Author: Dave Bailey

Dec 12, 2008

Review: Colasoft Capsa 6.9 Enterprise Edition

Launched in November, Colasoft's Capsa 6.9 network protocol analyser has an uphill fight to disturb the leaders in this particular space, mainly because the market has moved on from straight network protocol analysis to digging directly into application network streams.

The network packet analysis market is currently crowded, with systems ranging from free open-source products like Wireshark, to high-end systems from better known vendors like Network Instruments with its Observer package.

The main new features in Capsa 6.9 are the ability to decode Cisco's Inter-Switch Link protocol to virtual local area network information as traffic negotiates switch and router network paths, and support for the Fibre Channel over Ethernet protocol.

Capsa 6.9 Enterprise Edition is currently certified for Windows 2000 Professional, XP Professional, Vista, Windows Server 2003, and Windows Server 2008, as well as 64-bit versions of these operating systems.

Network support extends from 10/100Mbit/s systems to gigabit connectivity, and has microsecond timestamp capability. Firms with a simple network can deploy a straight network connection, but managed switches need port mirroring or test access ports if specific network segments need traffic captured.

We installed Capsa 6.9 on a variety of systems, including hardware running Windows XP, Vista and Windows Server. We attached to hubs, managed switches (with port mirroring enabled) and took a specific feed off a router through a TAP.

Our Intel 'whitebox' server, which had DHCP and Active Directory installed, had a quad-port Intel PCI network interface card (NIC) connected to various s ubnets, as well as to an ADSL router for internet access. Capsa picked all four ports up as well as two extra NICs attached to the motherboard.

It was easy to capture and filter network traffic and use the diagnosis analyser to check different network layers. For example we could check for application layer problems like DNS server errors, and troubleshoot simple mail transport protocol problems.

The GUI is simple to negotiate and a few clicks were sufficient to pull network traffic off all our NICs, and perform quite detailed analysis. The provision of easy access web resources on a sidebar was another neat touch, addressing network technicians still new to network protocol analysis.

However, we could not see any alerting for paging network administrators or technicians, or configurable trigger functions to automatically react to adverse network events.

One area where the competition has a clear advantage is the ability to run on dedicated hardware with certified NICs. Competitors like Network General, Network Instruments and WildPackets all have turnkey appliances able to take 10 Gigabit Ethernet network traffic straight to terabyte-sized storage arrays for detailed forensic analysis.

Overall, Capsa is a pretty comprehensive package for network analysis, but users requiring high-end features, like the ability to analyse 10 Gigabit Ethernet connections in real time, may need to look at more expensive systems with dedicated hardware.

Colasoft did tell us that it is considering a move to address larger enterprise networks in the future.