Colasoft Capsa Network Analyzer

The Paper illustrates the need for monitor information flow in IT systems (Especially network), and the challenges today's supervisors face when the needs is required to be satisfied. Paramount in this discussion is the trend of growing needs of internal auditing and correspondent solutions.


Along with Information Technology spreading over Corporations and different Organizations through the entire world, the information flow then became one of the most key flows in enterprises as Logistics and work flow is.


The Demand

Behavior Management

Internal abuse is one of the most common problem the IT system faces. The IT infrastructure grows stronger and stronger along with the development of hardware technology like ASIC, multi-core, FPGA. Does that mean the IT resource is tending to be infinite? We shall never worry about slow network connectivity? While we have a 10Gigabits connection there, is QoS from now on merely a joke cause we have infinite bandwidth that can never be exhausted?

The answer is no. The users are greed. What they want pullulates as fast as the hardware technology does. Just like the history of Operation Systems, what kind of hardware platform there is, and also there must be corresponding software running over it - how many infrastructural resources there is, how much the needs from users will be.

  • Over a 56K modem line, users can grind it by web browsing.
  • Over a 2MB ADSL, users can overwhelm it with P2P downloading.
  • Over a 1000MB Fiber access, users can also congest it with HD TV online or even network storage.

Users can never be satisfied by pure technology. And on the other side, this is also why technology evolves continuously - there are endless demands from users.

Therefore, management against network abuse is absolutely necessary.

An auditable monitoring system would be a good control over your IT resources. It does not only protect vital applications like VoIP meetings from negative impact conducted by internal abuse, but also improve productivity by constraining users' private use of network.

Sensitive Information Disclosure Control

There is a list which provides the most common needs of different companies. These needs are direct and specific:

  • Tracking Web browsing behaviors
  • Monitoring of out-bound emails
  • Monitoring of in-bound emails
  • Analyzing attempts to access sensitive applications or data
  • Analyzing employees' use of networks, servers, and/or applications
  • Searching for employee activity in blogs, SNS

It is easy to figure out the demand for secure sensitive data.

However, this is no technology can be used to identify whether a stream of data is sensitive or not, no mention protect the data from disclosure.

A better and practical way to confront the challenge is to make the information flow auditable in your IT system and with a proper regulation/policy/law, can hold up the disclosure and make people think twice.

The trend

Nowadays, enterprises, especially IT business companies, are highly concentrated on anti-spyware (Refer CSI Computer Crime & Security Survey). We can surely infer the need of securing private information/data.

The research of InformationWeek Analytic 2009 said the motive for monitor - "detecting potential leakage of sensitive data", grows from 42% (2008) to 53% (2009). The trends told us how much they care about protecting sensitive data.


And the information flows in IT systems are mostly in two forms:

Archived in storage

The storage media like hard disks, tapes, Flash can be well controlled in the physical level thus any access to such information is static, explicit and auditable.

Transmitted in network

Since the network is designed to share information at the first place, it was build up with high accessibility - the path/route exists logically and dynamically, and the information flow can hardly be tracked of.

The network part is illusory for its flexibility. To track the information flow running in it would not be an easy work.

But it is lucky that the application for data delivering through network is commonly monitorable - Email, MSN, WEB download, FTP.


Colasoft Capsa is a product which provides multiple modules to monitor the commonly used network applications:

Email Analyze module.

It enables the supervisors to monitor all SMTP/POP3 based email traffics. The email message can be reconstructed and the context inside is then readable. The attachment sent with the email can be copied and saved in specified directory on your hard disk.

HTTP Analyze module.

This would allow Capsa to record every http request in the traffic. While if you had SPAN configured to monitor the out-bound traffic to internet, you will be able to inspect the internal Web browsing activities.

DNS Analyze module.

DNS request and response will be record for reference. It is also useful in web behavior monitor. And also important in accidentally connection establish like Trojans.

Colasoft Capsa provides visibility to information flows in your IT systems and accountability for surveillance.

Our Clients