VoIP analysis

Capsa 10 improves the VoIP analysis feature. The new version supports both SIP and H.323 protocols, and is able to play back voice and video files. A brand new VoIP analysis view is provided to display VoIP call statistics, like MOS-A/MOS-V distribution, call status, codec type, etc., to display network traffic information for VoIP calls, and to display SIP/H.323 statistics.

The original Call tab is also improved to display each VoIP call, and to analyze each VoIP call process. Just double-click a voice or a video media flow; a player will launch automatically to play the audio/video file.

Furthermore, new VoIP charts, VoIP report modules, and VoIP diagnosis events are added to the new version.

TCP Conversation analysis

With Capsa new version, the TCP Conversation view adds a column Interaction Diagram, which displays the packets interaction status for each TCP conversation. Just by a glance on the Interaction Diagram, you will know the TCP conversation information, if there is retransmission or not. The scales on the diagram indicate the number of payload packets, green indicates request packets, blue indicates response packets, and red indicates retransmission packets.

A Payload column is added to display the payload data for each TCP conversation, and a Max. ACK Time column is added to display the maximum transport layer ACK time for each TCP conversation, which is helpful for analyzing TCP conversations.

With the new version, TCP flow analysis optimizes the algorism for TCP transactions and adds new metrics for TCP transactions, like server response time, transaction processing time, client idle time, etc., which facilitate the analysis of TCP transactions.

What' s new in Capsa 9.2

Application Analysis

Capsa 9.2 provides application analysis feature, which makes application-based traffic analysis available. More than 1,800 built-in applications are provided, including the popular Web application, Email application, network management application, etc.

Users can also customize applications based on IP address, port number, protocol, pattern, and combinations thereof.

An Application view is provided to show all the traffic statistics for applications, including total bytes, packets, Bps, bps, pps, etc. Once an application is selected, the lower pane will show protocol and conversation information related to that application. Double-click an application, the Packet Decoding window will open to show packets related to that application.

An Application Explorer is provided to display the applications that have network traffic and works as a display filter.

For example, you can first go to the Application view to find the desired applications, and locate it to the Node Explorer. Then, the views on the right shows data related to that located application. You can go to the Summary view to check traffic statistics, and go to the conversation views to see conversation information.

HTTPS Decryption

Capsa 9.2 enables users to decrypt the HTTPS message with the right configuration of key file. There are three common decryption method: RSA, PSK, and (P)MS log file. Capsa supports all of these three methods. Users could choose either to edit the RSA key list, to use a PSK, to import a (P)MS log file, or even to use them all simultaneously for the decryption.

Before the decryption:

After the decryption:

Select Medium Type

Capsa 9.2 allows users to analyze the packets with a specified medium type.

The default medium type will change for different networks to capture the packets. The wired network interface card is defaulted as Ethernet, and the wireless network interface card is defaulted as 802.11. When replaying the packet, it is defaulted to follow the medium type of the packet files.

With some special mediums, which do not fit the default medium type, users could specify a medium type and Capsa 9.2 will analyze the packets with this specified medium type.

Using the right medium type makes packets analysis more accurate.

Besides above new features, Capsa provides following new features and improvements:

  • A Base64 Codec tool is provides to facilitate the encoding and decoding with Based64 codes.
  • A Dup Ack mark and a Retransmission mark are added to the Summary column on the Packet view.
  • The display on HiDPI screen is optimized.
  • A Bearer Protocol column is added for port statistics to display transport layer and application layer protocols.
  • The display of top charts is optimized to make it more regular

What' s new in Capsa 9.1

Conversation Filter

Capsa 9.1 provides a Conversation Filter, which would help users filter the conversations captured by Capsa. Conversation Filter applies to MAC conversations, IP conversations, TCP conversations, and UDP conversations. Capsa 9.1 allows users to set Conversation Filter rules according to address and port, location, conversation protocol, conversation packets, conversation content, and conversation options. All the rules can be related to each other with logical AND/OR relation. Once Conversation Filter is enabled, only matched conversations will be displayed on conversation views.

Packets can be decoded as specified protocol

Capsa 9.1 provides a new feature, which allows users to decode packets as a specified protocol. To some problem packets, which deceive the protocol auto-diagnose system, now users can specify a protocol and Capsa 9.1 will decode the packets according to the specified protocol.

Packets can be filtered based on time rule

Capsa 9.1 provides a new filter rule which allows users to filter packets according to a scheduled time range. Through this feature, users can define when to capture the packets and when not to.

A Time Sequence tab is added for DNS-based conversation

Capsa 9.1 provides a Time Sequence tab for DNS-based conversation. With this feature, user can view the detailed DNS domain name resolution process.

Capsa 9.1 also made some improvements. Name Table now can be exported as .csv format. You can first export Name Table as a .csv file, add names and addresses to that file, and then import the file to Capsa 9.1 Name Table. With this feature, addresses and names can be added to Name Table in batch.

Other new features and improvements include:

The protocol PPP for POS can be recognized and decoded.

An option is added to show/hide address location.

An option is added to enable/disable the automatic loading of packet files replayed last time.

What' s new in Capsa 9.0

Network traffic analysis based on local processes

Capsa 9 provides a Process view, which shows the network traffic information for local processes, listing process name, process ID, bytes and packets data for the process name and process ID. Once a process is selected, the lower pane will show protocol and conversation information related to that process. Double-click a process, the Packet Decoding window will open to show packets related to that process.

A Process Explorer is provided to group all local processes that have network traffic and works as a display filter. Once a process node is selected on the Node Explorer, the statistical views on the right pane will show data related to that process.

For example, you can first go to the Process view to find the desired process, and locate it to the Node Explorer. Then, the views on the right shows data related to that located process. You can go to the Summary view to check traffic statistics, go to the conversation views to see conversation information, and go to the Diagnosis view to check network events.

With this local process analysis feature, you can easily determine what applications and programs on your local machine are generating network traffic.

Besides this new feature, Capsa 9 provides some improvements on Colasoft network tools, including Colasoft MAC Scanner and Colasoft Ping Tool

What' s new in Capsa 8.2

Traffic Analysis of 2-Channel Wireless AP

Capsa 8.2 is capable of analyzing the traffic of wireless AP with 2 channels. Users can choose up to 2 wireless channels to analyze the total traffic which greatly enhances the accuracy of wireless traffic analysis.

Hex Display of Decoded Data

Hex display of decoded data is supported in Data Flow sub-view in TCP Conversation view and UDP Conversation view. Users can switch the display format between hex and text.

Data Flow Display Optimization

The display is optimized in Data Flow sub-view in TCP Conversation view and UDP Conversation view.

Protocols Recognition Enhancement

With the continuous improvement of CSTRE (Colasoft Traffic Recognition Engine), Capsa 8.2 is capable of recognizing up to 1546 protocols and sub-protocols, which covers most mainstream protocols in the network.

What' s new in Capsa 8.1

Brand-new 64-bit Version

A maximum of 100,000 analysis objects are supported and total idle RAM can be set as packet buffer size in the 64-bit version of Capsa.

Online Auto Update

The feature of online auto update greatly simplifies the update process. Users can easily and quickly experience new version of Capsa when receiving new installation packets over the Internet.

Conversation Filter

Conversation filter is added for quick problem location when users want to analyze conversations with a certain protocol. It is only available in protocol filter and only applies to conversations. Take HTTP conversation filter for example, only HTTP conversations will be displayed in the TCP Conversation view when it is set, but all the packets captured will also be displayed in other views.

Capsa Network Analyzer Conversation Filter

What' s new in Capsa 8.0

Third-generation Colasoft Traffic Recognition Engine (CSTRE)

Capsa Network Analyzer 8.0 is based on the Third-generation Colasoft Traffic Recognition Engine (CSTRE), which substantially improved the accuracy and efficiency of protocol & application recognition. 83 new protocols are supported, Capsa 8.0 now supports more than 900 protocols and sub-protocols.

Traffic Recognition Engine

Expert Network Loop Diagnosis

Two Expert Diagnosis Events are added to Capsa 8.0, they are Physical Loop Diagnosis and Routing Loop Diagnosis. Capsa 8.0 makes it very easy for network administrators to locate network loop anomaly without looking into any packet details.

Expert Network Loop Diagnosis

Conversation Colorization

Conversation Colorization is another useful functionality in Capsa 8.0. You can colorize any Conversation in the MAC Conversation View, IP Conversation View, TCP Conversation View and UDP Conversation View. Packets related to that Conversation will be colorized automatically with the same color. The relevance between a session and a packet is enhanced by colorizing packets which greatly improves performance analysis efficiency.

Conversation Colorization

Conversation Colorization

Auto-resolve Host Name and Domain Name

Capsa 8.0 is can actively resolve host names and domain names. You can set up this function and resolve all the host names and domain names in your network. It is more simple and straight to review host names and domain names than purely IP addresses. Moreover, all the resolved names can be saved to your name table.

Auto-resolve Host Name and Domain Name

Start Capsa from the Command Line

You can start Capsa from the command line. You can both start a new capture or replay a packet file from the command line. Follow the steps below to learn how to start Capsa from the command line.

  1. Right-click Computer on the desktop, choose Properties, then a dialog box pops up.
  2. Choose Advanced system settings, the dialog box of System Properties pops up as shown below:

    Start Capsa

  3. Click Environment Variables, a dialog box pops up as shown below:

    Start Capsa

  4. Choose Path in System Variables, click Edit, the dialog of Edit System Variable pops up as shown below:

    Start Capsa

  5. Add the path of the file named "cmdl.exe" to the input box of Variable value, separate the new path from the existing path with a semicolon in English.
  6. Click OK, then environment variables setting is finished.

After finishing environment variables setting, users should verify whether it is successful. The steps are shown below (Take Windows 7 flagship version for example):

  1. Click Start, input "cmd" in the box of Search programs and files, click Enter, then the window of cmd pops up.
  2. Input "cmdl /?", click Enter, if there is the content as below, it means the setting is successful:

  3. If there isn't such content as above, please check whether environment variables setting is right.

For more functionalities of Capsa 8.0, please click here(http://www.colasoft.com/support/update.php) .

What' s new in Capsa 7.8

VoIP Analysis

Capsa 7.8 provides a VoIP analysis module to capture and analyze VoIP calls and graphically display VoIP analysis results, which helps IT staff baseline and troubleshoot VoIP-based networks.

A VoIP view is provided to list all VoIP calls as well as their related statistics and has a lower pane for analyzing voice and video control flows and media flows as well as their jitter, loss, MOS, etc., to visualize analysis data and assess voice and video quality.

VoIP Analysis

A VoIP Explorer groups private and public IP addresses for VoIP calls.

VoIP Analysis

Furthermore, there are VoIP diagnosis events and VoIP logs. A VoIP dashboard contains the VoIP analysis charts graphically.

VoIP Analysis

Together with VoIP Explorer and VoIP diagnosis, the VoIP view helps users visualize analysis data and assess voice and video quality, to thereby assist you troubleshooting VoIP networks, software and hardware.

Top Domain Name Statistics

Earlier versions of Capsa provide a Name Table feature to help network administrators conveniently manage staff's network activities by displaying the IP address as names instead of figures. Capsa 7.8 here now provides a top domain feature which shows top visited Internet IP addresses as domain names. We know that one domain name may be resolved to be multiple IP addresses, and Capsa can identify all these IP addresses as one domain name if they are actually directed to that domain, and graphically display the top resolved domain names:

Top Domain Name Statistics

Port - Based Statistics

A Port view is provided to present traffic statistics based on TCP/UDP port numbers. This feature is useful when you want to analyze a specific application. The port numbers are provided with above layer protocol, packets, bytes, average packet size, and common application.

In addition, the Dashboard view provides a Port panel to graphically display top port statistics:

Port - Based Statistics