author: PCQuest
May 1, 2015

Colasoft Capsa 7 Enterprise: Network performance and security

As compared to some if the free network analyzers out there, the learning curve for Capsa isn’t very steep. You’ll get used to it in no time, and the plethora of online video tutorials on their website definitely help. They’re quite snappy, and to the point.

The software’s GUI is very well-structured and easy to understand. We reviewed the enterprise edition of the software, but there’s also a free edition available, which analyzes traffic only for IP addresses of the first 50 nodes it captures. So if you are a smack business owner with less than 50 nodes on your network, then you can use this tool free of cost to troubleshoot your network.

Capsa lets you capture traffic from both wired and wireless networks. For a wired network, you need to connect if at a mirror/scan port on your network. Likewise, for wireless networks, it automatically identifies your wireless network adapter and displays the wireless access points it found. Choose the one you want to monitor, specify its password and start capturing. The software switched your wireless adapter into monitoring mode, but strangely at the same time, it disconnects your wireless connection while the capturing is in progress. You can’t use your wireless adapter for anything else during this time.

The good thing about Capsa is the apart from full scan, you can also choose from eight pre-configured analysis profiles. So whether you want to find out which websites are your users visiting or you want to hunt down security issues on your network, or even capture all email or IP telephony conversations, Capsa provides specific profiles for a variety of tasks to quickly get you started.

Once traffic has been captured, you can start analyzing it for the protocols used, active physical endpoints by MAC or IP address, physical or IP conversations between various nodes, the ports being used, or even drill into every network packet configuration. Moreover, if you feel that a specific node is generating too much traffic and is attempting to connect to too many nodes on the network (which typically happens during a virus or worm attack), then here’s a matrix view that gives a graphical view of which node is connecting to which one, Another convenience feature is that you can isolate the traffic by a specific node at the click of a button.

What’s more, Capsa also provides for download on their website lots of capture filter samples for a wide variety of network anomalies. For instance, you can detect all PCs on your network running Bit Torrent, or detect the machines infected with the Code Red virus, and so on. Another neat feature offered by Capsa is that you can replay network packets saved using other network monitoring tools, like Wireshark.