to save disk space.

Step 4. Start Capturing and Monitoring Emails in “Logs” Tab

After email log settings is finished, we can do a test to see if we can get some email monitoring logs. Let’s launch Outlook and start sending and receiving emails. We can see that we’ve received many spam email in my email box. We can see a lot of information in the logs Tab, such as date and time, client name, email subject, sender and receiver name, size, and more.

Step 5. Monitor Email Contents

In order to view the original content of an email, the process is quite simple, just double-click on the logs, then Capsa will call an email software to display the email content, basically Outlook.

Now this is the entire process how we can monitor emails with Colasoft Capsa, we hope you enjoy this article.

Next Step

>>Download a Free Trial

Ten Reasons Make Packet Sniffers an Essential Network Tool

2009-05-14T02:54:00.000-07:00

No matter whether you are network administrators or IT managers, you should not be unfamiliar to the network analysis tool - packet sniffer, also known as a network analyzer, protocol analyzer or sniffer) which has been widely used by kinds of organizations, schools, enterprises, government institutions etc.

Maybe you are yet supirsed at why more and more enterprises, like IBM, Intel, Epson, Airbus, Ericsson etc, love to deploy packet sniffer to their company's network? OK, take a fresh coffee now, then look at the following problems, and ask yourself, as a network administrator or IT manager, if these issues are just what you have met?

Rushing from one network problem to another every day?
Have no way to judge if your network has been intruded?
Helpless collecting convincing information to submit your boss even if you have realized that your network system has been intruded.
No idea if current network usage is equal to actual need?
Know nothing of how many staffs are not killing their time by chatting with friends, browsing irrelevant webpage etc, but focusing on their job?

Yes, every question listed above has puzzled many network administrators, but no worry, packet sniffer can easily help you out with its strong functions, here are ten reasons make packet sniffers an essential network tools.

* Analyze network problems
* Detect network intrusion attempts
* Gain information for effecting a network intrusion
* Monitor network usage
* Gather and report network statistics
* Filter suspect content from network traffic
* Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
* Reverse engineer proprietary protocols used over the network
* Debug client/server communications
* Debug network protocol implementations

Currently, there are dozens of packet sniffers in the market, some are very complex to use like wireshark, you must be versed in networking,; some are designed for common network administrators, such as Colasoft Network Analyzer, all-in-one & easy-to-use, which are more and more accepted and welcome.

Top 5 Most Welcomed Packet Sniffers

2009-05-13T22:06:00.000-07:00

According to the latest statistic from famous download sites regarding to downloads of packet sniffer softwares, the following products are very honored to be listed as top 5 most welcome packet sniffers by network engineers, IT managers, and network administrators etc.

#1 Wireshark - A Free Open Source Network Sniffer for Top Network Engineers

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

#2 Colasoft Packet Sniffer - All-In-One & Easy-To-Use Network Analyzer and Packet Sniffers Available For Most Network Administrators.

Colasoft Packet Sniffer - Capsa performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the complex network, conduct packet level analysis, and troubleshoot network problems.

Whether you're a network administrator who needs to identify, diagnose, and solve network problems, a company manager who wants to monitor user activities on the network and ensure that the corporation's communications assets are safe, or a consultant who has to quickly solve network problems for clients, Capsa is the tool you need.

#3 Tcpdump: The Classic Sniffer For Network Monitoring And Data Acquisition

Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

#4 Etherdetect : Connection-Oriented Packet Sniffer And Protocol Analyzer

EtherDetect Packet Sniffer is an easy for use and award-winning packet sniffer and network protocol analyzer, which provides a connection-oriented view for analyzing packets more effectively. With the handy tool, all you need to do is to set up the filter, start capturing, and view connections, packets as well as data on the fly.

#5 Ettercap : In Case You Still Thought Switched Lans Provide Much Extra Security

Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

How to Find MAC Address with Colasoft MAC Scanner and More

2009-05-11T23:58:00.000-07:00

In computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sublayer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address.

Since a MAC Address is unique for most network adapters or network interface cards (NICs), it is important for IT administrators to know all the MAC addresses in LAN so as to quickly locate a network device when a network issue arises. Luckily we have tools to help us out. Let’s see how we can easily find MAC address in LAN with Colasoft MAC Scanner.

Colasoft MAC Scanner is a Free software to find MAC address and IP address. It can automatically detect all subnets according to the IP addresses configured on multiple NICs of a machine and find MAC addresses and IP addresses of defined subnets as your need. Users can custom own scan process by specifying the subsequent threads.

Step 1. Download Colasoft MAC Scanner

Step2. Install Colasoft MAC Scanner

The installation of Colasoft MAC Scanner is quick and easy, it is suggested to install Colasoft MAC Scanner on a laptop as it only scans and finds MAC addresses and IP addresses in the subnet to which the laptop is connected.

Step3. Start a Scan

It’s easy and quick, just press the start button, the Colasoft MAC Scanner will scan and find MAC addresses and IP addresses in the subnet and list them out. The results can be “copy and paste” or exported for future reference.

Now the problem is: if a LAN is divided into several subnets, we’ll have to move the laptop around and scan each subnet in order to find all MAC addresses and IP addresses. Then what’s the solution?

Find MAC Address and IP Address with Colasoft Packet Sniffer

Colasoft Packet Sniffer allows us to find MAC addresses and IP addresses both local and remote in the network as long as there is network communication initiated.

>>>>Download Colasoft Packet Sniffer Now

Find Out the Top Network Administrator Tools

2009-05-11T01:49:00.000-07:00

Packet Sniffers/Network Protocol Analyzer

With packet sniffers and network protocol analyzers, you can monitor network activity, analyze network performance, enhance network security, and troubleshoot network issues.

1, Colasoft Packet Sniffer - http://www.colasoft.com/ Colasoft Capsa performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the complex network, conduct packet level analysis, and troubleshoot network problems.
2, Ethereal – http://www.ethereal.com/
3, EtterCap – http://ettercap.sourceforge.net/
4, Snort – http://www.snort.org/
5, WinDump / TCPDump - http://www.tcpdump.org/wpcap.html/
6, DSniff – http://naughty.monkey.org/~dugsong/dsniff/

Scanning Tools
1, Nmap – http://www.nmap.org/
Nmap is a port scanner. A port scanner scans for open ports, such as 80 (http) or 25 (SMTP)

2, Sam Spade – www.samspade.org/
Sam Spade is a multi network query tool with many extra built in utilities, even a tool for spam. It includes utilities such as ping, whois, traceroute, and finger

3, NetScanTools Pro ($199) –http://www.netscantools.com/nstmain.html
NetScanTools Pro Edition is an integrated collection of internet information gathering utilities for Windows Vista/2008/2003/XP/2000. Use it to research IP addresses, hostnames, domain names, email addresses, URLs automatically** or with manual tools.

4, SuperScan – http://www.foundstone.com/
SuperScan has the primary purpose of scanning an IP range. It supports extremely fast Host Discovery lookups as well as TCP and UDP port scans thanks to its multi-threaded and asynchronous techniques.

UserManagement - http://www.tools4ever.com/
Complete user account management featuring advanced user creation, modification, removal, mass creation/removal and delegation of administrative tasks. The UserManagemeNT Suite consists of three modules, Professional, Import and Delegation. These modules can operate independently or seamlessly integrated with each other.

AdminMagic - http://www.tools4ever.com/
Full control: Using AdminMagic, you can take over and control users' desktops from your own workstation. Featuring complete mouse and keyboard emulation, you can execute programs, login/logoff, modify device drivers and reboot all from a central location. You can also take screenshots of remote desktops and store/print them for later use. Remote users will not be interrupted and can continue working as they always do.

Advanced System Optimizer - http://www.systweak.com/
Advanced System Optimizer is a system tweaking suite that includes around 30 tools to improve and tweak your PC's performance. It offers an attractive and easy to use interface that organizes all tasks into categories and provides graphical statistics whenever possible. The tools include junk file cleaner, memory optimizer, system information, system files backup, file encryption, safe uninstaller, duplicate file finder, taskbar manager and much more. Advanced System Optimizer also includes an Internet tracks eraser with cookie manager and secure deletion, and even a desktop sticky notes application. Overall, a great bundle that offers a wide range of system tools with extra benefits that are hardly ever found.

How Public Key Encryption Can Make Email More Private

2009-05-07T00:08:00.000-07:00

When you are entering your credit card number, talking with your lover, chatting with your business partners, can you imagine what will happen if everything you are doing is exposing to everybody?

Yes, it is unbelievable but it is quite true, hackers can easily obtain your private information like crecit card number, email logs, chat logs etc. by using some network analytic tools, such as Colasoft Packet Sniffer.

Protect Your Email Secure And Safe

So if we are helpless with our private information from being monitored or stolen? Of course not, to keep data sent via email private, you just need to encrypt it, as only unencrypted content can be monitored by network analytic tools like Network Analyzer. Only the targeted recipient will be able to decipher the message.

How to Encrypt Your Message?

Public key encryption is a special case of encryption, it operates using a combination of two keys: one is a private key, the other is a public key which together form a pair of keys. The private key is kept secret on your computer since it is used for decryption, the public key, which is used for encryption, is given to anybody who wants to send encrypted mail to you.

How Public Key works?

When you send public-key encrypted mail, the sender's encryption program uses your public key in combination with the sender's private key to encipher the message. When you receive public-key encrypted mail, you need to decipher it.
Decryption of a message enciphered with a public key can only be done with the matching private key. This is why the two keys form a pair, and it is also why it is so important to keep the private key safe and to make sure it never gets into the wrong hands (or in any hands other than yours).

Why the Integrity of the Public Key is Essential

Another crucial point with public key encryption is the distribution of the public key.
Public key encryption is only safe and secure if the sender of an enciphered message can be sure that the public key used for encryption belongs to the recipient.
A third party can produce a public key with the recipient's name and give it to the sender, who uses the key to send important information in encrypted form. The enciphered message is intercepted by the third party, and since it was produced using their public key they have no problem deciphering it with their private key.
This is why it is mandatory that a public key is either given to you personally or authorized by a certificate authority.

Monitor Your Network Traffic with Colasoft Packet Sniffer

2009-05-06T02:56:00.000-07:00

Importance of Network Monitoring

Reading network traffic is essential for system administrators, network engineers, and security analysts. At some point there will be a need to read the network traffic directly instead of monitoring application level details. Examples of situations that might require monitoring network traffic are, auditing network security, debugging network configurations, and analyzing usage patterns. For this task we use network monitoring software, or packet sniffers, that sniff the traffic your computer is able to see on the network. What exactly your computer can see really depends on how the network is laid out, but the easiest way to figure out what it can see is just start sniffing.

The most common tool to do the job is readily available. One of the most popular and easy – to - use tool for monitoring network traffic is Colasoft Packet Sniffer.

How to Monitor Network Traffic

As a packet sniffer, Capsa make it easy for us to monitor and analyze network traffic in its intuitive and information-rich tab views. With Capsa's network traffic monitor feature, we can quickly identify network bottleneck and detect network abnormities. This article is to discuss how we can Monitor Network Traffic with Capsa's network traffic monitor feature.

1, Monitor Network Traffic in "Summary"
tab

"Summary" is a view that provides general information of the entire network or the selected node in the "Explorer". In "Summary" we can get a quick view of the total traffic, real-time traffic, broadcast traffic, multicast traffic and so on. When we switch among the node from the explorer, corresponding traffic information will be provided.

(pic 1. monitor-network-traffic-in-summary)

2, Monitor Network Traffic in "Endpoints" tab

In "Endpoints" view, we can Monitor Network Traffic information of each node, both local and remote. With its easy sorting feature we can easily find out which host is generating or has generated the largest traffic.

(pic 2. monitor-network-traffic-in-endpoints)

3, Monitor Network Traffic in "Protocols" tab

"Protocols" view will list all protocols applied in network transmission. In "Protocols" view we can Monitor Network Traffic by each protocol. By analyzing network traffic by protocol, we can understand what applications are using the network bandwidth, for example "http" protocol stands for website browsing, "pop3" stands for email, etc.

(pic 3. monitor-network-traffic-by-protocol)

4, Monitor Network Traffic in "Conversations" tab

In "Conversations" tab we can Monitor Network Traffic by each conversation and the figure out which conversation has generated the largest network traffic.

(pic 4. monitor-network-traffic-by-conversation)

5, Monitor Network Traffic in "Matrix" tab

"Matrix" is a view that visualizes all network connections and traffic details in one single graph. The weight of the lines between the nodes indicates the traffic volume and the color indicates the status. As we move the cursor on a specific node, network traffic details of the node will be provided.

(pic 5. monitor-network-traffic-in-Matrix)

6,Monitor Network Traffic in "Graphs" tab

If we want to get a trend chart of the network traffic, then we need to use the "Graphs" tab. "Graphs" view allows us view network statistics dynamically in different chart types, such as ling chart, bar chart, and pie chart. By selecting "Utilization" we get a real-time traffic trend chart.

(pic 6. monitor-network-traffic-in-graphs)

As we can see, with Capsa we can not only Monitor Network Traffic in convenience, but also analyze network traffic in deferent levels, thus enables us quickly and efficiently detect network abnormities and troubleshoot network problems.

Kismet, an 802.11 Layer2 Wireless Network Detector and Packet Sniffer

2009-05-04T23:28:00.000-07:00

What is Kismet

Kismet is an 802.11 layer2 wireless network detector, packet sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, 802.11n, and 802.11g traffic (devices and drivers permitting). Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non-beaconing networks via data traffic.

Feature Overview

Kismet has many features useful in different situations for monitoring wireless networks:

- Ethereal/Tcpdump compatible data logging
- Airsnort compatible weak-iv packet logging
- Network IP range detection
- Built-in channel hopping and multicard split channel hopping
- Hidden network SSID decloaking
- Graphical mapping of networks
- Client/Server architecture allows multiple clients to view a single Kismet server simultaneously
- Manufacturer and model identification of access points and clients
- Detection of known default access point configurations
- Runtime decoding of WEP packets for known networks
- Named pipe output for integration with other tools, such as a layer3 IDS like Snort
- Multiplexing of multiple simultaneous capture sources on a single Kismet instance
- Distributed remote drone sniffing
- XML output

Typical Uses

Common applications Kismet is useful for:

- Wardriving: Mobile detection of wireless networks, logging and mapping of network location, WEP, etc.
- Site survey: Monitoring and graphing signal strength and location.
- Distributed IDS: Multiple Remote Drone sniffers distributed throughout an installation monitored by a single server, possibly combined with a layer3 IDS like Snort.
- Rogue AP Detection: Stationary or mobile sniffers to enforce site policy against rogue access points.

Download

Kismet can be downloaded here

How to Monitor Internet Traffic with Packet Sniffer

2009-04-27T22:45:00.000-07:00

Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks.

In case we want to monitor internet traffic generated or is generating in LAN, here is a detailed process how we can do it with Colasoft Packet Sniffer – Capsa.

Again we must make sure the packet sniffer software is correctly implemented so we can capture all the traffic in LAN, if you don’t know how to do it, please make sure you read how to implement a packet sniffer.

First let’s launch a new project with Colasoft Packet Sniffer, then do some online activities, such as chatting, browsing a website, sending and receiving emails, downloading some files. All these activities will generate different kinds of internet traffic. We may keep the project running to continuously monitor internet traffic or stop the project to do some analysis.

To monitor internet traffic, we’d better first select the “Internet Addresses” in the “Explorer” on the left window:

We can see that all the internet addresses are listed by countries, to monitor internet traffic of a specific country, we just need click on it; If we want to monitor internet traffic of a specific IP address within one country, we need to expand the country node and select the IP address in it.

Also we can monitor internet traffic aggregated or internet traffic in real-time

To view what online activities have generated or are generating internet traffic, we need to use the “Protocols” Tab.

We can see there are protocols which separately stand for different internet activities:

HTTP – Website browsing

MSN – online chatting with Live Messenger

POP3 – Email

HTTPS - Website browsing via a secure link

QQ- online chatting with QQ

DNS – Domain Name System

About Capsa

Colasoft Capsa is a network analyzer (packet sniffer or protocol analyzer) designed for network monitoring and troubleshooting. It performs packet capturing, network monitoring, protocol analyzing, packet decoding, and automatic diagnosing. By giving users insights into all of network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities. Learn more about Capsa, please visit http://www.colasoft.com/capsa/

What Can Hackers Do with a Packet Sniffer

2009-04-23T00:55:00.000-07:00

What Can Hackers Do with a Packet Sniffer?

A packet sniffer in the wrong hands is a deadly weapon. A packet sniffer is a real danger because it is a very powerful and difficult to detect tool

Security breaches of all kinds are reported all the time. Everyday we hear of hackers who managed to steal sensitive data, of people who become victims of identity theft, etc. Very often the breaches are so incredible that you wonder if hackers have supernatural powers. Well, hackers hardly have supernatural powers but they don't need them –supernatural powers are not necessary when a networklacks security and one has the right tools to break in.

Hackers Can Monitor Networks With a Packet Sniffer

The tools hackers use to break into networks are more or less the same tools network admins use to monitor and maintain their network with. For example, packet sniffers are among the tools hackers love most. A packet sniffer captures packets and shows you their contents.This means that with the help of a packet sniffer running somewhere into the network, hackers can monitor all the unencrypted traffic to and from this network.

This is really scary – just imagine a malicious hacker who knows all the secrets of your company. It gets even more dangerous for networks, where hubs (and not switches) are used because in this case a packet sniffer can be installed on any computer and the hacker will monitor all the traffic in that segment, not only the traffic to and from the host. The good news is that hubs are almost out of use today and because of that hackers can do less damage with a packet sniffer.

Hackers Can Obtain Passwords and Credit Card Numbers With a Packet Sniffer

When a hacker uses a packet sniffer to monitor your network, this is not nice but when he or she steals passwords, credit card numbers and other types of sensitive data, this is a real danger. Unencrypted passwords, credit card numbers and other sensitive data are an easy target for a hacker with a packet sniffer.

In many of the cases of mass theft of credit card numbers and passwords happen because hackers use a packet sniffer on an unencrypted network. For truth's sake, it is important to mention that even if all the traffic is encrypted, there are still many other ways to obtain sensitive data. But when the traffic over a network is not encrypted and nobody monitors the network for unauthorized packet sniffers, sooner or later data will be stolen.

One of the greatest achievements for hackers with a packet sniffer is to capture the administrator's password. When the administrator's password is transmitted over the network in an unencrypted form, this is an easy target for hackers. If hackers manage to intercept the admin password, they have the power to do everything they want to on your network – delete data, modify data, etc. So, do you see why hackers don't need supernatural powers but only the admin password?

About Colasoft

Ever since 2001, Colasoft has been an innovative provider of all-in-one and easy-to-use network analyzer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.

How to Monitor http Traffic with Packet Sniffer

2009-04-23T00:12:00.000-07:00

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. Its use for retrieving inter-linked resources led to the establishment of the World Wide Web.

In order to monitor http traffic, we will need a packet sniffer (or a protocol analyzer) software. Here is a detail process how we can monitor http traffic in LAN with Colasoft Packet Sniffer – Capsa.

Again let’s launch Colasoft Packet Sniffer and start a new project. Don’t forget one thing, we have to deploy the packet sniffer to the mirror port of the core switch in order to monitor all http traffic in LAN, if not, we can only monitor http traffic of our own computer.

Then let’s start browsing a website, for example, www.colasoft.com, to generate some http traffic. Now let’s get back to the packet sniffer and see if there is http traffic. OK, we can see the packet sniffer has already captured some http traffic in the “Protocols” Tab

We can see both the aggregated http traffic since start capturing and the real-time http traffic in this tab.

If we want to do a deeper analysis on http traffic, we will need to use the “Locate” function to locate http protocol in the Explorer to let the packet sniffer display only the data that is http protocol. Right click on the protocol and select “Locate Explorer Node” in the pop-up menu.

If we want to know who are using http protocol and what they are actually browsing, we are going to use two tabs, the “Endpoints” Tab and “Logs” Tab.

Let’s see who are using http protocol:

And what they are actually browsing:

5 Things IT Department had to skip in Recession

2009-04-22T00:43:00.000-07:00

In last blog, we have talked about the 5 items IT department must do even in the big recession, in addition to the things we can't do without, there are many more things we had to skip. We are not exactly happy to stop doing these things but desperate times cry for desperate measures and since these activities are something we can do without we had to either quit them, or drastically reduce them:

No purchases of new hardware. Though it is not precise to say that we haven't bought a single piece of hardware in the last year, we have definitely cut hardware spendings. For the time being we do not plan to make major hardware purchases.
Capital expenditures. Capital expenditures are another budget item we had to drastically shrink. We had schedules projects but the current economic situation made us have second thoughts and now capital expenditures are on hold.
Software that is nice to have but we can do without it. Similarly to hardware and capital expenditures, some major software expenses had to be cut. Yes, there are many products, for instance accounting, HR, or ERP modules, which are great to have but we'll go for them when the economic outlook is less gloomy.
Standardization. You know that IT people generally hate when they have to deal with bureaucracy and standardization, so if there is an item, we are happy to skip, this is standardization. More or less we skipped all standardization-related activities except those, that are related to regulations compliance. Standardization is put on hold, especially if it requires investment or other resources.
No infrastructure upgrades. We are not exactly happy about this one but since there are more important items we can't skip, we had to significantly reduce the planned network upgrades. Some of the projects in this area are put on hold, while others are canceled.

It wasn't easy to decide what to skip and what to keep but when times are tough, it is not possible to pretend that everything is OK and go on as planned. We hope that we are right in our choices and time will show if we did wise choices or not.

James Ackland is Author of this article from www.Colasoft.com.

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use packet sniffer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft Packet Sniffer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.

Top 5 Items IT Department Must Do

2009-04-19T20:13:00.000-07:00

Even though it is a basic economic fact that recessions happen once or twice in a decade, when the economy is in a good shape, like it was a couple of years ago, people, including IT managers, tend to forget that the summer will be over and hard times will come soon. On the other hand, recessions might be bad but the current one is certainly worse than many of the ones before. Actually, this is the worst recession since the Great Depression in the 1930s and even the most optimistically-minded managers have really serious reasons to fear and be cautious.

We can't say that the recession took us by surprise but certainly we didn't expect it to be that fierce. However, recession or no recession, life must go on and if a company wants to make it, there are many things which can't be skipped. So, no matter that IT budgets are tight, there are items a company can't save on. Here are the top 5 items our IT department will not sacrifice:

1, Network security and security in general. Being in the network security business themselves, we know that network security and security in general is paramount and no matter how hard the economic situation might be, this is not an item to save on because the price is too high. Certainly, we are not buying the most expensive solutions, even though they are incredibly great but we also do not make compromises with the quality either.

2, Going green. Going green is also an item we can't skip. Green technology saves money and now this benefit is more important than ever. So, if we buy new IT stuff, we definitely go for the green items.

3, Compliance. Regulations compliance is another item we can't afford to skip, unless we really want to go out of business (and we don't). So, when there are steps in this direction to be taken, we do them – no way!

4, Training. Training is also important and even though our training budget has shrunk, we still try to keep our staff qualified.

5, Outsourcing. Outsourcing has been a successful strategy for our company at all times and now, when money issues start to surface, we are happy that outsourcing helps us cut cost with no sacrifice of quality.

Kevin Chou is Author of this article from www.Colasoft.com.

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use Packet Sniffer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft Packet Sniffer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.

Analyze Protocols With Packet Sniffer

2009-04-16T23:34:00.000-07:00

What is Network Protocol?
A Protocol can be defined as rules governing the syntax, semantics and synchronization of communication.
In computing, A Protocol is a convention or standard that controls or enables the connection, communication and data transfer between two computing endpoints.
Protocols may be implemented by Hardware, Software or a Combination of two. At the lowest level, a protocol defines the behaviour of a hardware connection.

Why Protocol Analyzing Important?
Since all network communications are based on protocols and different protocols indicates varieties of network behaviours, by analyzing protocols using a Packet Sniffer, we get to know what network applications are used on the network and what network behaviour is taken against your network. You may check out our protocols database to get an explanation of each protocol.

Analyze Protocols With Packet Sniffer
A Packet Sniffer is an important part of the Network Manager's toolkit. Traditionally sniffers are useful for troubleshooting networks and SNMP tools are better for trending and service management. The combination of an SNMP based Performance Manager and a well-featured Packet Sniffer will allow you to perform many of the fundamental tasks required for successful network management.

Packet Sniffers, often called "packet sniffers" after Network Associates market leading Sniffer product, capture packets and decode them into their component parts. It's fairly obvious how sniffers can be used to troubleshooting network problems. Once a problem is detected packets are captured and analyzed and the details of the communication can be worked out. But sniffers can do more than this and, in fact, turn out to be surprisingly useful in many aspects of network management.

Unexpected Traffic
The obvious thing to do is monitor the network for unexpected traffic. Most network managers know the types of application that they expect to see and can point out anything unusual. If anything unexpected is spotted then a capture of some of the traffic is usually sufficient to pinpoint the machines involved.

Unnecessary Traffic
Many machines to be set by default to run protocols that may not be required.
For Example: Many printers broadcast using Novell's IPX protocol. It is fine if you are using NetWare, but not always necessary. It's good housekeeping to remove any protocols that you do not need. You may be concerned about how your users are using the available bandwidth. A good sniffer will allow you to filter specific types of traffic, so that you can keep an eye on any traffic that may cause you a problem.

Unauthorized Program Use
It is useful to check the specific port numbers for services on your Servers. Most common services operate on defined port numbers, a packet capture on a Server will soon reveal what services are running. You can disable any services that you do not need. This has two benefits, one, it avoids unnecessary traffic on the network, and second it means that no unauthorized user can take advantage of that service. If anyone is using a service a packet capture will show you the address. Most sniffers allow filtering on specified port numbers so it is possible to monitor continuously for specified port numbers.

Email Problems
Email systems typically use standard port numbers, 25 for SMTP, 143 for IMAP, 110 for POP3. Setting filters for these ports will usually help to discover the cause of problems with email.

Virus Detection and Control
Antivirus software manufacturers offer updates services. Armed with the information on new threats it is often possible to build suitable filters to detect viruses. For example many sniffers allow you to specify a text pattern, so a virus contained in a message containing a known text string could be detected. Analysis of the capture will show the source and destination of the packets.

Firewalls
Firewalls need to be checked for outgoing and incoming traffic. You will have to define a set of filters for traffic in both directions. Should the firewall begin to let unauthorized traffic through you need to be able to detect it.

For Example:
TCP is a Reliable connection oriented Protocol. Common Applications of TCP are Email and File Transfer. TCP is optimized for accurate delivery rather than timely delivery, and therefore, TCP sometimes incurs relatively long delays (in the order of seconds) while waiting for out-of-order messages or retransmissions of lost messages. So TCP analysis is required with Colasoft Packet Sniffer for finding delays.
UDP is a Reliable Connectionless Protocol. Common Applications of UDP are DNS, VOIP, IPTV and FTP.Sometimes Packet loss will happen during transmission and no help for this. Using Colasoft Packet Sniffer we can find the loss
HTTP is a request/response standard of a client and a server. A client is the end-user; the server is the web site. The client making a HTTP request—using a web browser, spider or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. Certain design features of HTTP interact badly with TCP, causing problems with performance and with server scalability. Latency problems are caused by opening a single connection per request, through connection setup and slow-start costs. Scalability problems are caused by TCP requiring a server to maintain state for all recently closed connections. Colasoft Packet Sniffer is used to detection such problems.

How to Protect Your Network with Packet Sniffer

2009-04-16T20:13:00.000-07:00

A packet sniffer (also called a network analyzer) can help you make your network more secure by identifying what's going on in it

Networks are large entities, even if they don't consist of thousands of machines. Large networks are especially vulnerable because they are a fruitful ground for attacks and hacking of all kinds. Even if a system administrator is a genius, he or she can't fight network security threats with bare hands.

Why Do You Need to Protect Your Network?

One of the major principles in network security is that a network is as secure as its weakest part is. In other words, it makes no sense to invest tons of money and spend many hours to secure some of the parts of a network, when there are small vulnerabilities that can be easily abused.

With networks small vulnerabilities are very common and even though one can never be sure that his or her network is secure, when no efforts in that direction are made, it is as sure as hell that this network is at risk. That is why it is absolutely clear that nobody can afford to leave a network unprotected. Fortunately, there are many tools, which help to protect a network and packet sniffers are one of them.

How a Packet Sniffer Can Protect Your Network?

Packet sniffers (or network analyzers, as they are also called) can be one of the best tools you can use to protect your network. There are many types of network threats and there is no universal tool that can help you protect your network against all of them, so if you expect that a packet sniffer can safeguard your network against all kinds of threats, this is not so but it is a fact that a packet sniffer can help you against many threats, both internal and external.

A packet sniffer captures all the packets which go to and from your network and shows you their contents. While a packet sniffer is helpless against encrypted traffic, with unencrypted traffic a packet sniffer is an indispensable tool. When you have the chance to know what's going on in your network, you can easily spot the activities, which shouldn't be taking place.

For instance, if somebody is downloading files with BitTorrent, or is generating any other kind of substantial traffic, a packet sniffer, such as Colasoft Packet Sniffer, will display this immediately and you will know that you should take the adequate measures to stop it. Actually, a packet sniffer allows to monitor all incoming and outgoing traffic and keep logs of this, so even if you don't react immediately when suspicious traffic occurs, all the traffic is logged and you can view it later.

Depending on the features of the packet sniffer you have selected, you will have different options to protect your network. Some of the packet sniffers with a rich feature set, for instance Colasoft Packet sniffer, offers a lot in terms of traffic monitoring. Generally, even the packet sniffers with less features allow to monitor suspicious activity at least from a given host or protocol.

One of the cases when packet sniffers don't offer much help is with encrypted traffic. This is a technical limitation and even though packet sniffers can intercept encrypted packets, they can't break the encryption and show the actual content of the packet. However, when you are monitoring a network and you notice that there is unauthorized encrypted traffic (for instance from a given host), this should ring a bell that something not nice is probably going on and you should take the adequate measures to investigate what exactly is happening.

How to Sniff All Images of a Webpage

2009-04-14T23:23:00.000-07:00

In case we want to sniff all images of a webpage, here is a detailed process how we can do it with Colasoft Packet Sniffer’s "Logs" feature. I will take the CNN.com home page as an example.

Step 1. Open Log Settings

Log settings allows us to set up some conditions or exceptions whether or not record some logs in the Logs tab. If we want to display just images in the Logs tab, we must enable the HTTP Log conditions.

Step 2. Enable Http Log Conditions

We must tick before Conditions to enable it

Step 3. Input "Image" into Content Type

On the right hand, lets’ input the content type in order to filter contents

Here is an explanation of Content Type

Step 4. "OK" to Activate the Setting

Now we’ve done with the Log Settings, let’s see whether we can sniff all images of CNN.com index page. First of all, let’s start capturing with Colasoft Packet Sniffer, then let’s input the URL into the address bar and start browsing.

Results start showing in the Logs Tab – Http Request Option, we can see all results are in image formats. We have successfully sniffed all the images on this webpage.

To view the image, we can click on the record, and it will be shown in a browser.

Colasoft Packet Sniffer Capsa 6.9 Review

2009-04-13T00:42:00.000-07:00

Overview
Not so hard for a freshman.
Auto diagnosis.
Real time capture.
If it's cheaper, I will definitely buy it!
After using Colasoft Packet Sniffer, I found 3 features of this product:

1.supports the real-time capturing and monitoring
2.excellent capability of protocol analyzing (approximately 300 types) and packet decoding
3.Well, the most exciting part is the automatic expert diagnosing! That really saves so much money and time for me, and I do not worry about the solution of failure again!

Cost and performance are in desired level .

What It Is and What It Can Do
Colasoft Packet Sniffer is an expert packet sniffer and protocol analyzer designed for packet decoding and network diagnosis; it monitors the network traffic transmitted over a local host and a local network, with the ability of real time packet capture and accurate data analysis. Colasoft Packet Sniffer makes your network operations completely transparent before you, letting you isolate and troubleshoot network problems quickly and efficiently. The flexible and intuitive user interface lets either IT professionals or novice users skilfully handle it in a few moments.

Easily understand how to use this packet sniffer with samples provided with the Tool. Sample packets helps me a lot for my first time deployment by avoiding contacting the Technical Support during my initial days of using this Tool.

For a Small Business Enterprise, This tool's network diagnosis helps me to detect slow network and upgraded speed for better utilization.

I prefer this for a Medium Business Enterprise as troubleshooting network issues is simply superb.

For Medium and a Large Business Enterprises, Security is an issue.This packet sniffer enhances Network Security by monitoring the network with Logs. As every packet is recorded and analyzed, loopholes can easily detect.

For every organization, security is a major concern. By using this tool Monitoring of Email Contents and Monitoring IMs, Chats is easy. Every information in Messegers, chats, HTTP Requests is logged .

Can easily find where the problem from the Packet Analysis without letting the user to report about his huge traffic.

For Internet Service Provider, this is very very useful tool. ISPs have problems of Server down issues due to huge traffics. By diagnosing with this tool, Server down issues can be reduced.
Prevent hibernation while capturing and view both IP Addresses and Hostnames. This is a good feature in upgraded version.

Colasoft Packet Sniffer Supports Windows Vista-64 bit Edition. Able to identify and Analyze 300+ Network Protocols.

By going through the site www.colasoft.com, I came to know that Colasoft Packet Sniffer Professional Edition available and used it for Analyses. It really good to use and operate. Everything is logged and my network usage is monitored.

Videos in the website help me to understand the ARP Attacks, Monitoring Network traffic. So I can protect my network now by identifying the deceived hosts and by identifying who is consuming maximum bandwidth in a Local Segment.

I can monitor the traffic either by protocol, IP or MAC Address. So much flexibility in using this packet sniffer.

Internet Service Providers can use this tool for quick issue troubleshooting. Easy to identify problems and minimizes the time to service the customer.

The reports are displayed with Graphs and Tables .Viewing the connection in a matrix is wonderful and it is something special in Colasoft Packet Sniffer. This pictorial representation is really good to sort out the issue by easily detecting.

Colasoft Packet Sniffer has the tools that would not find in other protocol analyzers, including ping and scan IPs and MACS across the LAN.

Summary
Colasoft Packet Sniffer is an easy-to-use and all-in-one tool for IT Network Administrator, IT Consultant and for a Security Manager in IT Company.

Packet Sniffer, Basic Tool for Network Administrators

2009-04-08T02:16:00.000-07:00

Packet sniffers are a valuable tool for both network administrators and hackers. There are many packet sniffers on the market and one of the most sophisticated is the packet sniffer from Colasoft

Packet sniffers are one of the best tools a network administrator has at his or her disposal to analyze network traffic and to troubleshoot problems. On the other hand, when a Packet sniffer is in the wrong hands – i.e. hackers use it – this can cause quite a lot of damage to a company or an individual, especially if the victim hasn't taken the required protective measures. You see, as with many things in life, packet sniffers can be a great tool to maintain a network, yet they can be very destructive, if misused.

Packet sniffers are very common, choose a best packet sniffer for you. There are many packet sniffers on the market and they range from free, to cheap, to expensive, from very simple, to advanced, to packed with features. Each type of packet sniffers has its purposes and if you need a simple tool for quick results on a small network, you don't have to buy the most expensive packet sniffers, no matter that they have tons of features. But in reality, if you need a packet sniffer for professional use, low-end sniffers are not the answer and you need something more sophisticated, for example Colasoft Network Analyzer. Colasoft Network Analyzer is built around packet sniffing but includes many other useful features as well.

As any other packet sniffer, the packet sniffer from Colasoft, intercepts and logs traffic, transmitted within a network (or a network segment). A packet sniffer can be really invisible because it monitors the network (almost) unobtrusively. Since a packet sniffer just sniffs the packets without modifying them, it doesn't cause disturbances to alert the administrator that something is going on. Unless the administrator doesn't run an anti-sniffer, the traffic can be eavesdropped and nobody will know about it.

Of course, a good network administrator knows how to detect a packet sniffer, so if you plan to get Colasoft packet sniffer and use it in a malicious way, don't expect that this will go unnoticed. The packet sniffer in the Colasoft Network Analyzer is not stealth but since anyway Colasoft Network Analyzer is intended for network troubleshooting, not network hacking, there is no reason to worry that the packet sniffer is not hidden. When a network administrator uses a packet sniffer in order to legitimately monitor network traffic, he or she doesn't need cover.

One of the most important features of a packet sniffer is the protocols it can sniff. In this aspect Colasoft Network Analyzer is an unbeaten packet sniffer because it can monitor over 300 protocols. Colasoft knows that when the packets of major protocols are not captured, this gives a wrong impression about the traffic in the network and that is why Colasoft Network Analyzer supports so many protocols. And no, the protocols Colasoft Network Analyzer can sniff are not exotic ones – they are protocols used frequently in networks.

Additionally, new and new protocols are added to the packet sniffer from Colasoft, so even if your network uses some really rare protocols, which are currently not supported by Colasoft Network Analyzer, they could be added in the future. Well, if you expect that the packet sniffer from Colasoft will sniff encrypted traffic, this will not happen because no packet sniffer can do it!

Network Troubleshooting Made Easy, A Colasoft Software Solution

2008-12-02T00:38:00.000-08:00

The Challenge

As the business is becoming more and more networked, it’s always necessary for network administrators to troubleshoot network issues in shortest time possible if the network is not functioning properly. Network downtime or network malfunction may cause headaching inconvenience or even millions of business losses if not settled up in time. Without a handy tool, network troubleshooting can be time-consuming and frustrating.

Old Ways – Time-consuming and Frustrating
There are a lot of articles providing guidance on how to troubleshoot network issues in general ways. For simple networking issues, these tutorials work fine. However, for a company-level network, issues are often complicated and mixed, and these issues require deeper analysis and stronger diagnosis abilities. Obviously, old ways are no longer suitable for today’s in-time network troubleshooting demands.

Troubleshooting Network Issues in Seconds
To troubleshoot your network in time, even in seconds is now possible with Capsa’s diagnosis feature. Network issues are automatically detected and clearly identified, with possible causes and solutions provided.

Automatic Diagnosis
Based on Colasoft’s packet analysis engine, Capsa is able to automatically detect network issues in different OSI layers, such as application layer, transport layer, and network layer. All these issues are marked with different severity levels, indicating which are critical issues that need to be addressed immediately, which are just informative messages.

(Figure 1 Diagnosis Events List)

Quick Locate Suspicious Host
Once a critical network issue is detected and requires immediate handling, we can select the item from the list, then detailed information will be provided under, including source, destination, port and so on. We can easily locate the suspicious host in this field, for example, the attacking host or the host which is spamming our network. Moreover, after locating the suspicious host, we can conduct deeper analysis, such as protocol analyzing or packet decoding.

(Figure 2 Diagnosis Details)

Possible Causes & Solutions
When selecting a network issue from the list, possible causes and solutions are also provided for users to understand the issue and solve it as soon as possible.

(Figure 3 Possible Causes & Solutions)

Customizable
Depending on network sizes and network’s characteristics, we can customize the threshold that triggers one diagnosis event and the severity of the network issue.

(Figure 4 Customize Threshold)

Conclusion
It is always good to maintain the network running smoothly and properly without any problems. However, if a network issue arises, we must make sure it is quickly detected and solved before it affects the entire infrastructure and brings loss to our business. For the complexity of the network and variety of network applications, network troubleshooting is becoming more challenging and demanding. To have a powerful tool like Capsa in hand is must in everyday’s network management.

About Capsa
Capsa is packet sniffer software designed for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.

About Colasoft
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com/

Top 10 Uses of Packet Sniffer Software

2008-11-24T17:13:00.000-08:00

Packet Sniffer software is a network monitoring tool that helps us to be in control of our network 24/7. All computer networks that are connected to the internet are highly vulnerable to security risks. If our networks are not constantly monitored, we can easily become a prey for the hackers. Packet sniffer software logs all traffic and all data that is sent in and out of the network that matches the specific packet criteria set by the network administrator.

Packet sniffer software has a number of uses and all of them are of critical nature.

Whenever there is a network related problem, we need some basic clues so that we can start addressing the problems. We will be able to get these clues from the packet sniffer software that is installed in the network. Therefore, packet sniffer software will not only help us monitor the network, but it will also help us analyze the network traffic so that we can identify any problem that crops up in the shortest time possible.
If there are any unauthorized intrusions, we will be able to detect the intrusions in good time. This will help us protect our network from the hackers.
We will be able to monitor the usage levels of the network at any given time. This will help us optimize the usage if we need to.
Using packet sniffer software we can keep a tab on each user in the network and gather sensitive information including passwords.
Packet sniffers will also be useful to monitor ‘on the fly’ network traffic to determine what is going on in the network at any given time.
Packet sniffers are not only useful for network administrators, it is also useful for programmers and security professionals to study the network traffic and possible loopholes so that they can be sealed.
Parents can keep a tab on their children’s online PC usage.
For those who are in learning stages packet sniffer will help them understand various protocols of the network such as HTTP, POP3, STMP, etc.
The reports generated can be used to build reliable statistics about the network use.
You will be able to find reasons for system slowdown. Using the packet sniffer software you will be able to troubleshoot the problem in the shortest time possible.

There many other uses besides the ones mentioned above. In addition, there are many packet sniffer software products available in the market. When you want to install packet sniffer software in your network, you must spend enough time in identifying the best packet sniffer software. The product you select should be a versatile tool and a popular product that has been tested in a variety of situations. It should be capable of handling small as well as large network without causing any problems in the network. One of the best packet sniffer software available in the market is Colasoft Capsa. For more information about this versatile tool, visit Colasoft.com.

About Colasoft
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com/

Colasoft Packet Sniffer Capsa 6.9 Released

2008-10-28T01:37:00.000-07:00

(colasoft.com) – Oct 21, 2008 - Colasoft, a dedicator in network analysis field, recently released version 6.9 of its flagship product – Capsa, a packet sniffer software designed for network monitoring and troubleshooting purpose. Two new protocols, Cisco Inter-Switch Link (ISL) and Fibre Channel over Ethernet (FCoE) now can be recognized and decoded. This latest version also improved user’s experience based on user’s feedbacks.

Capsa is packet sniffer software which can perform real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.

"We'll always take into consideration good suggestions from our customers", Said Roy Luo, the CEO of Colasoft, "and include them in future releases to ensure highest satisfaction."

What’s New in Capsa 6.9

Support ISL Protocol Decoding: Cisco Inter-Switch Link (ISL) is a Cisco Systems proprietary protocol that maintains VLAN information as traffic flows between switches and routers, or switches and switches. It is a protocol to encapsulate traffic from different vlans, and tag them for latter specification. Now all trunk traffic between switch -- switch or router -- switch can be decoded and the context inside of the trunk link can be analyzed.

Support FCoE Protocol Decoding: Fibre Channel over Ethernet (FCoE) is a proposed mapping of Fibre Channel frames over selected full duplex IEEE 802.3 networks. This allows Fibre Channel to leverage 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol. The specification is supported by a large number of network and storage vendors, including Cisco, EMC, HP, IBM, Intel, and Sun Microsystems.

View IP address and Hostname in One Tab: Capsa will automatically resolve hostname and display it in its interface. In previous versions users may view only the hostname or the IP address at a time, they will need to switch manually if they want to view another value. In 6.9 users can directly view both the IP address and the hostname at the same time, which provides correlation between the two values

"It's the easiest product to use. The support is excellent and the features added in subsequent releases are always well thought-out and beneficial to our company." Eric Gomez, CSO, InfoSight, Inc.

Whether for a network administrator who needs to identify, diagnose, and solve network problems quickly, an IT professional who wants to monitor user activities on the network, a security manager who needs to ensure that the corporation's communications assets are safe, or a consultant who has to quickly solve network problems for clients, Capsa has the functions that satisfy the diversified needs perfectly.

Capsa 6.9 runs under Windows 2000/XP/2003/Vista. A trial version is available at the company's web site: http://www.colasoft.com/

About Colasoft

Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com/

Wireshark 1.0.4 Just Released, Download Now

2008-10-25T19:26:00.000-07:00

(Oct 20, 2008) Wireshark 1.0.4 has been released. Installers for Windows, Mac OS X Intel 10.5, and source code is now available.

In this release

Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931, MATE, and USB dissectors, as well as the Tammos CommView file parser have been fixed. See the advisory for details.

Many other bugs have been fixed.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

1. Florent Drouin and David Maciejak found that the Bluetooth ACL dissector could crash or abort. (Bug 1513)

Versions affected: 0.99.2 to 1.0.3

2. The Q.931 dissector could crash or abort. (Bug 2870)

Versions affected: 0.10.3 to 1.0.3

3. Wireshark could abort while reading Tamos CommView capture files. (Bug 2926)

Versions affected: 0.99.7 to 1.0.3

4. David Maciejak found that the USB dissector could crash or abort. This led to the discovery of a similar problem in the Bluetooth RFCOMM dissector. (Bug 2922)

Versions affected: 0.99.7 to 1.0.3

5. Vivek Gupta and David Maciejak found that the PRP and MATE dissectors could make Wireshark crash. (Neither PRP nor MATE are enabled by default.) (Bug 2549)

Versions affected: 0.99.2 to 1.0.3

The following bugs have been fixed:

Let MP2T call its subdissectors, even without tree (Bug 2627)

Wireless Toolbar not enabled (using AirPcap) if PCAP_REMOTE=1 (Bug 2685)

Failure to dissect long SASL wrapped LDAP response (Bug 2687)

Fix compiler warnings (Bug 2823)

Homeplug dissection bugs (Bug 2859)

Malformed Packet DCP ETSI error (Bug 2860)

Wrong size of selected_registrar in WPS dissector (Bug 2865)

Dissector assertion displaying cookies in DTLS frames (Bug 2876)

Missing field type in documentation (Bug 2889)

Wireshark -p switch seems to have no effect to PROMISCUOUS mode (Bug 2891)

Misspelled PPI error vector magnitude filter (Bug 2903)

Modbus Function 43 Encapsulated Interface Transport decoding (Bug 2917)

Crash when printing or exporting some protocol data (Bug 2934)

Crash when selecting "Export Selected Packet Bytes" (Bug 2964)

New and Updated Features

There are no new or updated features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AFP, Bluetooth ACL, Bluetooth RFCOMM, DCP ETSI, DTLS, Homeplug, IEEE 802.11, IP, Modbus TCP, MP2T, NSIP, NCP, PPI, Q.931, SASL, SNMP, USB, WPS

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

Download Wireshark 1.0.4

The latest version can be downloaded here: http://www.wireshark.org/download.html

Wireshark Multiple Vulnerabilities

2008-10-24T08:45:00.000-07:00

Wireshark (http://www.wireshark.org/) is the most popular network protocol analyzer (aka "sniffer").

A memory corruption vulnerability exists in Wireshark, potentially allowing a remote attacker to compromise targeted systems by sending them specially crafted "live" network traffic or malicious network trace files (pcap files).

Multiple denial of service vulnerabilities also exist in Wireshark, allowing a remote attacker to crash targeted systems upon sniffing network traffic or viewing network trace files (pcap files).

Impact:

Full compromise of the targeted system.

Risk:

High

Affected Software:

Wireshark version older than 1.0.4

Additional Information:

The Bluetooth HCI memory corruption vulnerability lies in the BTHCI packet dissector and is caused by insufficient checking of packet parameters. This issue occurs either when Wireshark is configured to sniff Bluetooth traffic (with an USB dongle for example) and sent "live" malicious traffic, or upon opening a crafted Bluetooth HCI encapsulation format traffic file.

The Parallel Redundancy Protocol post-dissector (not enabled by default) is vulnerable to a denial of service when handling specially crafted Ethernet frames; the issue is caused by a missing exception handling.

The USB URB denial of service vulnerability lies in the USB packet dissector, where insufficient checking of packet parameters is performed; the vulnerability is present only when Wireshark is configured to sniff packets from USB ports or opens a crafted USB traffic pcap file.

The two denial of service conditions above may be used by an attacker as a Cyber Counter-Measures tool, in order to render the network surveillance systems "blind" before engaging in further deleterious action.

Solutions:

Upgrade to latest version available from http://www.wireshark.org/download.html.

Do not open pcap traffic files received from unknown source.

References:

Wireshark advisory is available at http://www.wireshark.org/security/wnpa-sec-2008-06.html

Bluetooth HCI memory corruption

Parallel Redundancy Protocol denial of service

USB URB dissector denial of service

Acknowledgment:

David Maciejak of Fortinet's FortiGuard Global Security Research Team

Disclaimer:

Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.

About Fortinet ( www.fortinet.com ):

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.

How to Monitor Network Traffic with Packet Sniffer

2008-10-15T22:19:00.000-07:00

There are quite a lot of software (both free and commercial) out there that perform network traffic monitoring tasks. But this article is to discuss how we can monitor network traffic with packet sniffer software. Among these packet sniffers, Colasoft Packet Sniffer is highly recommended as it is easy to use and thorough in data analysis. You can click here to download a trial version of Colasoft Packet Sniffer.

Get a Real-ime network traffic Trend Chart

If we want to get a trend chart of the network traffic, then we need to use the "Graphs" tab. "Graphs" view allows us view network statistics dynamically in different chart types, such as ling chart, bar chart, and pie chart. By selecting "Utilization" we get a real-time network traffic trend chart.

Learn How Much network traffic Has Been Generated by What Network Protocol

"Protocols" view will list all protocols applied in network transmission. In "Protocols" view we can monitor network traffic by each protocol. By analyzing network traffic by protocol, we can understand what applications are using the network bandwidth, for example "http" protocol stands for website browsing, "pop3" stands for email, etc.

Learn Which Host Has Generated or Is Generating How Much network traffic

In "Endpoints" view, we can monitor network traffic information of each node, both local and remote. In this tab we can monitor the aggregated network traffic and the real-time network traffic generated by each host (listed as IP addressess and MAC addresses). With its easy sorting feature we can easily find out which host is generating or has generated the largest network traffic.

Monitor network traffic Generated by Each Network Conversation

In "Conversations" tab we can monitor network traffic by each conversation and the figure out which conversation has generated the largest network traffic.

Inbound network traffic, Outbound network traffic, Broadcast network traffic and So on

In "Summary" we can get a quick view of the total network traffic, real-time network traffic, broadcast network traffic, multicast network traffic and so on. When we switch among the node from the explorer, corresponding network traffic information will be provided.

Colasoft Packet Sniffer - Capsa

Capsa is packet sniffer software designed for network monitoring and troubleshooting purpose. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.

Capsa runs under Windows 2000/XP/2003/Vista. A trial version is available at the company's web site: http://www.colasoft.com/

How to Deploy a Packet Sniffer

2008-10-13T02:43:00.000-07:00

Before we can analyze and monitor a network with a packet sniffer, we must make sure the packet sniffer is correctly deployed at the right place, so that we can capture all the traffic running in and out. The installation of a packet sniffer is easy, it is always a good idea to install a packet sniffer on a laptop, so that the laptop can be shifted around to troubleshoot different network segments. This article will discuss how to deploy a packet sniffer based on the different network device that is used.

How to Deploy a Packet Sniffer in a Switched Network

Switch is a network device working on the Data Link Layer of OSI. Switch can learn the physical addresses and save these addresses in its ARP table. When a packet is sent to switch, switch will check the packet’s destination address from its ARP table and then send the packet to the corresponding port.

Condition 1: Manageable Switch

Generally all three-layer switches and partial two-layer switches are manageable; the traffic going through other ports of the switch can be captured from the debugging port (mirror port/span port) on the core chip. To analyze the traffic going through all ports, we should deploy a packet sniffer at this debugging port (mirror port/span port). In a manageable switch network environment, we should deploy a packet sniffer like this:

Condition 2: Unmanageable Switch

If our switch has no management function, we can connect a tap with the line to be monitored. Taps can be flexibly placed on any line in network. When requiring high network performance, we can add a tap to our network. In an unmanageable switch network environment, we should deploy a packet sniffer like this:

How to Deploy a Packet Sniffer in a Hubbed Network

A hubbed network is also known as shared network which is connected with a hub. In a hubbed environment, packet sniffer can be installed on any host in LAN. The entire network data transmitted through the Hub will be captured, including the communication between any two hosts in LAN, because when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. In a hubbed network, we should deploy a packet sniffer as shown below:

NetScout has released nGenius Performance Manager and nGenius InfiniStream version 4.5

2008-10-10T01:06:00.000-07:00

NetScout Systems, a provider of network performance management software, has released nGenius Performance Manager and nGenius InfiniStream version 4.5 software, and the evolution of its nGenius InfiniStream continuous capture Deep Packet Inspection devices, the company's next step in executing on the integration of its acquisition of Network General.

The result is a unified solution that raises the bar in service assurance and performance management by combining early-warning capabilities, real-time and historical application flow analysis, and deep-packet forensics. The result of this evolution will have a profound impact on IT operations by enabling network, datacenter and application managers to dramatically improve productivity through more effective collaboration to address the operational challenges of managing the modern IP network posed by virtualization, convergence, SOA and highly distributed network-centric operations.

According to the company, the evolution of the nGenius Performance Management solution integrates the functionality of NetScout's real-time monitoring and rapid top-down troubleshooting and analysis with the former Network General's expert packet analysis and data-mining capabilities.

As part of the product unification, elements from both product lines have come together under the nGenius Performance Management umbrella, with application intelligence and data mining capabilities retaining the well-established Sniffer branding. NetScout has also unified its family of continuous capture Deep Packet Inspection (DPI) devices, formerly known as nGenius AFMon and Sniffer InfiniStream, as nGenius InfiniStream. The new nGenius InfiniStream DPI devices retain important elements from both product lines delivering operational consistency with a flexible range of interface options and storage capacities to meet the most demanding high-performance requirements.

NetScout's thoughtful approach to the integration of Sniffer portfolio into the nGenius portfolio enables customers to efficiently leverage their existing investments and benefit from the blended technical capabilities of two platforms. Companies that have deployed both platforms further benefit as this latest software release allows for the consolidation and unification of performance management tools with an easy-to-deploy migration path that delivers a best of both worlds approach.

Michael Szabados, COO of NetScout, said: "The integration of nGenius and Sniffer technologies into a single, unified solution brings enormous power to our expanded customer base and new customers alike. Managing the Modern IP Network requires a transformative approach to how networks are managed. This latest release of NetScout's nGenius technology addresses this need by bringing top-to-bottom intelligent views that empowers IT managers to solve the hardest performance challenges while providing unmatched investment preservation and delivering greater business value to our customers."

Top Reasons Why Academic Users Need Packet Sniffer Software

2008-10-09T18:46:00.000-07:00

Academic users need packet sniffer software for various reasons in their daily works, such as network performance monitoring, network behaviors supervising ,conceptual items demonstrating and so on. Two packet sniffers are highly recommended for such users.

Why Academic Users Need Packet Sniffer Software

For an academic network administrator who needs to make sure the network is running smoothly and reliably, he will need packet sniffer software for:

Monitoring network performance around the clock,
Supervising various kinds of network behaviors,
Protecting network from suspicious intentions and attacks,
Discovering network loopholes and network bottlenecks,
Identifying and troubleshoot network problems in time,

For an academic teaching staff who needs to explain and demonstrate conceptual items to his students, he will need packet sniffer software for:

Demonstrating how a service (such as DNS, DHCP) works for your network,
Demonstrate the detail information within a packet of some sort of specific protocol,
Demonstrate the network behaviors of an application,

For an academic researcher and developer, he will need packet sniffer software for:

Network protocols research purpose
Debug network relied applications

For an academic student, he will need packet sniffer software for his studying and researching purposes.

Suggested Packet Sniffer Software

Wireshark

Wireshark is a free network packet sniffer developed by an international team of networking experts. Its key features include:

Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis

Colasoft Packet Sniffer

If you are looking for a cost-effective and easy-to-use packet sniffer, then you should take a look at Capsa, a packet sniffer produced by Colasoft Co., Ltd. Its key features include:

Monitor traffic and bandwidth details in graphs and numbers.
Automatically diagnoses network and suggests solutions.
Able to identify and analyze 300+ network protocols.
Provides packet summary and decoding information.
Monitors site visits, email contents, online chats, and more.
Lists all hosts in network with details (traffic, IP, MAC, etc.).
Visualizes the entire network in an ellipse, showing connections and traffic.
Monitor all conversations and reconstruct packet stream.
Free built-in tools to create and replay packets; scan and ping IPs.
Quick generates reports of most concerned items.

Capsa runs under Windows 2000/XP/2003/Vista. You can click here to download a trial version of Capsa.

Packet Sniffer, A Brief Introduction

2008-10-09T06:57:00.000-07:00

A packet sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network. They are available for several platforms in both commercial and open-source variations. Some of simplest packages are actually quite easy to implement in C or Perl, use a command line interface and dump captured data to the screen. More complex projects use a GUI, graph traffic statistics, track multiple sessions and offer several configuration options. Packet sniffer are also the engines for other programs. Intrusion Detection Systems (IDS) use packet sniffer to match packets against a rule-set designed to flag anything malicious or strange. Network utilization and monitoring programs often use packet sniffer to gather data necessary for metrics and analysis. Law enforcement agencies that need to monitor email during investigations, likely employ a packet sniffer designed to capture very specific traffic.

A packet sniffer can be an invaluable tool for administrators, security professionals, programmers and even beginners. They are excellent utilities for troubleshooting any type of network problem, since they provide a window into local traffic. I personally have used packet sniffer on multiple occasions for security work and once discovered a compromised machine that periodically sent updates to a cracker. For network programming, a packet sniffer is a necessity for debugging in the development stages. Packet sniffer are an outstanding resource for the curious beginner, who hopes to understand both networks and security. Nothing can bring you closer to what really happens, when computers communicate, than these tools.

It should be noted that the casual user should be very cautious when, where and how they use these programs. Never employ packet sniffer on a local network without checking with an administrator. It's best to try these techniques at home, or on a network you run.