How to Analyze Network Traffic Based on Local Processes
Working as an IT engineer can be a very difficult and challenging task, especially when troubleshooting network problems. As more and more applications were published, and the internet speed goes higher and higher, it is a tough job to analyze the network traffic, even with a traditional packet capturing network analyzer. However, Capsa provides a process analysis feature, which makes the task easy.
To analyze network traffic based on local process, you need to make sure that the Process analysis object is checked. Double-click an analysis profile and go to the Analysis Object tab to check it, as the screenshot below:
To display the Network Process view, double-click the analysis profile and go to the View Display tab to make sure the Process view is enabled, as the screenshot below:
Once the analysis profile is set OK, you can click Start to analyze the network.
A Process view is provided to list all local processes that have network traffic. You can sort the processes by bytes, packets, Bps, bps, pps, etc., as the screenshot below:
When a specific network process is selected on the Process view, the lower pane will list protocols, TCP conversations, and UDP conversations initiated by that process, as the screenshot below:
You can also locate a specific local process. Right-click a process and click "Locate in Node Explorer", as screenshot below:
The Node Explorer works as a display filter. When a specific node is selected, all the analysis views display data only related to that node.
For example, when the process node "svchost.exe" is selected on the Node Explorer, the Matrix view only displays peer nodes information initiated by svchost.exe. You can also go other analysis views to see related information.
With above feature, it is very convenient for network administrators to analyze the network traffic based on local processes.
You may also find abnormal protocol running on the network. Then you can use Capsa to locate that protocol on Protocol Node Explorer, and then go to the Process view to see which network processes are using that protocol to send data.