Colasoft Capsa User Manual - Network Analysis Community
Contents
1. Colasoft MAC Scanner contains the following components Menu Contains all the items on toolbar commands to control the window and help Toolbar 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 117 133 gi Colasoft Maximize Network Value Contains shortcuts of the most common used commands And allows you to customize Scan Network View Scan Network View will display the2. The Name Table tab appears as follows Network Profile Management Network Profilel General Network Group wiww colasoft com 207 218 235 182 blog colasoft com 207 218 235 178 www wilderssecurity com 65 175 38 11 Toolbar e Add Click to create a new alias item e Modify Click to edit a highlighted alias item e Delete Click to delete a highlighted alias item e Import Click to read the filters from a csccont file or cscntab file 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in 39 133 the United States and or other countries All other trademarks are property of their respective owners Pr Colasoft Network Profile b d Maximize Network Value e Export Click to save the filters to a csccont file e Options Click to set Name Table Options as follows Click the Options button the Name Table Options dialog appears Here you can choose to Enable passive name resolution or not and Save the resolved names of IP address when exit or not and change the number how many days the unused names will be saved 2 by default Enable passive name res Only show user edit Save the resolved names of IP address when exit Save the unused names Days Add or Edit an Alias The Name Table is used to manage alias of all the IP addresses MAC addresses a
3. D BitTorrent csopkt D POP3 csopkt D http rawpkt Options Burst Mode no delay between packets Loop Sending 100 7 loops tzero For infinite loop Delay Between Loops 1000 gt milliseconds Ignore any file error Sending Information Current File D BitTorrent cscpkt 74994 sending packet Colasoft Packet Builder Colasoft Packet Builder is useful tool used for creating custom network packets you can use this tool to check your network protection against attacks and intruders Colasoft Packet Builder provides you very powerful editing feature besides common HEX editing raw data it featuring a Decoding Editor which allows you edit specific protocol field value much easier In addition to building packets Colasoft Packet Builder also supports saving packets to packet files and sending packets to network To start Colasoft Packet Builder do one of the followings Click Packet Builder icon in Tools tab of the Ribbon figure below Choose Start gt All Programs gt Colasoft Capsa 7 1 gt Capsa 7 0 Toolset gt Packet Builder Choose Start gt Run enter pktbuilder and click OK 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in 127 133 the United States and or other countries All other trademarks are property of their respective owners gx Colasoft Maximize Network Value Analysis Syst
4. Maximize Network Value Enterprise Edtion gi Colasoft gx Colasoft Content Maximize Network Value Content cst etc st est cee etn ela sees cpr ei crac eee sn cp scr oe sclera E A temas se scene a E 2 OWS NO A AE E AE E EEA E I A AA A AEE A EEA EE A A AE E A AEE AAEE TET 5 Be RG O r ns pases a a E E A O E cad iemeuacanrebadanodmeueemapetuetpeesnieesA 5 HTS YTS e AJG OMEN e E E E E pets Natanleda ions pa ainnalsnee Doone 7 Installation and TD SIG VMS IA rate eisitaa tasetersunaarsuienaesairarnaderttaciiviawtnaidreaiw tealieio eepnayeiniiiascicitaatemdenaetanaitinnn tamoeane seater aw teadanun tqaeitewonemeimaindindasunbeecsnantesashantapwqeraraented 8 RST LEON IA VIO FMRC UI sirisser a ia nts ensimaea Oa ao e a RO a E OE OE A Era a i O ai 8 POCE NEON e A A 11 SE ve CI ISIN E eararapiir kanner En e En EE a E REE RRE E E R N EREE E EREE EEEE EE a EEEE EE ORAS 12 mstalation ana OPIS AN OT irens rE ERNE EE REEERE EEA EENE EEE EENE EREEREER EN NEEE 12 PAVEC OENE T e E E E E EE E E E ae E EA E ee ee 13 ACV CUE eee E E E a nee 14 Cetindir o ae a E E 15 Pe eM PI CO ASO OA a E E E E E E E E E 15 EPE oere E E E A E 15 Start a Capture eee 16 Anayo MOOG miea e lige E A ala RE ae cn OE ese ee lage bade sane E RE rE E EE ATR 17 Arnan aT Modes GADE e AA ee eee eee 17 ee eae e aa e a A E A T E A A I A A E E E E E 18 MAUS Or O 2 oo ees E E E E E E ee ee ee 19 REDON e E E E E E A E EE E E E E A ats 19 MONEO a A A deaianesed na nner aneesteasiena
5. The Network Group is used to customize your network You can divide IP addresses and MAC addresses of your network into different groups Thus you save your time to lock down the troubled host in a group Based on your network all IP nodes and MAC nodes can be defined into different groups that you will identify local traffic from internet traffic and broadcast traffic from multicast traffic with ease For example you can divide IP address groups by department names Colasoft Capsa automatically generates one default profile which has the same result as you click Auto Detect and Colasoft Capsa will map out a default structure of your network based on IP addresses and MAC addresses 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 38 02 olasoft Network Profile Maximize Network Value Name Table You can open the Name Table tab of the Network Profile dialog through any of the following e On Start Page Double click a network profile in the Network Profile section to open the Profile Management dialog You will find Name Table on this dialog e nan analysis project Click the Name Table icon on the Analysis tab of the Ribbon figure below 2 ag A General Network Name Alarm Group Table Settings Netw ork Profile
6. The Profile Options window contains the following components e Analysis Object Set which objects and protocols to be analyzed and the maximum number of each object e Packet Storage Set the buffer size buffer mode and configure how to save packets in the buffer to disk e Log Settings Customize all available log settings to get more useful log records 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 437 133 gs Colasoft Analysis Profile Options Maximize Network Value e Diagnosis Settings Manage the thresholds of all available diagnosis events to meet your real need Analysis Object The Analysis Object settings are used to customize the objects to be analyzed e g protocols IP addresses physical addresses conversations and the maximum number of the objects Properly setting these items will help to improve the performance of the program Some items in the Analysis Object column are locked because they are basic analysis objects You can uncheck the network objects to disable the program to analyze them e g remote IP address and four types of conversations For example if you uncheck the Physical Conversation in the Analysis Object column Colasoft Capsa will not analyze all physical conversations and not provide physical
7. Delay Between Loops ete Sending Information Total Packets 2 60 120 Packets Sent 2 Waiting for next loop 1000 ms Progress Total Packets Displays the number of sending packets For example 4 5 means four packets are selected and each one will be sent five times So Colasoft Packet Builder totally sent out 20 packets e Packets Sent Shows the number of packets have been sent successfully Colasoft Packet Builder will display the packets sent unsuccessfully too if there is a packet did not sent out e Process The process bar simply presents an overview of the sending process you are engaged in at the moment 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 133 133
8. Matrix Type Chooses a matrix type Physical Address and IPv4 default Traffic Type Chooses a traffic type Unicast Multicast or Broadcast Sort By Sets the sorting rules e Object Conversation and Node e Value Total Packets Send Packets Receive Packets Total Bytes Send Bytes and Receive Bytes User Hidden Nodes Pane The User Hidden Nodes pane lists the nodes which have been temporarily hidden You can hide the nodes you are not interested in current matrix view Display Hidden Nodes The number in the bracket of the pane head shows the number of hidden nodes In this pane you can restore the selected nodes to the matrix by right clicking in the pane and choosing Show Selected Nodes from the context menu or restore all the hidden nodes by choosing Show All Nodes Hide Nodes 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 91 133 gx Colasoft Matrix Tab Maximize Network Value To hide the nodes select a node right click choose the Hide command from the context menu select This Node Only This Node and It s Peers and Nodes That are not Peers to This Node from the sub context menu Invisible Nodes Pane The Invisible Nodes pane lists the nodes which have been temporarily hidden in the matrix because they do
9. Select Al Selects all items in the list Refresh Refreshes the current list You can double click a packet item to examine packet decoding information in a new window See Packet Tab for details or click Explorer Show Decode and Show Hex to show Decoder pane and Hex pane to view decoding information Protocol Tab The Protocol tab displays the statistics on protocols used by network communications The Protocol tab is described below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 68 133 gs Colasoft Protocol Tab Maximize Network Value Name Bytes Packets BitsPerSecond Packets Per Second Bytes Packets BP Ethernet I Rime 141 729 2 976 Kbps 6 97 063 op Tome 596377 4 95 Kho 4 61763 F 7 T Th i Ba io lel F eH ME I 054 1952 Kops OL 03 30 FP UDP E 20MB 30 927 0 bps 0 35 296 eT ICMP eal 2 252MB 17 272 bps 0 15521 af TCP 5 1 054 MB 2 265 1 952 Kbps 4 7 264 oP Other 0 966 MB 1 690 bps 0 6 661 HTTP 58 375 KB 239 1 952 Kbps 4 0 393 oP HTTPS 16 305 KB 202 0 bps 0 0 110 AIM 11 640 KB 110 0 bps o 0 078 i P POPSYSSL 3 365 KB 24 0 bps 0 0 023 VRRP 518 625 KB 8 718 0 bps OJ 3 491 H IGMP 28 328 KB 455 0 bps 0 0 191 alg Ce brl Bt
10. pkt e HP Uinx Nettl Packet File TRCO TRC1 e libpcap tcodump Ethereal etc cap e Microsoft Network Mintor2 x cap e Novell LANalyer tr1 e Network Instuments Observer V9 0 bfr e NetXRay2 0 and WINDWS Sniffer cap 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 129 133 gi Colasoft Maximize Network Value e Sun_Snoop snoop e Visual Network Traffic Capture cap Another way to create packet is to send packets from Packet tab of a Colasoft Capsa project Send Packet to Packet Builder Ping You may click Move Up or Move Down to rearrange the packets order in Packet List Packet Builder Edit Packets In addition to create packets Colasoft Packet Builder allows you to edit the decoding information in the two editors Decode Editor and Hex Editor The feature of editing decoding information of packet is unique to Colasoft Packet Builder as it is not supported by others packet builder program Decode Editor Users can edit the packet decoding field by double clicking the decoding field The corresponding field in the Hex Editor and Packet List will change with the modification of the decoding E Packet Info 0000 E Packet Number 000001 ICMP E i Packet Length EP Captured
11. PRenesh orki reresnmerrorsamereresnoos Column Header Click to show or hide the lower pane Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the items in the menu of this list Fma O emnene OOOO sean seasann OOOO OOOO Ping Invokes the build in Ping Tool 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 75 133 Physical Conversation Tab gx Colasoft Maximize Network Value ee Relating Tabs There are three tabs show in the lower pane when you selected any protocol item or IP address item in the Node Explorer window IP Conversation TCP Conversation and UDP Conversation Your selection in the Explorer window and the selection in the protocol list will be like filters to get more small items in the bottom tabs These tabs will save your time and clicks to find the statistics you need Read the IP Conversation TCP Conversation and UDP Conversation to learn detailed descriptions of these tabs Physical Conversation Tab The Physical Conversation tab provides you with MAC address conversation statistics Each single conversation record has its source MAC address destination MAC address
12. Toolbar The buttons of the toolbar are listed in the following table Property Diagnosis Address Ne OL 2 il P oS f f Save Events save Saves al othe diagnosis events toa tomarte events Hesshows he Evens pane Renes Glektorereah te protocol iat or sot eesh options Context Menu The following table lists all the items in the menu of the Diagnosis Layer Export Diagnosis Statistics Diagnose Property Refteshes the currentlist Refreshes the current list Diagnosis Address This pane displays all the addresses e g IP addresses and MAC addresses in this pane Toolbar The buttons of the toolbar are listed in the following table 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 66 133 gs Colasoft DIET LONI am Fle Maximize Network Value Save As Add to Name Table NON mL Cee Se J Add to Filter Refresh a cre Context Menu The following table lists all the items in the menu of Diagnosis Address Fin O remenna SSS Retestesthecurentist SSS Refreshes the current list Events Displays the following columns by default Severity Type Layer Event Description Node 1 and Node 2 You can go further analysis on records listed in this tab Toolbar The buttons of
13. 0 0 DNS Host or Domain Does Not Ex Intensity Information DNS Server Error SMTP Server slow response SMTP suspicious conversation SMTP server returned error POPS server slow response POPS suspicious conversation Description POP server returned error Host name or Domain name which client FTP server slow response requests does not exist FTP suspicious Conversation FTP server returned error Possible Reason And Resolution HTTP Client Error 1 Host name or domain name which lient side requests is inexistent HTTP Suspicious Conversation aaa inal HTTP Request Page Not Found 2 Client user requests an incorrect host HTTP Server Returned Error name or domain name HTTP Server Slow Response Dr Tra t 3 Update the address of DNS Server 4 j configuration in local host or network 30000A E Diagnosis Events List In left pane what diagnosis event items you see depend on what analysis modules loaded in the current project You can uncheck a diagnosis event item to disable it and you will not see this diagnosis event in the Diagnosis tab of the Main View Settings You can highlight a diagnosis item on the left pane and customize its settings on the top right pane Different diagnosis items have different settings The general settings are listed below e Type The diagnosis item belongs to one of the following diagnosis type Fault Security and Performance e Color To set the font color of the diagnosis item in the Diagnosis ta
14. 133 gs Colasoft Dashboard Tab Maximize Network Value e In Dashboard tab Click on the top right corner of every graph title to create a new graph e In other statistic tabs Right click any item and choose Make Graph from the pop up menu to create a new graph e In Context Menu Choose Make Graph from the pop up menu to create a new graph Create a New Graph Tab There is already a Default sub tab on the Dashboard Tab which provides five commonly used graphs To get a better view of the new created graphs you can create a new sub tab to organize them Follow the steps below to create a new graph tab If you do not see the Dashboard tab in the Main View go the analysis profile root in the Node Explorer window Then you will see the Dashboard tab Click New Tab button in the toolbar to add a new tab Then enter a name for the new tab Locate the Node You may locate the IP address 192 168 5 24 at many places Node Explorer window tabs in the Main View For example we locate the node in the IP Explorer of Node Explorer window Right click on 192 168 5 24 and choose Make Graph item in the pop up menu Configure Graph Settings The Make Graph dialog appears as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective own
15. It generally takes four steps to start a capture selecting an analysis mode gt making filters gt selecting network profile gt choosing analysis profile gt start See Start Page for more details Colasoft Capsa provides two analysis modes Capture Analysis and Replay Analysis Capture Analysis Captures and analyzes packets from one or multiple adapters in real time Replay Analysis Analyzes saved packets by replaying You can analyze packets to diagnose events happened in your network in the past Network Profile Designed for storing general properties of different networks Different network segments may have their own environment Colasoft Capsa lets you save the most common used properties e g 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 5 133 gi Colasoft New Features Maximize Network Value Fis bandwidth network structure name table and alarms Analysis Profile Provides network application oriented analysis profiles including Full Analysis Traffic Monitor and other commonly used protocol application analysis profiles Furthermore you can create your own analysis profiles to meet you specific demands Network Adapter Unique to the Capture analysis mode displays real time network adapter status and properties
16. Move mouse over the pane you can see the traffic number to understand the traffic trend and peak e Packet Buffer o Buffer Map Shows how much of the project buffer used The total buffer size with the percentage of already used buffer is displayed below the Buffer Map o Export Click this button to open a dialog to save all packets in the buffer o Clear Click this button and a prompt box appears If you are sure to clear all packets in buffer click Sure to clear buffer o Lock Click this button you will only see analysis data from the time you start the capture to the time you click this button Colasoft Capsa however does not stop capturing packets Click Lock again you will see all analysis Statistics again If you click the Start Capture icon in a stopped project all data in this project will be cleared Need those data you should save them to your disk then start the capture System Tab 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 19 133 Maximize Network Value gs Colasoft Main User Interface k od The System tab contains the following groups e Local Engine Settings See Local Engine Settings for details e Resource See Menu button for details e Product See Menu button for details Tools Tab The Tools tab cont
17. Name Bytes Packets Bytes Recewed Packets Receved Bytes Sent Packets Sent A 0010C23 5932CA E 2 250MB 17 242 0EB 0 2 250 MB 17 242 Ga LocalHost E 1 072 MB 2 334 966 693 KB 1 290 131 114 KB 1 044 00 21 9B BC C7 C6 M 1 060 MB 2 341 113 509 KB 961 972 318 KE 1 380 w H 00 19 60 75 8B 49 538 960 KB 1 687 0B 0 538 960 KB 1 687 w H 00 80 F0 88 81 09 529 775 KB 1 560 0B 0 529 775 KB 1 560 cH 00 00 5E 00 01 01 518 625KB 8 718 0B 0 518 625 KB 8 718 a 00 11 D8 6D D0 A6 444 877 KB 2 776 0B 0 444 877 KB 2 776 AF O01D 7D E6 90 87 393 779 KB 2 490 393 779 KB 2 490 0B 0 cB 00 1D 7D 66 95 50 270 820 KB 1 680 270 820 KB 1 680 0B 0 aE 00 1A 4D 67 65 72 266 426 KB 840 266 426 KB 840 0B H O0 0B 6A 8F 08 9F 206 572 KB 1 620 206 572 KB 1 620 0B ES 00 19 60 75 8B 4C 186 709 KB 1 830 186 709 KB 1 830 OB OL atest m Mi Ta COE ma ae afa a 2 It contains the following components 1 Upper Pane Protocol List 2 Lower Pane Relating tabs Protocol List Protocols are displayed in a hierarchical structure as their original packaging orders that help you figure out their upper protocols Each protocol has its own color that you can easily find out your target protocol in the list by color You can click any column header to sort the list to check if there is any abnormal protocol usage The Protocol List contains the following items e Toolbar e Column Header e Context Menu 2010 Colasoft All rights reserved Colasoft
18. TCP Conversation Tab The TCP Conversation tab provides you with all TCP conversation statistics Each single conversation record has its source IP address source port destination IP address destination port packets sent and received packet sizes and communication duration etc This tab contains the following components Endpoint IP Endpoint Physical Conversation IP Conversation TCP Conversa ton UDP Conversation Report ap Global Analysis TCP Conversation 21 Endpoint 1 gt lt Endpoint 2 Duration Bytes lt Bytes Packets Packets gt lt Packets Protocol 192 168 5 24 500 192 168 5 24 500 192 168 5 24 500 192 168 5 24 500 192 168 5 24 500 192 168 5 24 500 192 168 5 24 493 192 168 5 24 500 192 168 5 24 500 www colasoft corm www colasoft com 74 125 15 96 80 66 249 89 103 80 www colasoft com nvwcolasoft com www colasoft cor 64 12 26 89 5190 72 14 203 138 80 72 14 203 100 80 00 00 27 00 00 03 00 01 03 33 067 KB 28 320 KB 23 512 KB 14 600 KB 9 544 KB 5 737 KB 2 516 KB 6 330 KB 4 537 KB 6 171 KB D 3 675 KB 914 E 2 653 KB 1 502 KB 21 330 KB 25 811 KB 17 182 KB 10 063 KB 3 173 KB 1 714 KB 3 320 KE 1 409 KE 2 336 KB 47 41 20 19 16 13 13 10 13 of FFA 24 HTTP HTTP HTTP HTTP Absolute Time 14 23 35 924129 14 23 36 196945 14 23 36 197041 14 23 36 197277 14 23 36 498610 14 23 36 4993
19. Total Broadcast Multicast Drop Average Size and Utilization e Packet Size Distribution lt 64 65 127 128 255 246 511 512 1023 1024 1517 and gt 1518 e Address Physical Address Count IP Address Count Local IP Address Count and Remote IP Address Count e Protocol Total Protocols Datalink Protocols Network Protocols Transport Protocols Session Protocols Persentation Protocols and Application Protocols e Flow Physical Conversation IP Conversation TCP Conversation and UDP Conversation e TCP TCP SYN Sent TCP SYNACK Sent TCP FIN Sent and TCP Reset Sent e DNS Analysis DNS Query and DNS Response e Email Analysis SMTP Connection and POP3 Connection e FTP Analysis FTP Upload and FTP Download e HTTP Analysis HTTP Request HTTP Connection and HTTP Server Top Chart A group of graphs that can be used to graphing the first ten biggest value of a statistic item e Top Physical Group Total Traffic e Top Physical Group Traffic Received e Top Physical Group Traffic Sent e Top IP Group Total Traffic e Top IP Group Traffic Received e Top IP Group Traffic Sent e Top Physical Address Total Traffic e Top Physical Address Traffic Received e Top Physical Address Traffic Sent e Top IP Address Total Traffic e Top Local IP Address Total Traffic e Top Remote IP Address Total Traffic e Top IP Address Traffic Received e Top IP Address Traffic Sent e Top Local IP Address Traffic Received e Top Local IP Address Traffic Sent e Top Remote IP A
20. You will be required to reactivate product if you reinstall operating system or use Colasoft Capsa on another PC Activation Guide The product activate process is very important to against privacy To activate Capsa you need to correctly enter the serial number a dialog will appear to require you to activate your product You may choose to activate product over the Internet or by fax or email Colasoft Capsa 7 Activation Guide A PTT Welcome to Colasoft Capsa 7 Activation Guide Colasoft j You haven t yet activate Colasoft Capsa 7 You will not be able to use ps itt ntl a successful activation Activate now Select and click Next to continue Please contact Activate online Recommended Activate by fax or e mail Within two business days Click the button if you want to update your authorization info before e Activate product over the Internet recommend It is very quick and easy the activation process will only take a few seconds with a couple of clicks e Activate by fax or email If you select to activate product manually it will need more time to finish Please send us via email or fax the Serial Number and Machine Number After receiving your request we will get back to you with a Activation Number Enter the Activation Number into the textbox as required your product will be activated immediately 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or r
21. packets sent and received packet sizes and communication duration etc This tab contains the following components Dashboard Physical Endpoint IP Endpoint Physical Conversatior Endpoint 1 gt 00 0 F FE0L 2A7C 00 04 EB E9 E8 2A 00 13 8F 6B 7 0 99 00 00 5E 00 01 01 00 E0 4C 87 4B 19 00 16 40 91 D1 EF 00 11 08 60 D0 A6 00 1 0 25 59 32 CA lt Endpoint 2 FRFRFRFRFRFF FRFRFRFRFRFF FEFEFRFRFERFF 01 00 5E 00 00 12 FEFEFRFRFRFF 01 80 C2 00 00 00 FEFEFEFRFFRFF 00 1 0 7 D E6 90 B7 ee ie ie teenie r FF FF FF FF FF FF FF FF FF FF FF FF 00 19 E0 75 8B 4C 00 20 ED AA0D 04 00 11 08 94 46 58 00 10 23 5 93 amp ACA TP Conversation TCP Conversation A DF Duration 00 34 44 00 34 47 00 34 44 00 35 16 00 34 46 00 34 43 00 34 46 00 34 43 00 34 44 00 34 47 00 34 43 Bytes 1 464 MB 1 008 MB 606 500 KE 518 625 KB 437 334 KB 202 148 KB 446 752 KB 393 779 KB 125 813 KB 222 746 KB 166 709 KB Bytes gt 1 464 MB 1 008 MB 606 500 KB 516 625 KB 437 334 KB 202 148 KB 446 752 KB 393 779 KB 125 813 KB 222 746 KB 166 709 KB 23 983 16 516 9 704 6 718 5 795 3 450 2 406 2 013 1 988 1 830 2 490 23 983 16 516 9 704 8 718 5 795 3 450 2 806 2 490 2 013 1 988 1 830 Duration Endpointl gt Endpoint 2 1010 0 9 138 10 10 3 255 138 10 10 0 9 67 255 259 255 259 68 101009137 10 10 3 255 137 Bytes Bytes gt Bytes Packets Packets gt Pack
22. 4 4 7 FrontPage 5 0 2 2635 mod 3381 2 6 31 OpenSSL 0 93 7a e Toolbar e Context Menu 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 82 133 gs Colasoft TCP Conversation Tab Maximize Network Value You may get unreadable symbols because some data are segments or encrypted in transmission Toolbar The following table lists all the items on the toolbar Flow Direction Save NO N TERO Z Z Flow Direction Click to choose one of the three direction types Bidirectional Node 1 to Node 2 and Node 2 to Node 1 to display flow of both direction flow from Node 1 to Node 2 or flow from Node 2 to Node ile Show Packet Count By default only the first 50 packets of a conversation are displayed You can choose a larger Limit in Each Flow value to display more data if a conversation has more packets than 50 Save Click to save the content to disk as a txt format file Refresh o Click to refresh the flow content or set the refresh options Packet Counter Shows the number of packets in the conversation Context Menu The following table lists all the menu items of this tab Finds next result of your entry Selects the whole content Refreshes the flow content Still you can read Time Sequence to get more help on
23. Click the New button the Attribute pane appears 2 Enter Tracert in Title textbox as its name 3 Enter the path of the program in Command C IWINDOWS system32 tracert exe or click to choose the path 4 Click ia after Parameters textbox The External Tools Parameter dialog appears Extemal Tool Parameteciii 5 Click the Macro gt gt button to view the details 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 110 133 olasoft Maximize Network Value External Tools Parameter Colasoft Capsa lists the parameters IP Address Physical Address Port and Protocol in the window You can add a parameter by selecting it s name and clicking the Insert button If the parameters did not list you can enter the parameters into the upper window manually like as d h j and w in Tracert command Every parameter should be separated with a blank space 6 Choose the IP Address and click Insert and then click OK to save the settings and back to the External Tools Management dialog Now you can find Tracert icon in Tools tab of the Ribbon Click it to open tracert command Analysis System Tools View i Tool Ping Packet Packet MAC Settings Player Builder Scanner Tools In addition you can execute to tr
24. Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 22 133 Maximize Network Value gs Colasoft Main User Interface k og KETTA E a oe Protocol Explorer 2 S ue Ethernet 802 2 2 ts Physical Gaan B La Local Segment 41 Go Broadcast Addresses 1 B b A Multicast Addresses 19 B P Private use Networks 1 GS 192 168 0 0 16 43 Multicast Addresses 2 S A Broadcast Addresses 1 The Node Explorer window contains the following components Nodes Root Nodes The hierarchy has three root nodes figure below e Physical Explorer e IPv4 Explorer e Protocol Explorer You can expand and collapse the hierarchy by keyboard press UP or DOWN ARROW key to move up or down on the nodes press LEFT ARROW key to collapse the structure till root node and press RIGHT ARROW key to expand to the sub nodes till last node Traffic Direction Icon You may notice arrow icons before each node with different directions and colors The green arrow indicates the node is transmitting packets the gray arrow completed transmission The upper arrow indicates packets transmitted in the below one indicates packets transmitted out from the node Address Type Icon Before transmission arrows there are icons indicating the address type of the node specifying that the address
25. Dismissed Alarm Click to dismiss an triggered alarm Property Click to open the Network Profile to manage the alarms See Network Profile Alarm for details You can open Alarm Settings by double clicking an alarm Alarm Notification Area When the Alarm Explorer window is closed the Alarm Notification Area is used to display the real time triggered alarm information The Alarm Notification Area is described below A Alarm Bplorer O0 O00 1 ut You can click the Alarm Explorer button to open the Alarm Explorer window The three bubbles represent three alarm types Security Performance and Fault 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 103 133 gx Colasoft Alarm Explorer Window Maximize Network Value The digits following the bubbles show the number of triggered alarms of the alarm types Alarm Pop ups An alarm triggered or dismissed a pop up fades in to attract your attention and shows you the number of triggered alarms Global Traffic Total occurred S Global Traffic Total resolved Click here to view alarms log Click here to view alarms log You can click the link Click here to view alarms log to view alarm logs See Alarms to read about saving alarm logs Pop up shows and keeps for onl
26. FF FF FF ff oa 06 00 PERRET NOOF 01 08 OO 06 04 00 01 GE GG GU staviewesuwcuws 001E 00 00 00 00 00 00 OO CD GG GO ssinsannnnanana 002D 00 00 o0 00 oo oo o0 GO GG D eistciwccee wwe Packet Builder enables Checksum by default and entries the calculated checksum automatically You can click to disable auto calcuoate checksum and enter your value manually 65535 46 2 E Checksum OXAFE Error should be OXAFDF 50 2 E Urgent point a 52 2 Packet Builder Send Packets In addition to build packet Colasoft Packet Builder supports sending packet too This feature allows users to define many parameters than the Send Packet feature in the Packet tab such as define the interval between every packet and the delay between loops Click send or Send All to open the Send Packet dialog Send All Packets Apti Adapter Realtek RTLS168C 8111C PCI E Gigabit Ethernet NIC T Burst Mode no delay between packets Pl Loap sence Sey Delay Between Loops 1000 H milliseconds Sending Information Total Packets You need to set the following options Select Adapter 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 131 133 gi Colasoft Maximize Network Value You need to select one adapter for sending packets for no ada
27. General Network Name A Group Table Settings Network Profile a The Name Table tab appears as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 41 133 Pr Colasoft Network Profile gt d Maximize Network Value General Network Group Name Table orre Global Traffic Total on Fault Global Traffic Broadcast Save into folder Prefix name Buttons e Enable all Click to enable all the alarms in the list e Disable all Click to disable all the alarms in the list e Inv select Click to disable the checked alarms and enable the unchecked ones in the list e Properties Click to open the Edit Alarm dialog to modify the highlighted alarm e Delete Click to delete the highlighted alarm e Import Click to read the alarm settings from an clalam file e Export Click to save the alarm settings to an clalam file Save Options Save triggered alarm records to a file are useful for your later evaluation since you may not always stay with the machine For example you set up some alarms then you leave the computer When an alarm triggered the program saves the record to a txt file You can open the text file and examine the records e Save into folder
28. LT m N a E d F EL rLL Trek Tle SUTE Er ATT TEL OCO Lo _resource images support f Query www google analytics com Success GET http www colasoft com online_resource images Teedback GET http www colasoft com online_resource images online _res Query www colasoft com cn Success GET http www colasoft com online_resource OnlineResource css GET http www colasoft com cn Query us imshell net Success GET http www colasoft com online_resource images online_res GET http www colasoft com online_resource images online_res GET http usamshell net gol htm MV 14 0 8089 7265V 5 4 12 21 GET http www google analytics com _ utm giffutmwy 1 3utm GET http www google analytics com _ utm giffutmwy 1 3utm GET http feeds feedburner com seomoz GET http 113 108 81 230 GetFile GET http 115 108 61 31 GetFile GET http feeds feedburner com seomoz GET http feeds feedburner com seomoz Query crl netsolssl com Success GET http feeds feedburner com seomoz e Log Types o Global Log o DNS Log o Email Log o FTP Log o HTTP Log 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 96 133 gt Colasoft Maximize Network Value o MSN Log o Yahoo Messenger Log e Toolbar e Context Menu Click the links abov
29. Length _ Ethernet Type II 0 14 n a Destination Address 00 D2 41 26 3F SER if Source Address OO 14 85 CA E5 22 6 6 E LP Protocol ox0goo Internet IP IPv4 12 2 SP Se D ies g IP Internet Protocol 14 20 4 i sen E Version 4 14 1 OxFoO L Header Length 20 Bytes 14 1 Ox0F E A Differentiated Services Field a 9g 15 1 OxFF b Differentiated Services Codepoint 0000 00 15 1 OxFc seve Transport Protocol will ignore the CE bit 0 Ignore 15 1 0x02 m a 7 ll EE E t Packet Builder will validate the entries in the editor It will popup a window to inform you if the entry is incorrect and undo the modification You may save the incorrect entry with the click the Esc key if you confirm the entries though Colasoft Packet Builder Hex Editor The Hex editor displays the actual packet contents in raw hexadecimal on the left and its ASCII equivalent on the right For you 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 130 133 olasoft Maximize Network Value convenience both the Hex and ASCII are changeable The Hex used for modifying the hexadecimal code while the ASCII used for changing the packet text p000 FF FF FF
30. Options Anaki Obid Ten Packet Buffer EEE Log Settings Diagnosis Settings laa When buffer is full Save to Disk V Enable auto packet saving V Limit each packet to Single file Multiple files Save into folder Prefix name Split file every O Keep all files This page contains the following two parts Packet Buffer Packet Buffer has the following two settings Packet buffer size By default the packet buffer size is 16 MB You can change the value but you should take the size of your system memory into consideration If you need to save all the packets in buffer just click Export button in Packet Buffer group of the Ribbon or click the Export button in Packet tab You are recommended to set the packet buffer size less than half of your computer s physical memory You could start at 64 MB then enlarge it if necessary Packet buffer mode When the captured packets fill up the packet buffer you have specified Colasoft Capsa will do one of the followings e Discard oldest packets circular buffer It is recommended to discard the oldest packets when the packet buffer is full Colasoft Capsa will store new packets and 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 45 133 gs Colasoft Analysis Prof
31. OxFF gP Total Length 323 323 Bytes 16 2 eP Identification OxLFED To view the decode information of the current packet press the Decode View icon in the toolbar to open the pane or double click on the packet to open the Packet Decode window The Filed Decode pane presents information based on the protocol used in packet transmission click on the minus or plus signs in the margin to collapse or expand the hierarchy of any header section Context Menu The following table lists all the items in the menu of the Field Decode pane Hex Decode Pane OA EB ES EB 2A 08 OO 46 68 90 5D 08 00 45 00 00 1F E1 40 00 80 06 AA FE CO AS 01 80 7D 1F FO A8 97 74 CA BE 22 B8 85 39 5E 4A A 50 11 FE 51 3A oo oo g This pane interworks with the Field Decode pane when you select a portion of packet content in the Field Decode pane Colasoft Capsa highlights the selected portion and the corresponding Hex data and ASCII EBCDIC data in this pane Context Menu The following table lists all the items in the menu of the Hex Decode pane Copies the data and puts it on the clipboard 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 95 133 aae Log Tab Logs are provided by different analysis modules which focus on recording d
32. TCP conversation analysis Time Sequence Tab Time Sequence displays the TCP conversations in arrow style in time order You can read these arrows to understand TCP communication and analyze the following scenarios e Communications between two nodes e Check if there is any TCP port scanning e Check if there is any password decoding action via TCP e Check if there is any worm virus attack via emails e Check if there is any little size packet with long time communication IM communicates with HTTP proxy With analyzing these diagrams you will understand the original operations of the connections and go deeper to analyze content and steps of TCP connections 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 83 133 olasoft Maximize Network Value 197 168 5274 5 Window 81972 Window 5640 Seg A Seq 1 Ack 0 Next Window 260 Seg 1 Ack 0 Next Window 260 Window 1 95 Window 1 95 Window 1 95 seq 671 Ack 2904 Window 260 Window 1 95 Window 1 95 Seq 671 Ack 5808 Window 260 Window 1795 Seq 671 Ack 7260 Window 260 Window 1 95 Window 1 95 Seq 671 Ack 1016 Window 260 Window 1795 Window 1 95 The Time Sequence tab contains the fol
33. TELNET Colasoft TELNET Decoder Finger Colasoft FINGER Decoder SSH Colasoft SSH Decoder Gopher Colasoft GOPHER Decoder ICP Colasoft ICP Decoder BGP Colasoft BGP Decoder COPS Colasoft COPS Decoder QQ Colasoft Tencent QQ Decoder Colasoft MSN Decoder fC anlaent BITTMBBERIT Mernder Buttons e Enable All Click to enable all decoders e Disable All Click to disable all decoders Dashboard Tab The Dashboard tab is a new feature of Colasoft Capsa visible only when the analysis profile root in the Node Explorer window selected It provides a great many of statistic graphs from global network to a specific node You are able to as well create almost any kind of graph based on any MAC address IP address and protocol etc With these graphs you can easily find out anomalies of the network and get useful statistics 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 57 133 Maximize Network Value gi Colasoft Di T jal eleysiae mm F To d Summary Diagnosis Protocols Physical Endpoint IP Endpoint Physical Conversation IP Conversation 4 PEA o i ee a e Weel E Global maraa Physical Baies x Global Top IF IP Prr by Bytes 195 313 KB 195 313 KB OB 0 B Global Top Application Pr
34. Value Log Type Add to Filter Auto Scroll DNS Log al S bg El e gt Expot Locate in Node Explorer Refresh The following table lists all the items on the toolbar Log Type Click the little triangle to choose a log type in the list and only this type will be listed Simply click the button will hide the Log Type pane and click it again to bring it back Export Click to export all items in conversation list as a txt format file to your disk Add to Filter Click to create a filter based on selected item Locate in Node Click to locate the highlight node address in the Node Explorer window Explorer The log list will display the newest record always if check this button But when you select an item in the view this button will stop execution until you check it again Refresh Click to refresh the log list or set the refresh options Log Record Shows the number of logs in the list Counter Context Menu The following table lists all the items in the menu of the Log tab open opens eNotes URL Oniy oickabie in HTTP Log Type Fna emenn OOOO S saen T Secs atemsnihelst reren T Rashes he nena Pins Invokes the buildin Ping Tool 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 98 133 gx Colasoft Report Ta
35. aie etnelaeiaecnecanaanes 20 MOGE E PIEI NOON reece e ate ecee ratte techn ane ese boa acide E a a E nuaaiatiniyt 22 UPN EE T E E E E E E E A T E ET EEPE E E E ET EE E TE A A vee sdaseneonneseets 24 Sei A E 1 AE N EA E E E AE E ANE EAE EA E E E EAE E E EA E EAE ES 25 CHOOSING NEW ACAI serere n E T T T tose etosscts 27 Using Filters a ceccaeenatracnasea aeennea cnet saoncrauacetcscniaanepenacehaicisaaiisitosehaaainned he kusdupbanct stoners aacdhcechhad a meting bnmuasoncanacthoedeins ba nebanbbienisamindbnecehiantandtaioninebzant 28 DE FIE cre marge acacia E T teenie 7iat asd wassee E T E E sagceasene seemed E E 30 PUN AM SUN SUS ese E E T EE E S S T 33 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 2 133 gx Colasoft Content Maximize Network Value ME WOTE EO I a teste E etait stearic A EE e a nb eater c ante ese E E E E E O E E eet 35 Genera US ae E E E E E N E 36 Bi I e E E E E T E E E E E inate E E E A E E E T E E or Name TADE eee ee A T ee Eee ee ene eee ene 39 PAU MM a TUNING eisai caer E a E a E vacate ederim E E eda niotiuantaaanuenny E 41 AnaY SIS PONG CONG eee E E AE EE E E E REEE E E AEE AE TEE E E EE E E EEE 43 PV SIr e E E E E A E E E E E A E E 44 PA T E E E ee T ee ee ee 44 Log SettiNGS cccccccccccceesssseeeeeece
36. an unlimited number of individuals You may NOT install and use the SOFTWARE PRODUCT ona computer other than the first computer you installed the SOFTWARE PRODUCT on For running this SOFTWARE PRODUCT on additional computers requires additional licenses 2 5 Seat License A 5 Seat License grants you the right to install and use the SOFTWARE PRODUCT on five computers and provide access for an unlimited number of individuals with one single license key You may NOT install and use the SOFTWARE PRODUCT on a computer other than the first five computers you installed the SOFTWARE PRODUCT on For running this SOFTWARE PRODUCT on additional computers requires additional licenses 3 Site License A Site License grants you the right to install and use the SOFTWARE PRODUCT on an unlimited number of computers and provide access for an unlimited number of individuals with one single license key at a single organization location To use the SOFTWARE PRODUCT in remote locations such as branch offices requires separate licenses 4 Global License A Global License grants you the right to install and use the SOFTWARE PRODUCT on an unlimited number of computers and provide access for an unlimited number of individuals with one single license key at any organization location worldwide Not For Resale Copies If the SOFTWARE PRODUCT is marked as a Not For Resale NFR copy you may not sell or transfer the usage license of the SOFTWARE PRODUCT for any kind of payment An NFR c
37. by step It contains the following parts 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 15 133 gx Colasoft Getting Started Maximize Network Value 1 Analysis Mode See Capture and Replay 2 Network Profile 3 Analysis Profile 4 Settings Overview These parts aim at leading you to start an analysis mission at your need It will really save your time in finding useful analysis results in countless analysis item See Start A Capture to read how to start an analysis project F kor Colasoft Capsa 7 Home Page EX Tech Forum About Adapter Adapter Mane IP Packets s Local Area Connection Local Area Connection 197 168 5 24 1 Packet Filter ie Local Area Connection 2 0 No filter selected accept all packets Packet Filter Settings Network Profile W Network Profilel Network Profile Analysis Profile W Security Analysis To provide dedicated analysis of potential security risk a Network Profile Network Profile Network Profiled Plugin module loaded LOOM 10M 2M ARP RARP DNS Email FTP Te Full Analysis Traffic Monitor Security Analysis Settings Overview This section tells your settings on the parts of the left side You can go over this part to reexamine your settings before you
38. captured including the communication between any two hosts in LAN 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 8 133 gs Colasoft Installation and Deployment Maximize Network Value Router a Colasoft Capsa Network Analyzer Server Server Switched network managed switches Port mirroring Switch is a network device working on the Data Link Layer of OSI Switch can learn the physical addresses and save these addresses in its ARP table When a packet is sent to switch switch will check the packet s destination address from its ARP table and then send the packet to the corresponding port Generally all three layer switches and partial two layer switches have the ability of network management the traffic going through other ports of the switch can be captured from the debugging port mirror port span port on the core chip To analyze the traffic going through all ports Colasoft Capsa should be installed on this debugging port mirror port span port Internet Analysis Port Router gt Colasoft Capsa ae Network Analyzer Managed Switch Server A Server B Switched network unmanaged switches Some switches do not have the network management function So there is no mirroring port as well You
39. conversation statistics However if you check the Physical Conversation in the Analysis Object column but disable its corresponding Analysis Protocol you will find the Physical Conversations tab in the Main View is empty when you select a second layer protocol such as ARP Analysis Profile Options Packet Storage Log Settings Analysis Object Diagnosis Settings kA Network Protocol kA Physical Address 4 Local IP Address Remote IP Address kA Physical Address Group 4 IP Address Group Physical Conversation IP Conversation TCP Conversation UDP Conversation z apai You can read Analysis Profile Options to learn how to open the Network Object dialog Packet Storage Colasoft Capsa captures traffic on the network and stores the analyzed packets into the buffer You will find all the packets in the buffer on the Packet tab Therefore the buffer size decides how many packets you see in the Packet tab You can set the size of the dedicated buffer and configure to save the captured packets to packet files to disk 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners Ade 133 gi Colasoft Analysis Profile Options Maximize Network Value You can read Profile Options to learn how to open the Packet Storage dialog Analysis Profile
40. for splitting the file if the file size is too big You can split files by time or file size months days hours minutes KB MB and GB o Keep all files Saves all split files in the defined save path o Keep the latest Specifies the number of most recent files for saving Log Settings Colasoft Capsa can analyze and log the application layer traffic e g DNS HTTP Email FTP traffics and also monitors MSN and Yahoo Messenger chatting messages This page allows you to set to get more useful logs of these traffics and save the logs to disk You can read Analysis Profile Options to learn how to open the Log settings dialog 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 46 133 gs Colasoft Analysis Profile Options Maximize Network Value Analysis Profile Options Analysis Object Packet Storage HTTP Log progsenng Log Buffer Sze KB Diagnosis Settings Apache log Extended log This page contains two panes e The left pane list all the log types from the loaded analysis modules of the current analysis profile You can uncheck to disable a certain type of log e The right pane display the settings of the highlighted log type in the left pane Different analysis profiles have different log types Becaus
41. is completely anonymous When you activate Colasoft Capsa by fax or email you are required to send the serial number and installation ID number displayed 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 12 77 133 gs Colasoft Installation and Deployment Maximize Network Value on your screen to Colasoft The installation ID number includes an encrypted form of the product ID and a hardware hash or checksum No personally identifying data is included or required The confirmation ID is simply an unlocking code for the Colasoft Capsa installation on that particular PC The information that you provide will be securely stored by Colasoft and will be protected from disclosure to any third parties without your consent During the product activation process Colasoft creates a unique hardware identification that represents the configuration of the PC at the time of activation The hardware identification does not include any personal information any information about software or the data that may reside on your PC or any information about the specific make or model of your PC The hardware identification identifies only the PC and only for the sole purpose of product activation Colasoft Capsa can detect the minor changes to your PC configuration
42. items in different tables with statistic numbers and some with bar charts You can switch among the nodes in the Node Explorer window to get specific report to the selected node The Report View has the following four parts e Report Title e Report Index e Report Body e Report Footer Report Title The Report Title has four components e Title Based on your customized title See Report Settings and the title of the selected node in the Node Explorer window e Company Name Shows the name of your input company name See Report Settings e Logo An image that works as a report logo See Report Settings e Time of Generation Displays the time of generation See Report Settings Report Index What report items are available depend on your selection in the Node Explorer window Only available report items show in the Report Index All the report items are listed below s Protocols Statistics Summary Statistics Top 10 Remote IP Address Top Application Protocols Top IP Address Top Physical Address NDAY N Diagnosis Statistics 8 Top Local IP Address You can choose to enable or disable a report item see Report Item Select for details You can click any of the report items in the index to move to the detail report in the Report Body Report Body The Report Body is the main part of the report It consists of multiple tables statistics and bar charts Some report item contains many sub report items With the bar charts t
43. need not Administrator needs to decide which machine to install Colasoft Capsa Installation on different nodes total captured packets number may differ Therefore you are recommended that you install or connect Colasoft Capsa to the central switch equipment so that Colasoft Capsa will capture packets of your entire network to have a comprehensive monitoring and analysis Of course you can use a TAP to capture packets and analyze any network segment Here we introduce you some common topology environments that Colasoft Capsa could have a sufficient monitor and analysis Shared network Hub A shared network is also known as hubbed network which is connected with a hub Hubs are commonly used to connect segments of a LAN When a packet arrives at one port it is copied to the other ports so that all segments of the LAN can see all packets A passive hub serves simply as a conduit for the data enabling it to go from one device or segment to another So called intelligent hubs include additional features that enable an administrator to monitor the traffic passing through the hub and to configure each port in the hub Intelligent hubs are also called manageable hubs A third type of hub called a switching hub actually reads the destination address of each packet and then forwards the packet to the correct port With a shared environment Colasoft Capsa can be installed on any host in LAN The entire network data transmitted through the Hub will be
44. node You can choose to display them in 2D or 3D style of line chart or area chart New feature of this report allows you to create reports on you demand The Alarm Explorer window displays all created alarms by catogory and provides real time popup alerts of anomalies to inform you to timely solve the problem You can find the Status Bar figure below at the bottom of an analysis project which presents you general information of the current project Capture Full Analysis W Local Area Connection F Inactive Duration 00 26 34 72658 G0 Ready p 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 25 133 gs Colasoft Main User Interface k od Maximize Network Value Analysis Mode amp Analysis Profile The name of your selected analysis mode and analysis profile are displayed at this place You can click it to open the Analysis Options dialog to configure settings See Profile Options for more details Selected Adapters The number of your selected adapters displays here by clicking it Select Network Adapter dialog appears and allows you to select adapters See Choosing Network Adapter for more details If you check new or disable an adapter Colasoft Capsa will clear the buffer and data to restart new ca
45. on wew colasoft com AA oZ s y Oo oO JUJ Lom a S eee AT 2009 12 7 17 43 13 Reply form www colasoft com bytes 64 time 251ms TTL 52 2009 12 7 17 43 15 Reply form www colasoft com bytes 64 time 243ms TTL 52 2009 12 7 17 43 16 Reply form www colasoft com bytes 64 time 252ms TTL 52 2009 12 7 17 43 18 Reply form www colasoft com bytes 64 time 250ms TTL 52 2009 12 7 17 43 20 Reply form www colasoft com bytes 64 time 374ms TTL 52 2009 12 7 17 43 21 Reply form www colasoft com bytes 64 time 251ms TTL 52 2009 12 7 17 43 23 Reply form www colasoft com bytes 64 time 312ms TTL 52 __ 2009 12 7 17 43 24 Reply form www colasoft com bytes 64 time 272ms TTL 52 r lf Packets Lost 0 0 loss E Response time Minimum 242ms B Response time Maamum 548ms B Response time Average 296ms CAP NUM SCRL Ping multiple domain names 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 114 133 olasoft Maximize Network Value a WAN pn google com Colasoft Ping Tool Colasoft Capsa f Packet Analyzer www colasoft com ii www google com A y i of ee ZEAE O EJAZ EE S T A008 AOT 17 4422 A008 20T 17 44 32 A008 2 07 17 44 42 a S 4
46. packets attack or flood attack Address Statistics on the number of MAC address Abnormal too big number MAC flooding attack TCP IP address local address and remote flooding attack etc address Protocol Statistics on the number of protocols used ie in communication Flow Statistics on physical IP TCP and UDP TCP Statistics on TCP connection packets Large number of TCP SYN packets port scanning nl TCP SYN flooding attack DNS Analysis Statistics on DNS queries request and Email Analysis Statistics on SMTP and POP3 connection Large number of connections Worm FTP Analysis Statistics on FTP uploading and downloading HTTP Analysis Statistics on web browsing communication Diagnosis Tab The Diagnosis tab presents the real time diagnosis events of global network by grouping them to protocol layers or security level Colasoft Capsa diagnoses your network from the captured packets and lists all diagnosis events In this tab all diagnosis events are sorted by network layers You can get more information on happening IP address MAC address detailed descriptions and possible reasons for the highlighted diagnosis event 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 64 133 gx Colasoft DIET IONICE E o Maximize N
47. property of their respective owners 53 133 gx Colasoft System Options Maximize Network Value Customize Prefix Enable this item disabled by default enter a name into the textbox which will be added before all report title as a prefix You can find it on the top left corner of a report in title area Customize Author Enable this item disabled by default enter the name of whoever generate the reports which will be displayed on the bottom right corner of reports Display timestamp This item enabled the time when a report is generated will be displayed on the top left corner of the report This item is disabled by default with nothing shown in that area Maximum entry in Top X Specifying this item you can decide how many items will be listed in Top X reports 10 items by default You can only use number from 1 to 30 System Options To open the System Options dialog do any of the following e Click the System Options icon on the top of the Start Page e Click the System Options button in the System tab of the Ribbon e Click the Menu button and click Options on the bottom right corner of the menu The System Options dialog appears as below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 54 133 olasoft S
48. the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 69 133 gi Colasoft Protocol Tab Maximize Network Value Toolbar The following table lists all the items on the toolbar Expot Add to Filter Refresh as 21 bo Z Z Details Locate CO ie proton sso a oma Demis Chktoshowortietelonerpane O Retresh Protocol Counter Click to refresh the protocol list or set the refresh options Protocol Counter Shows the number of all protocols in the list Column Header Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the menu items in the list Reteshesthecunentist SSS Refreshes the current list Relating Tabs What tabs show in the bottom pane depends on what you selected in the Node Explorer window These tabs provide the most relating statistics to your selection For example You will have IP Conversation TCP Conversation and UDP Conversation tabs when you selected an IP address in the Node Explorer window Your selection in the Node Explorer window and the selection in the protocol list will be like filters to get more small items in the bottom tabs These tabs will save your time and clicks to find the Statistics you need Read the c
49. the Protocol Filter dialog find protocols by the first alphabet of the protocol name and then select protocols by checking the corresponding check box and click OK to confirm your selection The selected protocols are listed in the pane at the bottom of the Simple Filter page you can delete a protocol item from the list with the Remove button 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 591 02 olasoft Filters Maximize Network Value Rule Advanced Filters In addition to make simple filters by address port and protocol you can set packet size packet value packet pattern and logical relations as filter parameters to create advanced filters The filters you created will be arranged in a filter relation map The map shows you the logical relations among the conditions from adapter to Colasoft Capsa project For advanced filters have more filter conditions than simple filters simple filters can be converted to advanced filters Some filter conditions however will be lost if you convert an advanced filter to a simple filter For example you can create an advanced filter to monitor BT downloading in a network segment as figure below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among th
50. this button to reset all parameters to default position Colasoft MAC Scanner Colasoft MAC Scanner is a scan tool used for scanning IP addresses and MAC addresses in a local network It sends ARP queries 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 116 133 Maximize Network Value gi Colasoft to specified subnet and listens to the ARP responses to get IP addresses and MAC addresses very fast scanning you can also change the number of scanning thread to get better efficiency There are two useful new features added Database lets you save your scan result here for later IP address and MAC address comparison Add to Name Table With allows you add IP address MAC address or both to Name Table directly To start Colasoft MAC Scanner do one of the followings Choose Tools tab of the Ribbon click MAC Scanner icon in the Tools group figure below Choose Start gt All Programs gt Colasoft Capsa 7 1 gt Capsa 7 0 Toolset gt MAC Scanner Choose Start gt Run enter cmac and click OK Analysis System Tools Tool Ping Packet Packet MAC Settings Player Builder Scanner Tools 5 ENS as ch Local Subnet 192 168 5 0 255 255 255 0 IP Address MAC Address _ 192 168 5 2 _ Ei
51. to a selected conversation By default it has the following columns No Absolute Time Source Destination Protocol Size Decode and Summary The Packet List contains the following items e Toolbar e Column Header e Context Menu Toolbar The following table lists all the items on the toolbar Export Click to export selected packet items or all items in the list to a packet file Move Click to highlight the previous or next packet in the list Up Down Packet List Click to show the Packet List pane Show Click to show the Field Decode pane Click to show the Hex Decode pane Layout Click to select a layout of these three windows from the three predefined layouts By default the packet Decode decode information are showed at the bottom of this tab The packet list will display the newest packet always if check this button But when you select an item in the view this button will stop execution until you check it again Packet Shows the number of packets in the list Counter Column Header Right click a column header you can select more columns to show in the list Choose Reset to get showing columns back to default Context Menu The following table lists all the items in the menu of this list Decode in New Opens a new window to show packet decode information alternately you can double click on the Window packet Copy Ctrl C Copies the selection in original format to the clipboard Copy Column Copi
52. to open the Network Profile dialog Then follow the steps of the first way The Edit Alarm dialog appears as follows Edit Alarm Global Traffic Total When lt and last Se seconds then dismiss Top10 Traffic Statistics Top 10 IP Address by Packets Top 10 IP Address by Bytes _ Top 10 Physical Address by Packets Top 10 Physical Address by Bytes Top 10 Application Protocols by Packets _ Top 10 Application Protocols by Bytes You can only change Alarm Type Severity Value Type Trigger Condition and Disable Condition in Alarm Settings dialog Other options are unalterable If you need to modify an alarm please delete it and create a new one 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 106 133 gi Colasoft Analysis Profile Maximize Network Value Analysis Profile Analysis Profile Overview Colasoft Capsa defines analysis profiles as containers of different analysis modules This structure can make sure every analysis profile provides flexible extensible and effective analysis performance Combining different modules together network engineers can easily get a wide variety of statistics data of their entire network and to find out network anomalies loan To follow the pac
53. toolbar are listed in the following table Export Locate in Node Explorer N E F mle Z Add to Filter Refresh COE 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 67 133 gi Colasoft Protocol Tab Maximize Network Value Refresh Retreshes the current view Event Counter Sums up the total number of records in the tab Context Menu The following table lists all the items in the menu of Event pane Packets in New Opens a new window to show packet decode information alternately you can double click on the Window packet Copy Copies the selection in original format to the clipboard Saves all of the addresses to disk as a txt format file Find Finds your entry word in the tab Address Resolve Resolves the host name of your selected item With the resolved name you can easily find the machine in your network Make Filter Opens a new dialog to make a new filter on the basis of the selection Add to Name Table Add an alias for the selected node to the Name Table Make Graph Generates a new graph item in Graph tab based on the selected item Make Alarm Generates a new alarm item in Alarm Explorer window to alert you anomalies based on the selected item Locate in Node Locates the current node in the Explorer
54. 0 B 136 136 Olle 192 168 5 207 Le 192 168 5 25 00 05 02 192 B 192 B 06 2 2 192 168 5 8 amp 137 192 168 5 5 00 03 12 384 E 384 E 06 4 4 192 168 5 103 1 192 168 5245 00 02 49 2384 B 384 B 06 4 4 192 168 5 6 138 192 168 5 25 00 02 18 501 B 501 B 06 2 192 168 5 107 1 192 168 5 00 00 19 1 125 KB 1 125 KB 0 E 12 12 192 168 5 24 64 220 181 9 16 00 00 10 1 118 KE 457 B 686 B 4 2 197 168 5 1051 197 168 5245 00 00 01 208 B 268 B 06 3 3 192 168 5 24 137 192 168 3525 00 00 01 266 B 288 B 0 E 3 3 192 168 5 24 51 202 98 96 68 00 00 00 376 B Fa 298 B 2 1 192 168 5 24 59 202 98 96 68 00 00 00 256 B 2 192 168 5 24 54 224 0 0 252 00 00 00 136 E 2 66 5 24 00 61 139 2 69 53 00 00 00 355 B 2 192 1 Protocol Absolute Time Source 14 26 26 628770 1927 168 5 4 138 14 26 28 128859 192 168 5 4 138 14 26 29 628957 192 168 5 4 138 14 26 31 129071 192 168 5 4 138 Destination Decode Summary 247 247 247 NEDGM NBDGM NBDGM 192 168 5 255 138 192 168 5 255 138 192 168 5 255 138 Src 138 Dst 138 Len 2 S rc 138 Dst 138 Len 2 Src 138 Dst 138 Len 709 1426 39 679353 192 168 5 4 138 192 168 5 255 138 NEDGM 247 Src 138 Dst 138 Len TIL 1427 20 7213360 192 168 5 4 138 192 168 5 255 138 NEDGM 247 Src 138 Dst 138 DA 609 14 27 30 734770 192 168 5 4 138 192 168 5 255 138 NEDGM 247 Src 138 Dst
55. 009 12 7 17 44 42 Reply form www google com bytes 64 time 113ms TTL 207 218 235 182 2009 12 7 17 44 43 Reply form www google com bytes 64 time 112ms TTL 50 Location United States 2009 12 7 17 44 45 Reply form www google com bytes 64 time 112ms TTL 50 e Packets senti22 2009 12 7 17 44 46 Reply form www google com bytes 64 time 113ms TTL 50 Packets Received 2009 12 7 17 44 48 Reply form www google com bytes 64 time 113ms TTL 50 i Packets LostD 0 loss 2009 12 7 17 44 49 Reply form www google com bytes 64 time 113ms TTL 50 mO Response time Minimur 242ms 1 19999 12 7 17 44 51 Reply form www google com bytes 64 time 114ms TTL 50 2009 12 7 17 44 52 Reply form www google com bytes 64 time ll3ms TTL 50 2009 12 7 17 44 54 Reply form www google com bytes 64 time 113ms TTL 50 E Response time Maximum 481ms eS Response time Average 264ms og www google com CAP NUM SCRL By default Colasoft Ping Tool will keep pinging the target hosts until you click Stop Ping to make it stop You can view historical charts and save the charts to a omp format file With this tool users can ping the IP addresses of captured packets in Colasoft Capsa conveniently including resource IP destination IP or both of them For a clear view please move your mouse cursor to the graph Colasoft Ping tool will highlight the specific node and node border upon it An annotation will automatical
56. 06 00 00 25 00 00 08 Duration Protocol Explorer of the Node Explorer window 19 297 KB amp 767 KB 3 747 KB 1 128 KB 452 B 413 B 288 B 288 B 1 574 KB 1 558 KB 1 637 KB 8 790 KB 5 270 KB 9 225 KB 32 948 KB 1 ness FO g E LT p 2 133 KB 6 125 KB 5 606 KB a83 B 1 128 KB 246 B 190 B Fy CALC rer oe Fr 1 016 KE 0 999 KE 1 079 KE 6 044 KE 3 618 KE 6 114 KB 5 681 KE 11 172 KB 3 160 KB 2 869 KB 0 EB 234 B 223 B TL 4 4 te LI d I L Pee 572 B 572 B 571 B 2 46 KE 1 651 KE 3 110 KB 2 268 KB n 24 20 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 78 133 gs Colasoft IP Conversation Tab Maximize Network Value IP Conversation List The IP Conversation List contains the following parts e Toolbar e Column Header e Context Menu Toolbar The following table lists all the items on the toolbar Export Add to Filter mn oona oft P conversion sales oa aoma deta S S d iw shower ie elowerpane O O OOOO Column Header Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the menu items in the list Export Conversation Saves all
57. 138 Len 1 Upper Pane UDP Conversation List 2 Lower Pane This tab is visible only when you select UDP protocol or higher layer protocols in Protocol Explorer or any IP address item in Physical Explorer and IP Explorer of the Node Explorer window UDP Conversation List The UDP Conversation List contains the following parts e Toolbar e Column Header e Context Menu Toolbar The following table lists all the items on the toolbar 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 85 133 gt Colasoft UDP Conversation Tab Maximize Network Value Export Add to Filter A Flea ba Detail Refresh Export Click to export all of the UDP conversation statistics to a txt format file Detail Click to show or hide the lower pane Add to Filter Click to open the Packet Filter dialog to make a new filter based on the selection in this pane Refresh Click to refresh the UDP conversation list or set the refresh options UDP Conversation Shows the number of all UDP conversation in the list Counter Column Header Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the menu items in t
58. 2 69 53 DNS 86 C Q img cache neteas 11 14 25 04 579s12 0 008128 61 139 2 6 192 168 5 24 61902 DNS 249 Q imgcache qq c 12 14 23 04 618451 0 039139 192 168 5 61 1392 65 53 DNS 79 C Q pingfore qq co 14 23 04 624222 0 005771 197 166 5 61 139 2 69 53 DNS I C O pro 163 com A i E ETH II Dat FF FF FF FF FF FF Srce 00 19 E0 75 26 90 PP 020806 GF ARP Address Resolution Protocol 14 28 E Hardware type 1 Ethernet 14 2 E Protocol Type oxa 16 2 6 18 1 4 19 1 1 ARP Request 20 2 OO L9 E0 75 28 9D 22 6 132 168 5 5 287 4 Wait FF FF FF FF FF FF 00 15 EO 75 268 3D 08 06 00 01 GE O68 04 00 01 00 14 2018 EO 75 26 3D CO 3B 05 05 00 00 00 00 00 00 CO AB 05 DO 00 00 00 00 00 O00 0030 00 00 00 00 00 00 00 00 00 00 00 jA This tab contains the following parts 1 Packet List 2 Field Decode 3 HEX Decode You can click the Menu button and choose Options from the menu to open Decoder dialog to configure what protocols to decode 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 92 133 gi Colasoft Matrix Tab Maximize Network Value Packet List All packets listed here have the same information with packets in other tabs of Packet pane It lists all the packets that relating
59. 78 14 23 36 507736 14 23 36 806413 Fi www colasoft co 192 168 5 24 50018 192 168 5 24 50018 www colasoft co www colasoft co 192 168 5 24 50018 www colasoft co Destination cane rm ano ey ens LUTTO r AFYA ty ne 4 nh tit von qT te LE 192 168 5 24 50018 www colasoft com www colasoft com 192 166 5 24 50018 192 168 5 24 50018 www colasoft com 192 166 5 24 50018 Summary ary p Aiea rm Are a g THA a i LIT TT f 8 Seek q Seq 081146 7044 Ack 1844485 Seq 1844485247 Ack 081146 C GET pub css rmenu css HT Seq 0811467045 Ack 1844486 amp HTTP 11 304 Not Modifie C GET pub js ieys HTTP S HTTP L1 304 Not Modifi 1 Upper Pane TCP Conversation List 2 Lower Pane This tab is visible only when you select TCP protocol or higher layer protocols in Protocol Explorer or any IP address item in 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in 80 133 the United States and or other countries All other trademarks are property of their respective owners gs Colasoft TCP Conversation Tab Maximize Network Value Physical Explorer and IP Explorer of the Node Explorer window TCP Conversation List The TCP Conversation List contains the following parts e Toolbar e Column Header e Context Menu Toolbar The following table lists all th
60. 8 192 168 5 24 00 21 85 FC 3 WORKGROUP 192 168 5 20 Bg 00 24 21 18 WORKGROUP f 192 168 556 BR 00 24 271 18 W 192 168 5100 S 00 0A EB 6B WORKGROUP W 192 168 5101 B 00 26 18 42 Total 33 hosts The following table lists all eight columns in database Column Description The following table describes all items on toolbar Item Description Export All Export all database records to your disk supported format csmdat cscntab csv and txt Export Selected Export selected database records to your disk supported format csmdat cscntab csv and ite 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 121 133 gi Colasoft Maximize Network Value Add new record to database manually Add to Name Table Add the records to Colasoft Capsa Name Table With Colasoft Packet Player Colasoft Packet Player is a replay tool which allows you to open captured packet files and playback to the network Colasoft Packet Player supports many packet file formats created by many sniffer software such as Colasoft Capsa Ethereal Network General Sniffer and WildPackets EtherPeek OmniPeek etc it also support burst mode and loop sending feature To start Colaso
61. 97 ke 228 23 493 KB 119 19 504 KB 109 OB 083 0 92 o a IP Exposes 2 GP 00 24 21 18 5D E1 9 015 KB 93 0B 0 9015KB 93 0B 9231 00 93 00 H E Private use Networks 1 BP 00 21 70 88 3391 2 638 KB 28 284 B 4 2 360 KB 24 0B 8 51 6 00 a E 192 168 0 0 16 27 GP 00 0 81 87 A8 02 2 504 KB 18 380 B 5 2133 KB 13 0B 575 260 H A Internet Addresses 2 BD 00 0C 29 22 33 FB 2 131 KB 28 1 631 KB 20 512 B 8 0B 0 31 0 40 gt 00 15 17 A i Ov nana l T Capture Full Analysis amp Local Area Connection F Inactive Duration 00 06 32 Y 487 0 Check or modi ket filter ai pt pac dh Alarm Notification Area An Alarm icon and three counters of triggered alarms show on the right of the Status Bar You can click the Alarm Explorer button to open the Alarm Explorer window see Alarm Explorer Window for more details Choosing Network Adapter Colasoft Capsa captures packets from adapters of your machine If you want to start a Capture analysis project you need to choose at least one adapter from the Select Network Adapter list You can open the Select Network Adapter dialog through the following e Click the Network Adapter icon on the Analysis tab of the Ribbon figure below f gt Adapter Filter Stat Stop Packet Capture Change source adapters during a project will restart the capture The Select Network Adapter dialog appears as follows 2010 Colasoft All rights reserved Colas
62. B 1 680 1 680 192 168 0 61 192 168 0 72 00 34 43 266 426 KE 266 426 KB 0 B 840 840 192 168 0 61 192 168 0 35 00 34 43 206 572 KB 206 572 KB 0 B 1 620 1 620 192 168 0 61 192 168 0 88 00 34 43 186 709 KE 186 709 KB 0 B 1 830 1 830 192 168 0 61 192 168 0 34 00 34 43 161 396 KE 161 396 KB 0 B 1 590 1 590 192 168 05 19 168 OO 342 Ld4 S14 EB 14i 31A KE NE aA maA 1 Upper Pane IP Endpoint List 2 Lower Pane Relating tabs The IP Endpoint tab will be invisible if you select any MAC address item in Physical Explorer of the Node Explorer window IP Endpoint List Endpoints are displayed in a hierarchical structure You can click any column header to sort the list to check if there is any abnormal traffic The IP Endpoint List contains the following items e Toolbar e Column Header e Context Menu 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 74 133 gi Colasoft IP Endpoint Tab Maximize Network Value Toolbar The following table lists all the components on the toolbar show Switching Details Add to Name Tabie Refresh Expot Add to Filter Locate Show Switching Click to switch list layout between hierarchical and tiled style Export ss Clicks to export all items in the list to a txt format file to disk
63. Bidirectional Node 1 to Node 2 and Node 2 to Node 1 to display flow of direction flow from Node 1 to Node 2 or flow from Node 2 to Node 1 Show Packet Count By default only the first 50 packets of a conversation are displayed You can choose a larger Limit in Each Flow value to display more data if a conversation has more packets than 50 Save sis Click to save the content to disk as a txt format file Refresh ss Click to refresh the flow content or set the refresh options Packet Counter Shows the number of packets in the conversation Context Menu The following table lists all the context menu items of this tab Copies the selected content to the clipboard Line Wrap Auto wraps texts longer than the width of the pane Charter Set Chooses a decoding format to view content of packets 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 87 133 Find o Finds your entry word in the pane FindNext Finds next result of your entry SelectAll Selects the whole content Refresh Refreshes the flow content Matrix Tab The Matrix tab shows the network traffic statistics in graph The line weight indicates the volume of traffic between nodes You can quickly switch among global statistics and the details of specific network
64. Click the folder selection button to choose a folder to save the alarm log file e Prefix name Enter a name for the log file 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners AO 133 gs Colasoft Analysis Profile Options Maximize Network Value Analysis Profile Options Solution options can help you improve the efficiency of analysis get more useful statistics and save the packets in the buffer to your hard disk All the settings are global that can be applied to all analysis projects To open the Profile Options window do one of the following ways e On Start Page Double click an analysis profile in Analysis Profile section to open the Modify Analysis Profile dialog where you can modify the analysis profile Click the Next button on the bottom right of the dialog e Inan analysis project Click any icon in the Analysis tab of the Ribbon figure below Analysis Packet Log Diagnosis Object Storage Settings Settings The Solution Option window appears as follows Analysis Profile Options Packet Storage Log Settings Analysis Object Diagnosis Settings Network Protocol Physical Address Local IP Address Remote IP Address Physical Address Group IP Address Group IP Conversation TCP Conversation UDP Conversation
65. KB 16 0B E 74 53 97 226 3 365 KB 24 0B eD 64 233 183 102 3 276 KB 18 0B 1 Upper Pane Physical Endpoint List 2 Lower Pane Relating tabs Endpoint 1 gt lt Endpoint 2 Duration Bytes Bytes gt lt Bytes Packets Packets gt Last Sent Time 00 1 C23 593ACA 00 1D 7D E0 0A 59 00 01 12 21 213 KB 21 213 KB 0B 172 172 11 33 42 00 1D 7D E6 0A 59 33 33 00 00 00 02 00 00 08 222 B 222 B 0 EB 3 11 34 08 00 1D 7D E6 0A 59 01 00 5E 00 00 16 00 00 10 768 B 768 B 0B 12 12 11 34 14 00 1D 7D E6 0A 59 33 33 00 00 00 16 00 00 14 1 193 KE 1 193 KE 0B 13 13 11 54 14 00 24 21 18 5FD9 01 00 5E7FRFRFA 00 00 01 714 E 14 B 0E 4 4 11 42 25 00 11 85 6245F21 FRFRFRFRFRFF 00 00 00 64 E 64 B 0E 1 1 11 44 31 00 11 2F 79 93 32 FRFRFRFRFRFF 00 00 00 64 E 64 B 0 B 1 1 11 44 31 QO 0D 87 F8 01 56 FERFRFRFRFRFF 00 11 58 128 B 128 B 0 B 2 2 11 44 31 00 05 5D A5 49 66 FRFRFRFRFFRFF 00 11 58 384 B 384 B B 6 6 2 00 0455 73ELDF ARFRFEFEFEFF 00 11 58 128 B 128 B 0 EB 2 2 11 4 AO A Coe cy Oi 1 58 op PE nop MTRT The Physical Endpoint tab will be invisible if you select any IP address item in Physical Explorer or IP Explorer in of the Node Explorer window Physical Endpoint List 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are prop
66. aaaaaaaeeeeeeeeeeeeeeeeaaaaaaagdaeeeeeeeeeeeseseeaaas 83 UDP Conversation TaD a ecco a E E cipe nee seers pte dace EE fee cea AEE EAEE E E ERE 84 DEE S E E A E EE eye E A E EEN E EE E AEE E N E A EE E E E 87 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners ees gi Colasoft Content Maximize Network Value MADE A atc tagtees tac E cei eds seis ce este telnet es om noes ancl E E eo ab ac een seeaeeees ee ges E E 88 EOG AN sass tees a E E E S do ealea Seeman leanne san Muattiaed abate E bavecuee te 96 FM serenity taut pg meee T E E E oud can E E E E A wa ieee anya ide y A A aves seer E E A E T A E E E I E 99 Alar E Orr A NOON e cae reine a gente S E N E EE 101 Greating and Editing Alare acces spr accent ce seg else id E A aae ee Eain sie nea aeaa sbra A danir S a aiii 104 Anay e POO e E E E EE E E E E E E E E E 107 BAYONNE SAN SIS eS e a a E E a a S anna easanendbucdenspelsesaapedtdets 107 NOS e E aa wetea Sieichiene pi neaaiet else acne ie uaa oem ied hk La eesidieias area pa imioeannanlenameneeet 109 TOO S ttinGS ccccccccccccccceeessseeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeeeeaaeeeeeaeeeeeeeeeeeeeeeeeeeeeeeeaaaaaeeeeeeeeeeeeeeeeeaaeaeauaaseeeeeeeeeeeeeeeeseeaaaaaagsaseeeseseeees 109 SU MCT OO ee arcesecscete peice A eee ee sare see d
67. ace an IP with Colasoft Capsa conveniently Select a packet in the Packet tab and right click choose the Tracert command The source and destination IP address of the selected packet will be listed out you can trace either one by its name or both by the All command Ping Send Packet to Packet Builder Select All Refresh Ctrl A 192 168 5 255 5 l Now let s trace 207 46 26 109 by click its name System will trace the this IP address and display the details of the execution in the popup window 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 1117133 TTI gi O Windows system32 cmd exe D sUsersrnud tracert vuuw colasoft com Tracing route to wwu colasoft com 207 218 235 182 over a maximum of 36 hops ms ms 192 168 5 1 ms ms 192 168 280 1 ms ms 118 112 44 1 ms ms 125 786 249 133 ms ms A22 213 1 185 ms ms 262 97 45 41 ms ms 262 97 33 1568 ms ms 242 97 68 1882 ms ms 262 97 51 2380 ms ms te 8 1 car4 Sandosel Level3 net 4 771 114 1861 ms ms vlan csw4 S andosel Level3 net 4 68 18 254 ms ms ae 92 92 ebr Sandosel_Level3 net 4 697 154 2271 ms ae 2 ebr2 LosAngelesi Level3 net 4 69 132 14 ms 5 ae 3 ebr3 Dallasl Level3 net 4 697 132 7868 ae 34 86 car4 _Dallasi Level3 ne
68. aceite ce New IP address and MAC address 19216853 pE OFFICE _ New IP address and MAC address W 19216854 IEL p _WORKGI New IP address and MAC address 19216855 all a New IP address and MAC address W 192 168 5 6 ea co o New IP address and MAC address 19216858 go E i New IP address and MAC address W 19216857 Bp IC a New IP address and MAC address 192168510 BR 7 Pe New IP address and MAC address 192 168 5 11 eaten me New IP address and MAC address i 192 168 5 13 a ssa ae New IP address and MAC address 192 168 5 1 Een oa oo New IP address and MAC address Y 192 168 35 14 hii p New IP address and MAC address W 192 168 5 15 ra ES New IP address and MAC address i 192 168 5 17 Sat o l New IP address and MAC address od 192 168 5 20 g s New IP address and MAC address W 192 168 5 24 mpe e EC New IP address and MAC address W 192 168 5 56 ie a ma a New IP address and MAC address WY 192 168 5101 ie oo New IP address and MAC address 197 168 5100 K e W oo ae aa New IP address and MAC address Export all records to file
69. ains the following groups e Tools See Tools for details View Tab The View tab contains the following groups e Show Hide Check or uncheck the Explorer Alarm and Online Resource to show or hide it corresponding window e Physical Address Show Format Sets the display format of the physical addresses o Physical Address Only Shows the physical addresses in digits e g 00 1 1 22 33 44 55 o Physical Name Only Shows the physical addresses in alias e g localhost o Physical Name and Address Shows the physical addresses in digits and their alias if any e g localhost 00 1 1 22 33 44 55 o Show Physical Manufacturers Check or uncheck to hide or show the adapter vendor where displays the MAC address e IP Address Show Format Sets the display format of the physical addresses o IP Address Only Shows the IP addresses in digits e g 192 168 1 1 o IP Name Only Shows the IP addresses in alias e g Localhost o IP Name and Address Shows the IP addresses in digits and alias if any e g Localhost 192 168 1 1 Menu Button The Menu button is on the top left corner of a project window Click it and the Menu appears as figure below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 20 133 gs Colasoft Main User Interface Maximi
70. an results to a cscntab txtand csv format file Add to Database Adds the selected item s to database MAC Scanner Database Colasoft MAC Scanner supports adding the scan results to a database and allows you do more add attributes automatic comparison with the database records Every time you execute a new scan MAC Scanner will compare scan results with the records in database If there is any discrepancy MAC Scanner will inform you in Scan Network view 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 120 133 Maximize Network Value gt Colasoft a Colasoft MAC Scanner File Edit View Scan Setting Help a 63 IP Address MAC Address Host Name Workgroup UserName Location Manufacturer Comment W 192 168 5 2 00 50 56 F8 W 192 168 5 3 B 00 1D 7D E6 OFFICE W 192 168 5 5 H 00 19 E0 75 W 192 168 5 8 B 00 1F D0 8C 19216854 B 00 24 21 18 ee WORKGROUP 192 168 5 1 E 00 21 9B BC 192 168 5 7 Bg 00 1F D0 8D WORKGROUP 192 168 513 Hy 00 24 21 18 MSHOME 192 168 510 B 00 1FD0 8C WORKGROUP 192 168 5 14 ABCA OFFICE 192 168 515 B 00 24 21 18 WORKGROUP 192 168 517 E 00 21 70 BB WORKGROUP 192 168 5 6 H 00 24 21 1
71. and Real time Status helps you to identify the packet sources of network Display More Accessible With enhanced graphical packet filter configurations lets you read packet processing steps more Filters easily You can check these boxes Accept Refuse and No checking to build up filters and the right pane refresh the combination of filters to help you understand packet processing New Tab Structure The new tab organizing structure lets you find useful statistics with less clicks and more easily New Ribbon The Ribbon provides all commonly used shortcuts and commands On the Ribbon you can start or stop a capture change project settings and get project status information start time start date captured filters and packets dial and buffer map Global Status Bar Provides information and icons on name of the current analysis profile select network adapter reselect replay packet files and alarm information Global Traffic Dial Refreshes by second the network utilization and throughput as analog dials and digits on the Ribbon Buffer Map Graphically displays dedicated packet buffer usage You can understand buffer usage vividly Customize Lets you customize protocols to meet you necessary based on Ethernet Type IP protocol TCP port Protocol and UDP port New Dashboard Provides a great many of statistic graphs from global network to a specific node You are able to as well create almost any kind of graph based on any MAC ad
72. any in the United States and or other countries All other trademarks are property of their respective owners 52 133 Maximize Network Value gs Colasoft Local Engine Settings KBps MBps GBps or TBps Users can define a display format from the combo box Bit second measure Rate at which bits of information are transmitted Colasoft Capsa displays the rate of information in an appropriate unit such as bps Kbps Mbps Gbps or Tbps Users can define a display format from the combo box Default Click it to reset all the settings in this pane Report Settings You can configure the following options listed below in this pane and you can check out the setting results in the Report tab Local Engine Settings Display Format Report Settings Repare settings Company name Customize prefix Customize author Display timestamp Maximum entry in Top M Company logo Enable this item disabled by default select a picture file on your machine or shared network folder as the logo of your company which will be displayed on the top right corner of Report tab Company name Enable this item disabled by default enter your company name into the textbox It will be displayed on the top left corner of Report tab 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are
73. ault to get showing columns back to default Context Menu The following table lists all the menu items in the list Export Conversation Saves all of the physical conversations statistics to disk as a txt format file Statistics Make Filter Opens a new dialog to make a new filter on the basis of the selection Address Resolve Resolves the host name of your selected address item This item is grayed out for MAC address does not have a host name Add to Name Table Add an alias for the selected node to the Name Table Make Graph Generates a graph in the Dashboard tab based on the selected item Make Alarm Generates an alarm item based on the selected item Locate in Node Explorer Locates one of the MAC addresses of the selected conversation in the Node Explorer window 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 77 133 IP Conversation Tab a Colasoft Maximize Network Value Send Packet to Packet Builder Select Al Selects all items in the list Relating Tabs Sends the selected packets to the build in tool Packet Builder There are three tabs in the lower pane IP Conversation TCP Conversation and UDP Conversation Your selection in the Node Explorer window and the selection in the protocol list will
74. b e Intensity To set the level of the current diagnosis item Information Click a diagnosis item you will see its Description and Possible Reason on the bottom right pane to get more information about 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 48 133 gs Colasoft Local Engine Settings Maximize Network Value the selected diagnosis item Toolbar There are seven buttons on the bottom of this window to help you manage all your diagnosis events e Enable All Click to check all the diagnosis item in the list e Disable All Click to uncheck all the diagnosis item in the list e Invert Selections Click to disable the checked diagnosis item and enable the unchecked ones in the list e Reset Click to reset the selection in the list e Import Click to read the diagnosis settings from an cscdiag file e Export Click to save the diagnosis settings to an cscdiag file Local Engine Settings Local Engine settings are global It contains three parts e Customize Protocols e Format e Report You can find these three items at the following places e Menu Click the Menu button You will find the first three items under Local Engine Settings menu item e Analysis project The Local Engine Settings group of the System tab of t
75. b Maximize Network Value Report Tab The Report tab provides the real time reports on global network or a specific node It contains a wide variety of reports including summary statistics diagnosis statistics protocol statistics top 10 IP protocols top 10 physical addresses top 10 IP addresses top 10 local IP addresses and top 10 remote IP addresses Colasoft Capsa also let you save reports in three file formats html pdfand mht You can configure Report Settings to customize report template as well yoint Physical Conversation IP Conversation TCP Conversation UDP Conversation AR oa e Global Analysis s Report E Top Application Protocols Top 10 Application Protocols Y HTTP 58 804 16 003 KB Y TCP Other 13 823 3 762 KB 4 UDP Other il 6 434 1 751KB Y HTTPS A 2 964 826 B Y NetBios l 1 575 439B Y DNS 1 134 316 B CIFS 0 208 58B a Colasoft Creator Colasoft Capsa 7 Copyright 27001 2010 Colasoft All rights reserved E The Report tab contains the following parts e Report View e Toolbar e Report Item Select 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in 99 133 the United States and or other countries All other trademarks are property of their respective owners gx Colasoft Report Tab Maximize Network Value Report View The Report View presenis all report
76. be like filters to get more small items in the bottom tabs These tabs will save your time and clicks to find the statistics you need Read the IP Conversation TCP Conversation and UDP Conversation to learn detailed descriptions of these tabs IP Conversation Tab The IP Conversation tab provides you with IP address conversation statistics Each single conversation record has its source IP address destination IP address packets sent and received packet sizes and communication duration etc This tab contains the following components Duration Yi Endpoint 1 gt lt Endpoint 2 192 168 5 24 192 168 5 24 192 168 5 24 192 168 5 24 192 168 5 56 192 168 0 183 192 168 5 24 192 168 5 24 192 168 5 105 a oomlanott corm 202 98 96 68 66 249 89 103 72 14 203 138 61 139 2 69 299 299 295 295 192 168 5244 65 55 50 99 192 168 5 255 192 168 5 255 T 2 This tab is visible only when you select an IP address item in the Physical Explorer or in the IP Explorer and IP protocol in the Endpoint 1 gt 192 168 5 24 50008 192 168 5 24 50009 192 168 5 24 50017 192 168 5 24 50018 192 168 5 24 50019 192 168 5 24 50016 192 168 5 24 50015 yersation UDP Conversation lt Endpoint 2 www colasoft com 80 www colasoft com 80 www colasoft com 80 www colasoft com 80 www colasoft com 80 www colasoft conusd www colasoft com sd Upper Pane IP Conversation List Lower Pane Relating tabs UU 4 3 00 00
77. can either in this scenario use a Hub or a Tap to monitor and analyze your network with Colasoft Capsa Connect a tap with the line to be monitored Taps can be flexibly placed on any line in network When the requirement for network performance is very high you can add a tap 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 9 133 gs Colasoft Installation and Deployment Maximize Network Value to connect your network lnternet Colasoft Capsa Network Analyzer Router Single port Tap NTA Pot oa eon ella i ee 5 Tap B Port Unmanaged Switch Server A Server B Connect a hub with the line to be monitored A Hub costs lower than a Tap but lower performance than a Tap in large traffic network internet Colasoft Capsa Network Analyzer Unmanaged Switch Server A Server B Monitoring a network segment In the case when you only need to monitor the traffic in a network segment e g Finance department Sales department etc you can connect the server on which Colasoft Capsa is installed and the network segment with an exchange facility The exchange facility can be hub switch or proxy server 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademar
78. capture packets matching with the filter s criteria but drop those failed You are able to save you time on finding useful data of network anomalies or attacks among countless items You can open the Filter dialog through the following e On the Start Page Click Packet Filter Settings in the Settings Overview section to open the Filter dialog e in an analysis project click the Packet Filter icon on the Packet Capture group of the Analysis tab of the Ribbon figure below gi Colasoft Using Filters Maximize Network Value eY gt re Adapter Filter Start Stop Packet Capture The Filter dialog appears as follows ooocgooaoonorTTr00O00 ARP RARF IaMF Broadcast UDF VLAN 802 1Q DMOOUOODOOOOOOOUOUOOUROE The Filter dialog is divided into three parts e Filter list e Filter Flow chart e Buttons Filter list There are two checkboxes in every filter item If you need to accept a kind of packets check Accept Otherwise check Reject You may also check multiple boxes to define packets capturing range Double click any filter item in the list to open the Packet Filter dialog to edit the filter In the Packet Filter dialog you may change its settings in Simple Filter tab and Advanced Filter tab Filter flow chart 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company i
79. ckets in saved files read Analysis Mode Replay for more details 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners Woke Maximize Network Value gi Colasoft Analysis Mode Mame IP Packets s Local Area Connection 30 554 Local Area Connection 2 0 The Capture analysis mode contains the following parts e Network Adapter List All available network adapters are listed here with IP address and Packets packets received and sent to help you identify them You need to check at least one adapter to start a capture Colasoft Capsa supports capture packets from multiple adapters e Network Utilization This displays as a graph It refreshes when you check an adapter It helps you to understand the throughput of the checked adapter You can visit Start Page to read how to start a Capture analysis project Analysis Mode Replay You should choose this analysis mode when you want to analyze packets saved in files To start a replay analysis project you must add at least one packet file in the Select Packet Files section of the Start Page Mame Size Format File Path Bit Torrent cscpkt 16 208 MB Colasoft Packet File v6 F Packets DDOS Attack cscpkt 16 390 ME Colasoft Packet File vo F Packets Remove Clear All Repla
80. d Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 11 133 gs Colasoft Installation and Deployment Maximize Network Value redirect the traffic that occurs on some or all ports to a designated monitoring port on the switch With this feature you can monitor the entire LAN segment in switched network environment Please refer to the configuration documents shipped with your switch for this feature and configuration instructions If your switch does not support port mirroring you can install Colasoft Capsa on a workstation connected to the same hub as your Internet gateway or on your Internet gateway if acceptable thus you can monitor all network traffic between your intranet and the Internet Read Installation Environment to know how to deploy Colasoft Capsa A list of some managed switches with port monitoring spanning which are commonly used is available on our website please visit the Switch Management page for references System Requirements Colasoft Capsa does not need a high performance machine and can be installed on many Windows operation systems such as Windows XP Windows 2003 Windows Vista and x64 Edition and the latest Windows 7 Your system s performance and configuration will affect the running of Colasoft Capsa The following minimum requirements are the bo
81. ddress Traffic Received e Top Remote IP Address Traffic Sent e Top Application Protocols e Packet Size Distribution Some graph items will not applied to all the nodes you selected Summary Tab Associated with your selection in the Node Explorer window the Summary tab provides general statistics on the selected node When you select the root node you can get the statistics on your global network if you select a specific node it will present the particular information of the chosen node The Summary tab is described as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 62 133 Maximize Network Value gi Colasoft Summary Tab mar Diagnosis Protocol Physical Endpoint IP Endpoint Physical Conversation Global Analysis Statistics Statistics Item Current Value Alarm Security Performance Fault Diagnosis Statistics Information Diagnosis Notice Diagnosis Warning Diagnosis Critical Diagnosis Traffic Bytes Packets Utilization Bits Per Second Total 0 987 MB 4 631 0 000 0 bps Broadcast 110 839 KB 1 078 0 000 0 bps Multicast 117 061 KB 1 455 0 000 0 bps Average Size 223 313 Bytes Packet Size Distribution Bytes Packets Utilization Bits Per Second Packets Per Second Address Protocol Physical Conversa
82. descriptions on the right side to help you choose an analysis profile to your need Read Analysis Profile for more details 4 Settings Overview section Displays detailed information of the above settings You can reexamine the settings before starting an analysis 5 Start Analysis Click the start button on the bottom right side to start an analysis project Tips e If you just want to analyze some specific packets on the network you should use packet filters You can click Packet Filter Settings to open the Filter dialog to configure filters Read Using Filters for more details e You can run up to FIVE analysis projects on the same machine at the same time Analysis Mode Analysis Mode is used to choose the packet sources Generally there are two kinds of source network adapter and packet files Colasoft Capsa defines packets from network adaptors as real time packets packets from stored files as Replayed packets You can read the two analysis mode in detail via the links below e Capture Analysis Mode e Replay Analysis Mode In Capture analysis mode Colasoft Capsa supports capture packets from multiple adapters While Replay analysis mode supports two kinds of replay speeds original soeed and accelerated speed Analysis Mode Capture You should choose Capture analysis mode when you want to analyze real time packets on your network using one or multiple network adapters also known as NIC Colasoft Capsa also supports analyze pa
83. dress IP address and protocol etc With these graphs you can easily find out anomalies of the network and get useful statistics New Diagnosis Provides new diagnosis addresses and more tips on how to solve the problems You can easily locate suspicious machines with logs of expert diagnosis You can choose to display diagnosis events by protocol layer structure or by type layer Security performance and fault and hide all empty diagnosis categories Real Time Alarm Pops up alert to inform administrator triggered alarms that you created on your demands You can Pop up find triggered alarm count number on Status Bar and hide the Alarm Explorer window Alarms are logged and saved to disk in detail for your later reference Enhanced Report 1 Provides a wide variety of global reports based on statistics 2 Lets you create customized reports and customize report Logo Name Title prefix Author Generation time stamp and Top X number 3 Supports you to generate report in common PDF MHT and HTML format files TCP Time Choose TCP Type conversation you can find Time Sequence in TCP Conversation tab which Sequence Diagram displays SYN and ACK information between the two communications nodes You will feel easy to understand and analyze the TCP communications between two ends Enhanced Matrix 1 The edges of nodes and lines are displayed more smoothly 2 On focused nodes or connections will be exaggeratedly enlarged 3 Right click a node yo
84. e analysis profiles use different analysis modules and different modules have their own log functionalities In total Colasoft Capsa has the following log types e DNS Log e Email Log e FTP Log e HTTP Log e MSN Log e Yahoo Messenger Log Diagnosis Settings This page lists all available diagnosis events of the loaded analysis module of the current analysis project You can read the Description and the Possible Reason of an event in the right pane to help you solve a network problem when you selected any diagnosis event in the events list The settings Color Severity Level and some other parameters if applicable can be 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners a7 133 gi Colasoft Analysis Profile Options Maximize Network Value customized You can read Profile Options to learn how to open the Diagnosis settings window All diagnosis events are hierarchical grouped in protocol layers Application Layer Transport Layer Network Layer and Data Link Layer You can easily find which layer a network problem comes from Analysis Profile Options Analysis Object Packet Storage a p Diagnosis Analysis E DNS Host or Domain Does Not Exist Log Settings aE Application Type Fault E DNS Server Slow Response Color Hl 0
85. e combo box will display the detailed information of the selected adapter 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 123 133 gs Colasoft Maximize Network Value 68C 8111C PCI Gigabit Ethernet NIC 00 21 85 FC B3 CD 1000 0 Mbps 1500 bytes 192 168 5 24 255 255 255 0 192 168 5 1 Operational Packet File Defines the packet file you want to send The file formats that Colasoft Packet Player support are listed below You can add multiple files by clicking the Add button Users also can replay a packet file have been sent out before from the combo box e Colasoft Capsa 5 0 Packet File cscpkt e Colasoft Capsa 5 0 Raw Packet File rawpkt e Colasoft Capsa 7 0 Packet File cscpkt e Accellnt 5Views Packet File 5vw e EthePeek Packet File V7 pkt e EthePeek Packet File V9 pkt e HP Uinx Nettl Packet File TRCO TRC1 e libpcap tcodump Ethereal etc cap e Microsoft Network Mintor2 x cap e Novell LANalyer tr1 e Network Instuments Observer V9 0 bfr e NetXRay2 0 and WINDWS Sniffer cap e Sun_Snoop snoop e Visual Network Traffic Capture cap You may use the Clear button to clear all the items in packet file list To delete some item
86. e graph in pie style e Titles Click to set titles display options e Indicatrix Click to show a horizontal line which moves with mouse pointer to compare values e Top Number Click to set the statistic item number e Sampling Values Click to set the statistic value type Cumulative Value and Last Second Value e Refresh Interval Click to set graph refresh interval e Save Graph Click to save the current graph to disk The display items are described as figure below Global Bytes Per Second 0 B 11 42 30 11 42 50 11 43 10 11 43 30 11 43 50 11 44 10 Sample Interval d s H ses Change Graph Position Graph positions are changeable You can click and drag the head of a graph to rearrange its position go get a better view You can read Creating Graphs to learn how to create a graph in the Dashboard tab Creating Graphs Colasoft Capsa allows you to create graphs from almost any place in the program For example there is a machine IP 192 168 5 24 and you need a graph of its total traffic by byte You can create a new graph by following ways e In Node Explorer window Click on the toolbar or right click on any node to create a new graph 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 59
87. e items on the toolbar Export Add to Filter Expo oopen aorte TOP conversation saisies toa atiomatfle Ea foosnowormeneonree OOOO Reres ciecie retesn the TGP corversaton tetor setne refresh opions TCP Conversation Shows the number of all TCP conversation in the list Counter Column Header Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the menu items in the list Export Conversation Saves all of the TCP conversations statistics to disk as a txt format file Statistics Make Filter Opens a new dialog to make a new filter on the basis of the selection 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 81 133 gs Colasoft TCP Conversation Tab Maximize Network Value Locate in Node Explorer Locates one of the IP addresses of the selected conversation in the Node Explorer window Ping Invokes the build in Ping Tool to ping the endpoints Send Packet to Packet Sends the selected packets to the build in tool Packet Builder Builder Lower Pane There are three tabs in the lower pane e Packets Tab e Data Flow Tab e Time Sequence Tab These tabs help you go deeper to analyze t
88. e of network development new analysis modules can be quickly developed to meet users specific demands and users only need to purchase the modules they need Large Traffic An analysis profile project only captures and analyzes those necessary packets which saves system resources and improves analysis efficiency and performance greatly Built in Analysis Profiles Colasoft Capsa integrates seven analysis profiles DNS Analysis Email Analysis FTP Analysis HTTP Analysis Full Analysis and Traffic Monitor The first four analysis profiles are designed to analyze on aplication level and the last three for accuracy and performance analysis Traffic Monitor Security Analysis HTTP Analysis Email Analysis DNS Analysis FTP Analysis DNS Analysis To analyze DNS applications diagnose DNS applications errors and record DNS application logs Email Analysis To analyze Email applications based on POP3 SMTP monitor Email content and attatchments and log Email transactions To analyze FTP applications based on TCP port 21 and 20 and log FIP transactions HTTP Analysis To analyze Web applications based on HTTP record clients web activities and log web communications Full Analysis e To accurately analyze objects in the network including physical addresses IP addresses protocols traffics and every object s traffic e To accurately diagnose network errors and provide customized graphs and reports Traffic Monitor To pursue high effic
89. e pernee E Seca a weidrcts hee gece te reece E rs etree ens claw ENE 112 O76 hora VN Se ct 1g G geen eee ee A eee ere eer ee eee ere 116 MAGC Scanner Scan IN OI seer ete ee ce seeddetautanseadssantuastestsacassentcanuias sno Aas EA e iE a O Ei T ERRER a ENa e ka ES oan iai 118 COE PACKET EI O e E E E E E S E 122 calok are le 1 alo 0 6 songa E ee ae ee ee ee eee 127 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 4 133 gi Colasoft Overview Maximize Network Value Overview Welcome to Colasoft Capsa 7 1 2 Designed for packet decoding and network diagnosis Colasoft Capsa monitors the network traffic transmitted over a local network helping network administrators troubleshoot network problems With the ability of real time packet capture and accurate data analysis Colasoft Capsa makes your network transparent before you letting you fast locate network problems and efficiently expose hidden security threats You may install Colasoft Capsa on a laptop and analyze monitor and diagnose anywhere in your network you want to Colasoft Capsa analyzes and diagnoses either real time network traffic or problems in replayed saved packet files To realize accurate problem location and efficient analysis you can use application analysis
90. e related TCP conversation and UDP conversation that help you drill down to analyze the conversations The TCP Conversation tab dynamically presents the real time status of TCP conversations between the two nodes the lower pane on the bottom of this tab offers the related packets reconstructed data flow and time sequence charts that help you drill down to analyze the conversations The UDP Conversation tab dynamically presents the real time status of UDP conversations between the two nodes the lower pane on the bottom of this tab offers the related packets and reconstructed data flow that help you drill down to analyze the conversations The Matrix tab graphically presents the nodes communicating in network by connecting them with lines The line weight indicates the volume of traffic between nodes arranged in an extensive ellipse You can quickly switch among global statistics and the details of specific network nodes by switch the corresponding nodes in the Node Explorer window The Packet tab contains three parts Summary Decode Field Decode and the Hex ASCII EBCDIC Decode Here you can go down to get the original information of any packet Not all analysis profiles have the Log tab just DNS Analysis Email Analysis FTP Analysis and HTTP Analysis In these tabs you can get the logs of TCP conversations email communications web accesses and DNS transactions The report tab provides 27 statistics reports from global network to a specific
91. e to read more in details You can read Log Settings to learn how to configure log settings Log Types Colasoft Capsa provides five types of logs by default Each type focuses on one kind of application The following table describes all five types of logs in the Log tab Shara tl Collects logs of other log types in an analysis project It contains three columns by default Time Protocol and obal Log Messages aaa Logs the DNS query applications It provides useful information like Time Client Client Port Server Server og Port Query State and Result etc Whoever sends or receives an email on SMTP POP3 will be logged All log records contains Client Address Client Port Server Address Server Port CC Size Attachment Duration and Average Speed Going Email Log through their records you can check if there is any attack via email or email server attack If you enabled save emails all captured emails will be saved to the chosen folder You can double click on any log item to open the email with an email client Each item in logs is a record of uploading to or downloading from FTP server which contains 20 columns Client Address Client Port Server Address Server Port Server Client Transmission Start Time Transmission End Time Duration sec Account Operation Type File Transmission Mode Total Bytes ia Server Bytes Client Bytes Total Packets Server Packets Client Packets and Average Speed These records help
92. e trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners oe a ee gi Colasoft Maximize Network Value BT Protocol Filter h afe M LF This filter contains three conditions e First condition Match a network segment 192 168 0 1 192 168 0 200 e Second condition Exclude an IP address 192 168 0 65 e Third condition Match one of packet patterns 1 Content Type Hex Pattern value 13426974546f7272656e742020726f746f63616c or 2 Port Range from 6881 6889 Following the process of the figure below Colasoft Capsa compares against captured packets with the conditions If a packet matches the criteria it is recognized as BT downloading packet LF 192 168 0 1 192 166 0 197 166 0 65 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners SA 133 gi Colasoft Network Profile Maximize Network Value m 192 168 0 1 192 168 0 192 168 0 65 Toolbar The Toolbar contains the following icons Open dialog to modify the selected parameter Delete the selected parameter Show Image Show filter icon for each filter item Show Show details of each filter item Comment Filter Conditi
93. eeeeeeeecececcoussseseenenceeeeeeeeseececcossssseeseeeeeeeeeenececeeccouasseseeneneeeeeeeeescsceccocsssseeeeeeeeeeeeeeeesececcacassseeeeeeseeeeeeeesseaes 46 Diagnose SNS eae sees EEE EE Or EEEE E 47 LO CAENIN ENOS re S E eee ee ee eee eee 49 ET FMM Ze 0 1G EE E E A A A AE E A E N EA AE A E E E E E 49 SON FO a a E teatanSonstsinetsdatns susan ateeaiansaatiuauaudtepades hemuatarnnsatsveneare eateaee ia aunties apatersenctaiehsopekiy Sees 51 REDON a E 16 eee ee ee ee ee ee 53 e IS a E E A A R EN 54 Ganera eo ano e E E A E E A 55 Decoder SONGS eee E E AE E E E E E E E E 57 PADDOR MAD e E E R E E N E E E E E E EE E yaad 57 oreina aD e A ee ee ee ee ee ee eee ee 59 MO TS cece eg ete ace ears veces me eee ere ete ects nears cece es Saeco science cate nee toe cee A A EA Sec pee E E 61 MIM Va ea eE oeen tose EE O E E E E E O E A E 62 DIAGNOSIS EAD eE E E E E E EE E E E E 64 FOTO VU e E E E G dageciged pesuetiesapantspesnasdendepousesaueyeets 68 FEN SNC FMA NM TAD A E E E E E E S 71 Re VCO OUI TAD e E E E E E A T E E a E A E 73 Physical Gonyercaton Ta 6 Beeman ann ete etc n a a RRS ee i a ERE Re ee ene ee 76 eae Conversio TAD een nen ene E a ee gee ee ee ee ee ee 78 TOR OVS AON Tis cece esses acta a deceit nee ex gare dae E E E E ates sueudargonesdeeuacsedenueveceounect 80 DAT ele al ee ee ee ee ee ee ee eee 82 Time Sequence TAD sceceseeeecceececeeecenaaaeessseeeeeeeeeeeeeeeeeeaaeaeeeaeeeeeeeeeeeeeeeeeaaaaeeeaaaaseeeeeeeeeeeeeeeeeaaa
94. egistered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 140133 Maximize Network Value gx Colasoft Getting Started 3 Colasoft Capsa 7 Activation Guide a Colasoft 1 Send an email or fax to 107070101710 Email supporti colasott com i Fax 86 28 85120911 19001010 2 Enter the following information an joo Serial Number Kt a 3 Enter the activation number into the following box Getting Started Launching Colasoft Capsa To start Colasoft Capsa do any of the following e Launch from the desktop If checked the Create a Desktop Icon option while installation you will find a shortcut icon on the desktop Double click the icon to launch Colasoft Capsa e Launch from the quick launch menu Checked the option Create a Quick Launch icon in the setup wizard you can start it by click the icon from the quick launch menu of the task bar e Launch from the Start menu Choose Start gt All Programs gt Colasoft Capsa 7 1 Enterprise gt Colasoft Capsa 7 1 Enterprise to launch Colasoft Capsa e Invoke from command line Choose Start menu gt Run gt input capsa or capsa exe gt OK to invoke Colasoft Capsa Start Page Visit Launching Colasoft Capsa to read how to start Colasoft Capsa The Start Page is the first screen you see when you launched the program which will guide you to start an analysis project step
95. em Tools t BwRwKR Tool Ping Packet Packet MAC Settings Player Builder Scanner Tools The Colasoft Packet Builder window appears i x e a es 8s o Pye ELETE aste Delete Move Up Move Down Checksum Send Send All Adapter About A Packet Analyzer w There are no items to show tn this view Colasoft Packet Builder contains three panes in main view e Packet List e Decode Editor e Hex Editor The last two panes collaborate with the Packet List pane Once a packet selected Decode Editor and Hex Editor decode the packet and you can just edit the packet in these two panes To customize the layout of the three panes just drag their heads to move You can use Colasoft Packet Builder to Add or insert new packets Simply you can add or insert packets from Packet tab of Colasoft Capsa or packet templete ARP IP TCP and UDP Edit packets Just click the item or digit to edit packets in Decode Editor pane and Hex Editor pane Send packets 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 128 133 gi Colasoft Maximize Network Value Click the Send or Send All button on toolbar to tramsmit the created packets to network Save your packets to disk is also important You can clic
96. ered alarm number in the Alarm Notification area on the right side of the Status Bar You are almost allowed to create alarms from any object in Explorer window and in tabs of the Main View Read Creating and Editing Alarms to learn how to create and edit an alarm To open the Alarm Explorer window follow any of the ways below e Ribbon Check the Alarm checkbox in the View tab of the Ribbon 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 101 133 gv Colasoft Alarm Explorer Window Maximize Network Value e Alarm Notifications Area Press D Alarm Explorer in the Alarm Notifications Area on the right side of the Status Bar The Alarm Explorer window has the following three parts e Alarm List e Status Information e Toolbar e Alarm Notification Area e Alarm Pop ups For different network needs not one alarm pre specified by Colasoft Capsa you need to create alarms on your own Alarm List All the alarms are hierarchical grouped in three categories Security Performance and Fault You will see all enabled alarms in the list You can double click an alarm item to open the Network Profile window to manage the clicked alarm See Network Profile Alarm to read in detail Click an alarm item the Status Information pane display
97. ers 60 133 Pr Colasoft DELLY 1 Ko mm E o L d Maximize Network Value 192 168 5 24 Total 192 168 5 24 Default My Dashboard The Make Graph dialog contains the following items and the items you should set e Graph Name The name of the graph The name can be automatically generated you can enter a new name as well e Graph Object Specifies that the new graph is based on this object 192 168 5 24 e Dashboard Tab Specifies which tab the new graph will be places Click to choose the tab name we create in step 1 e Statistics Counter Lists all available statistic counters Check the Total item in the Traffic group e Counter Unit The measurement of the calculation Click to select Byte Then Click OK to finish the settings Now you can see the new graph in the Dashboard tab Graph Types Colasoft Capsa provides a wide range of statistic counters for creating graphs You can find all available graph types below e Sample Chart e Top Chart Sample Chart A group of general graphs that can be used to graphing a specific node or the whole network 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 61 133 Maximize Network Value gx Colasoft Summary Tab e Alarm Security Performance and Fault e Traffic
98. erty of their respective owners 717133 gt Colasoft Physical Endpoint Tab Maximize Network Value Endpoints are displayed in a hierarchical structure You can click any column header to sort the list to check if there is any abnormal traffic The Physical Endpoint List contains the following items e Toolbar e Column Header e Context Menu Toolbar The following table lists all the components on the toolbar show Switching Details Add to Name lable Refresh 64 al Fa By S Export Add to Filter Locate Show Switching Click to switch list layout between hierarchical and tiled style Export ss Clicks to export all items in the list to a txt format file to disk Details Click to show or hide the lower pane Add to Filter Click to open the Packet Filter dialog to make a new filter based on the selection in this pane Add to Name Table Click to add an alias for the selected node to the Name Table Click to locate the current node in the Node Explorer window Refresh Click to refresh the list or set the refresh options Node Counter Shows the number of all physical endpoints in the list Column Header Right click a column header you can select more columns to show in the list Choose Default to get showing columns back to default Context Menu The following table lists all the items in the menu of this list fring Pp aniteminte ist Make Filter Opens a new dialog to make a new filter on the ba
99. es the selected column in original format to the clipboard Customize Column Shows hides columns or changes the position of columns Packet Summary Shows the packet summary e Automatic show the uppermost protocol summary 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 93 133 gi Colasoft Matrix Tab Maximize Network Value IP Summary show the packet summary of IP protocols if no IP protocols show the uppermost protocol summary TCP UDP Summary show the packet summary of TCP UDP protocols if no TCP UDP protocols show the uppermost protocol summary Export Packets Exports selected packets to a file Fina Finds an item inthe list Set Relative Time Makes your selected item as the reference time point and recalculates the relative time based on the selected item Make Filter Opens a new dialog to make a new filter on the basis of the selection Address Resolve Resolves the host name of your selected item With the resolved name you can easily find the machine in your network Add to Name Table Add an alias for the selected node to the Name Table Make Graph Generates a new graph item in Graph tab based on the selected item Make Alarm Generates a new alarm item in Alarm Explorer window to alert you anoma
100. ets LFS 00 34 43 645 KB 30 645 KB 0 B 90 00 34 44 5 625 KB 5 625 KB 0 B 60 1 Upper Pane Physical Conversation List 2 Lower Pane Relating tabs This tab is visible only when you select a MAC address item in Physical Explorer or protocol item below the IP layer in Protocol Explorer of the Node Explorer window Physical Conversation List The Physical Conversation List contains the following parts 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in VOW aso the United States and or other countries All other trademarks are property of their respective owners gs Colasoft Physical Conversation Tab Maximize Network Value e Toolbar e Column Header e Context Menu Toolbar The following table lists all the items on the toolbar Export Add to Filter N wely as PAA Detail Refresh Export sd Click to export all of the physical conversation statistics to a txt format file Deal si Click to show or hide the lower pane Add to Filter Click to open the Packet Filter dialog to make a new filter based on the selection in this pane Refresh Click to refresh the physical conversation list or set the refresh options Physical Conversation Shows the number of all physical conversation in the list Counter Column Header Right click a column header you can select more columns to show in the list Choose Def
101. ets Sets the parameters as the below figure It means theBitTorrent cscpkt POP3 cscpkt and http rawpkt packet files will be replayed 100 times from the Realtek RTL8168C 8111C PCI E Gigabit Ethernet NIC with 1000 milliseconds delay between every loop and the packets will be replayed in the time interval as they were recorded 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 125 133 ga Colas oft Maximize Network Value E Colasoft Packet Player E Realtek RTL8168C 8111C PCI Gigabit Ethernet NIC BD BitTorrent cscpkt DB POPS cscpkt DB http rawpkt Options M Burst Mode no delay between packets V Loop Sending 100 loops zero for infinite loop M Ignore any file error Sending Information Please select a adapter and a packet file Click Play button to start Then click the Play button to start replay as figure below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 126 133 gi Colasoft Maximize Network Value 4 Colasoft Packet Player B Realtek RTLS168C 8111C PCLE Gigabit Ethernet NIC
102. etwork Value Diagnosis Layer S a RIF S Physical Address IP Address Api Layer 28 00 21 9B BC C7 61 139 2 69 DNS Server Slow Response 186 83 OO2L9OB BOC 205 188 83 18 amp HTTP Suspicious Conversation 623 00 21 98 BC C7 207 218 235 i HTTP Request Page Not Found d HTTP Server Slow Response Transport Layer i TCP Retransmission i TCP Slow Response i Br Bae oe Severity Type Layer Event Description Performance Application HTTP Server Slow Response From Packet 17 to Packet 23 311 ms Security Application non HTTP Traffic Packet Nurmber 95 Performance Application HTTP Server Slow Response From Packet 2372 to Packet 2375 384 ms Performance Application HTTP Server Slow Response From Packet 2376 to Packet 2378 291 ms Performance Application HTTP Server Slow Response From Packet 2394 to Packet 2596 308 ms Performance Application HTTP Server Slow Response From Packet 2397 to Packet 2398 516 ms Performance Application HTTP Server Slow Response From Packet 2410 to Packet 2418 562 ms Performance Application DNS server slow response Packet number ts 2422 Security Application non HTTP Traffic Packet Number 2464 Performance Application HTTP Server Slow Response From Packet 2500 to Packet 2502 274 Gf 6 Co Oooer ee The Diagnosis tab contains three panes 1 Diagnosis Layer 2 Diagnosis Address 3 Events Diagnosis Layer A diagn
103. etwork contains six columns e g IP Address MAC Address Host Name Workgroup Manufacturer and Compare Result Compare Result is to display the results of comparing new scanned result with the records in database MAC Scanner sums up all the records number and displays the number in status bar Scan Network view contains the following columns Column Description MAC Scanner automatically compares the scan results with the records in database and display comparison results in different Compare Result colors e Black Scan result accords with the record in database e Blue New IP address or MAC address scan result finds no same record in database e Red Scan result does not accord with the record in database MAC Scanner displays comparison result in detail You can double click the item to see the detailed result in a dialog 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 1197133 gt Colasoft Maximize Network Value Current Record IP Address 192 168 5 24 MAC Address FC Bs CD Records not matched with database 1 IP Address 192 168 5 24 MAC Address FC B4 CD Toolbar The following table lists all items on toolbar i ies isk aaa a ae rea a Export Selected Exports the selected item s of the sc
104. ffic History Chart bps Packet Buffer 16 MB pshboard Summary Diagnosis Physical Endpoint IP Endpoint Physical Conversation TCP Conversation UDP Conversation 1 4 gt Sej p oompa JPG bs e Fall Analysis Protocok 12 me Bytes Packets Bytes Per Bits Per S Pack Bytes Packets Bytes Per Second Packets Per Secon r Peeereeenere BOT Ethernet IG G LT 370 96Bps 768 bps 9113 79 399 100 000 100 000 amp T P E D o e 0 Bps 0 bps 59 80 42 704 0 000 0 000 ae 0 Bps 0 bps 49 66 30 258 0 000 0 000 4 047 KB 0 Bps 0 bps 5 969 4 936 0 000 0 000 2 829 KB 0 Bps 0 bps 4 172 7 511 0 000 0 000 E E 20 879 KB 0 Bps 0 bps 30 79 36 052 0 000 TE UDP 2 372 B 3 0 Bps 0 bps 0 0 536 0 644 w T ICMP 1 B T ARP E 5 123 KB 0 Bps 0 bps 7 556 19 099 0 000 a Dest Unreach aT P6 604 B 0 Bps 0 bps 0 870 0 858 0 000 0 000 amp T P6 1 GT Ethernet 302 2 306 B 0 Bps 0 bps 0 441 0 644 0 000 0 000 wT IPX 306 B 0 Bps 0 bps 0 441 0 644 0 000 0 000 a IP Endpoint B T Ethernet 802 2 1 E Gy 9 Ee Bel ae S E Physical Explorer 3 r GB Local Segment 27 bani l m Bytes v no Bytes Feenu Pack x oie eas Interval Inte Bytes ainda lr g B Broadcast Addresses 1 Im 5 ior sont cates i ean ee AR FEFEFE CL I Gel Local Host S EG 300 23 026KB 134 27 187 KB 166 0B 118 1 24 GD Multicast Addresses 1 GP 00 21 98 BC C7 C6 2 9
105. find the machine in your network Display All Hidden Shows all the nodes that you hide them to User Hide Node pane Nodes Matrix Type There are four matrix types by default e Top 100 Physical Conversation e Top 100 Physical Node e Top 100 IPv4 Conversation e Top 100 IPv4 Node The Matrix Type pane contains the following parts e Toolbar e Matrix Type Properties Toolbar The following table lists all the icons on the toolbar New Matix Delete Matrix EFE New Matrix Click to create a new matrix type Modify Matrix Click to modify the properties of the selected matrix type Delete Matrix Click to delete the selected matrix type Matrix Type Properties The Matrix Type Properties dialog appears when you create a new matrix type or modify a matrix type It contains the following items 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 90 133 gs Colasoft Matrix Tab Maximize Network Value sical Conversation Multicast Broadcast Conversion Node Total Packets E Deseni O Ascending order Auto generates Matrix name on your options by default format Top Maximum Node Matrix Type aa Conversation Node Also you can enter any name you want to Maximum Sets the max node number of the Matrix
106. ft Packet Player do one of the following Click Packet Player in Tools tab of the Ribbon figure below Choose Start gt All Programs gt Colasoft Capsa 7 1 gt Capsa 7 0 Toolset gt Packet Player Choose Start gt Run enter pkitplayer and click OK Analysis System Tools KV Tool Ping Packet Packet MAC Settings Player Builder Scanner i J o Tools 5 The Colasoft Packet Player appears as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 122 133 gi Colasoft Maximize Network Value i Colasoft Packet Player _ B Realtek RTL8168C 8111C PCI E Gigabit Ethernet NIC DB BitTorrent cscpkt DB POPS cscpkt D http rawpkt Options Burst Mode no delay between packets E Loop Sending 1 loops zero for infinite loop Ignore any file error Sending Information Current File D BitTorrent cscpkt Packets Sent 133 Packet file playback stopped lt Colasoft Capsa Packet Analyzer You can find the following items in Colasoft Packet Player Adapter You need to select one adapter for sending packets for no adapter selected by default Click Select to open the Select Adapter dialog choose an adapter from the combo box The window under th
107. he Ribbon figure below bt 2 Custom Format Report Protocol Local Engine Settings Customize Protocol Customize Protocol is used to manage all pre specified protocols as well as your customized protocols Colasoft Capsa organizes them in clean order so that you can locate any protocol easily You can customize protocols and create rules to recognize new protocols in this window To open the Customize Protocol window do one of the following e Click the Customize Protocol icon on the top of the Start Page e Click the Customize Protocol icon in the System tab of the Ribbon e Click the Menu button choose Local Engine Settings gt Customize Protocol The Customize Protocol window shows as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners A9 133 gi Colasoft Maximize Network Value Select protocol type Ethernet II ane TCP Y Tunnel UDP T Echo T Common Management Information Protocol Ag T Common Management Information Protocol Man T Simple File Transfer Protocol T Route Access Protocol ST Resource Location Protocol T Remote Access Dail In User Service T RADIUS Accounting T RADIUS Dynamic Authorization Y SSL shell T Kerber
108. he list fring id T Pma T noes rewuan Ping Tool to ping the endoon sean T Secs aliomsinte ist OOS S meren rererere OOOO S Lower Pane There are two tabs in the lower pane e Packets Tab e Data Tab 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 86 133 olasoft UDP Conversation Tab Maximize Network Value These tabs help you go deeper to analyze the original data of the conversations Data Tab A UDP conversation contains many packets Colasoft Capsa reconstructs and decodes these packets into text content From this tab you can see the reconstructed data streams of the selected conversation The data streams of different directions can be distinguished by color e g blue is for endpoint 1 to endpoint 2 green is for endpoint 2 to endpoint 1 197 168 5 40 137 lt gt 192 168 5 255 137 Stream Ka 192 168 5 40 UDP port 137 192 168 5 255 UDP port 137 The Data tab contains the following parts e Toolbar e Context Menu You may get unreadable symbols because some data are segments or encrypted in transmission Toolbar The following table lists all the items on the toolbar Flow Direction Save NO N EARE Packet Limit Refresh Flow Direction Click to choose one of the three direction types
109. he original data of the conversations Data Flow Tab A TCP conversation contains many packets Colasoft Capsa organizes these packets in their correct orders and reconstructs these packets into a TCP flow The conversations of Web HTTP Email SMTP POP3 FTP and MSN etc can be reconstructed The data streams of different directions can be distinguished by colors e g blue is for endpoint 1 to endpoint 2 green is for endpoint 2 to endpoint 1 The Data Flow contains the following parts i Flow Time Seq LENCE 19 168 5 24 50005 lt gt 207 218 235 182 80 Stream 192 168 535 244 TCP port 50005 207 218 235 182 TCP port 60 1 WWW COlasoft com Connection keep alive User Agent Mozilla 5 0 Windows U Windows NI 6 1 en US AppleWebKit 532 0 KHTML like Gecko Chrome 3 0 195 38 Safari 532 0 Accept application xml application xhtml xml text html q 0 9 text plain oq 0 8 image png q 0 5 Accept Encoding gzip deflate sdch Cookie Internal ccess capsa2007 utmz 1 1261016522 1 1 utmesr direct utmecn direct utmemd none _csoot 1264390245863 cauid 4bl7794f4esced2cbh utma 1 733326784 1261018522 1264147614 1264390235 44 7 utmv 1 t20 t3ES20httptsaAt2rt Feolasoft comt 7F Accept Language en US en q 0 8 amp Accept Charset 150 88585 1 utt q 0 7T rq 0 3 HITP 1 1 200 OF Date Mon 25 Jan 2010 06 23 07 GHT Server Apache 1 3 41 Unix mod auth passthrough 1 8 mod log bytes 1 2 mod bwlimited 1 4 PHP
110. he report viewer can have a clear understanding of the percentage compilation You can click the TOP link to go back to the Report Index section Report Footer The Report End is at the page footer The specified author name See Report Settings will be displayed here Toolbar The buttons on the toolbar are listed in the following table 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 100 133 olasoft Alarm Explorer Window Maximize Network Value save As Saes te repor toile omat hin pafand imi options Opens Report Setings dialog customize pons reren ___ Clektoreheshtherepon O OOOO Report Item Select The Report Item Select dialog lists all available report items Only the items meaning to the selected node in the Node Explorer window display You can check the checkbox to enable a report item or uncheck one to make it invisible in the report Please select report items which will be showed Report Name Protocols Statistics Summary Statistics Top 10 Remote IP Address Top Application Protocols Top IF Address Top Physical Address Diagnosis Statistics Top Local IP Address Alarm Explorer Window Alarm Explorer Window provides real time popup alert when an alarm rule is triggered You also find trigg
111. ient analysis of main objects including physical addresses IP addresses traffics and every object s traffic Security Analysis To aim at safety analysis To analyze worms Trojans and attacks etc Read Managing Analysis Profiles to learn how to create or edit an analysis profile Read Start Page to learn how to use analysis profiles to start an analysis project Managing Analysis Profiles Analysis Profiles consist of different analysis modules Colasoft Capsa allows you to combine different analysis modules to create a new analysis profile Analysis Profile only provides statistics of the selected analysis modules Thus it reduce the total volume of 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 107 1332 Maximize Network Value gi Colasoft Analysis Profile the statistic items in the analysis project You will save your time in finding useful statistics among the statistic items You can conduct creating editing copying and deleting analysis profiles on the Start Page Right clicking an analysis profile you will see a context menu with the following items e New Click to create a new analysis profile e Duplicate Click to copy a duplication of the highlighted analysis profile e Edit Click to edit the highlighted analysi
112. ifferent sorts of operations in detail by analyzing the olasoft Maximize Network Value captured packets Colasoft Capsa automatically analyzes the commands in the captured packets and recognizes the application type If logging functionality is activated the commands and actions will be recorded to the corresponding log There are four types of logs are provided at present Viewing these logs will help you check if there is any unauthorized application operations on the network etc The Log tab is described below Log Dashboard MSN Log ae YAHOO Log Time 2010 05 10 09 32 34 2010 05 10 09 32 34 2010 05 10 09 32 34 2010 05 10 09 32 35 2010 05 10 09 52 33 2010 05 10 08 32 35 2010 05 10 08 33 22 2010 05 10 09 32 34 2010 05 10 09 32 34 4010 05 10 09 33 22 2010 05 10 08 32 34 2010 05 10 09 32 34 2010 05 10 09 33 15 2010 05 10 09 35 32 2010 05 10 09 36 59 2010 05 10 09 35 28 2010 05 10 09 37 38 2010 05 10 02 41 45 2010 05 10 08 39 42 The Log tab contains the following parts 197 Physical Endpoint 1 61 1392 59 192 168 6 12 192 168 6 12 61 139 2 69 19 168 6 12 192 168 6 12 61 139 2 69 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 192 168 6 12 61 139 2 69 192 168 6 12 IP Endpoint Physical Conversation TCP Cony COnN ONIE resource LIVIN ERESOUrCe css a Thr GP E sE PL Er
113. ile Options Maximize Network Value keep the packet buffer up to date e Discard new packets after analysis All new captured packets will be discarded after being analyzed and will not be saved to the packet buffer e Discard all old packets Colasoft Capsa will empty the packet buffer and then append new packets to it e Stop capture Stop the current capture Save to Disk This part has the following settings e Enable auto packet saving If checked Colasoft Capsa will automatically save packets to a single file or multiple split files as your configurations e Limit each packet to If enabled only the first configured number of bytes of a packet will be stored to the packet file e Single file All packets are saved to one file o File name Specifies a name for the packet file Click the folder selection button behind the textbox to open a dialog for defining a save path for the packet file e Multiple files Packets are saved to the files split by time or size To reduce the total size you may choose to only keep the most recent files o Save into folder Specifies a folder name and the save path for all files Click the folder selection button on the right to open a dialog for defining a save path for the folder o Prefix name The portion of a file name to the left of the period separator Colasoft Capsa allows very long file names Click the J button to view an example of the base file name o Split file every Chooses a rule
114. ion Protocols by Bytes e General Information sets the general information of the alarm Including name type object and value type e Counter sets the statistic item of the alarm and measurement of the alarm Different alarm object may have different statistics group e Event Condition Sets the trigger threshold of the alarm e Dismiss Condition Sets the threshold that under what condition this alarm will be dismissed e Top 10 Traffic Stat This functionality enabled the alarm will make statistics on the chosen top 10s Recording these top ten statistics are useful when the alarm triggered Different alarm object may have different traffic statistic items 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 105 133 gi Colasoft Alarm Explorer Window Maximize Network Value Edit Alarm To edit an alarm do any of the following ways e Click the Alarm Setting icon on the Analysis tab of the Ribbon to open the Network Profile dialog Select an alarm and then click the Properties button on the right side of the dialog e Double click an alarm item in the Alarm List of the Alarm Explorer window to open the Network Profile dialog Then follow the steps of the fist way e Click the Property icon on the toolbar of the Alarm Explorer window
115. is list to open it The sub menu Print contains the following items Command Shortcut Description Paint Serings __ Configures printer functions nthe Print Setup dog fPrntPreview Proewe The sub menu Local Engine Settings contains the following items Command Shortcut Description Customize Protocol Configures ana customizes tne network protocois Foma J dts the playfomat O Reon T Configures the web page contents ofthe Repor The sub menu Resource contains the following items Command Shortcut Description Colasoft Home Page fF Opens Colasoft home page Network Analysis Forum Opens the technical forum where you can get help and learn more skills on network analysis Message History isd Opens the Message History Management dialog The sub menu Product contains F following items Command Shortcut Description License o Renews your license key a e Enters license key and activates Colasoft Capsa Register Registers at Colasoft official website to get timely customer services and product information About Opens the About dialog where you can find the version copyright and license information of the product Node Explorer Window The Node Explorer window is on the left side which allows you to navigate through the hierarchy structure from a root to a specific node to get analysis statistics from global to one selected node 2010 Colasoft All rights reserved Colasoft the
116. k Export to save selected packets or all packets to your machine Now only cscpkt format files is supported Add packets There are two ways to create a packet Add and Insert The difference between these two ways is the new added packet s position in the Packet List The new packet will be listed as the last packet in the list if added whilethe new packet will be listed after the current packet if inserted Click Add or Insert the Add Packet dialog appears as follows There are two options in this dialog e Select Template To create a packet you need to specify the packet type by selecting the name from the Select Template combo box first The templates contain several kinds of common used packet Ethernet Packet ARP Packet IP Packet TCP Packet and UDP Packet e Delta Time Then defines the delta time for the new packet Delta time means the length of time between the new packet and the last packet in the Packet List 100 millisecond in default If you are inserting a packet the delta time means the length of time between the current packet If there are no packets in the Packet List this feature will not be enabled The supported import file formats are listed below e Colasoft Capsa 5 0 Packet File cscpkt e Colasoft Capsa 5 0 Raw Packet File rawpkt e Colasoft Capsa 7 0 Packet File cscpkt e Accellnt 5Views Packet File 5vw e EthePeek Packet File V7 pkt e EthePeek Packet File V9
117. k Profile gt d Maximize Network Value Network Profile Management Network Profilel Network Group Name Table Alarms The General Settings contains the following items e Profile Name The name of the current network profile e Profile Description The short description of the current network profile used to identification e Bandwidth The correct bandwidth of the network segment The bandwidth is very important It is the benchmark of calculating the network utilization Network Group You can open the Network Group of the Network Profile dialog through the following e On Start Page Double click a network profile in the Network Profile section to open the Profile Management dialog You will find Network Group Settings on this dialog e in an analysis project Click the General icon on the Network Profile group of the Analysis tab of the Ribbon figure below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners B77 102 Pr Colasoft Network Profile b d Maximize Network Value General Network Name Alarm Group Table Settings Network Profile General Name Table Alarms 192 168 58 0 24 Enter IP address IF range or IP mask of the group One per Enable Country Group line 192 168 58 0 24
118. ked Colasoft Capsa will remember the window size of the last time you run the program Disable windows from suspending during capture The power option schema in your system control panel will be ignored You cannot standby or hibernate your system without stop Capsa from capturing Disable list smooth scrolling Instant scrolling will be enabled in effect if you check this option Show Save Packet when exiting program Checked the program will pop up a dialog to remind you to save the packets in the buffer Show Online Resource window on Startup Checked the Online Resource window will be displayed on the right side of the project which receives official resource from Colasoft Capsa Default Click it to reset all settings in this pane 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 56 133 Pr Colasoft DELY 1 Ko BE E b d Maximize Network Value Decoder Settings In this pane you will find all predefined decoding modules of Colasoft Capsa All docoders are modularized and you can decide to enable a decoder or enable one in this page By default all decoders are enabled General Settings Protocol Decoder HTTP Colasoft HTTP Decoder FTP Colasoft FTP Decoder SMTP Colasoft SMTP Decoder POPS Colasoft POP3 Decoder
119. ks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 10 133 gs Colasoft Installation and Deployment Maximize Network Value Internet Li Router er N Single Colasoft Capsa Network Analyzer port Tap L2 Switch m aE a ore L2 Switch Workstation Servers Application Servers Proxy server In small network a proxy server is a reliable choice to deploy an network Under this circumstance you can install Colasoft Capsa directly on the proxy server Internet Port Mirroring Switch is a network exchange facility operating at the data link layer layer 2 and sometimes the network layer layer 3 of the OSI Reference Model Classified by working protocols there are two layer switch three layer switch four layer switch and multiple layer switch Switch also can be classified into managed switch and unmanaged switch Generally three layer switch and above has management function managed switch Unlike hubs switches prevent promiscuous sniffing In a switched network environment Colasoft Capsa or any other packet analyzer is limited to capturing packets only from the port the machine connected to and broadcast packets and multicast packets However most modern switches management switches support port mirroring which allows users to configure the switch to 2010 Colasoft All rights reserve
120. lies based on the selected item Locate in Node Locates the current node in the Explorer Explorer Ping Invokes the build in Ping Tool to ping the endpoints Send to Packet Sends the selected packets to the build in tool Packet Builder Builder Select Relative Highlights the related packets by source destination source and destination conversation or Packets protocol Hide Selected Hides the highlighted packets Packets Hide Unselected Hides all the packets in the list except the highlighted ones Packets Unhide All Packets Shows all hidden packets back to list Select All Selects all items in the list Refresh o Refreshes the current list Field Decode Pane 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 94 133 Colasoft Matrix Tab Maximize Network Value eee Packet Info L Packet Number 152 893 gP Packet Length 341 E Captured Length 337 Le Timestamp 2009 12 03 16 20 20 471289 Y Ethernet Type II 0 14 By Destination Address RE ES EAs2R Shenzhen Tp link Tech 0 6 E Source Address eo 68 90 50 Sony 6 6 i oxogo0 Internet IP IPv4 12 2 E IP Internet Protocol 14 20 Lu Version 4 14 1 oOxFo ig Header Length 5 20 Bytes 14 1 Ox0F H 6 BSF aooo onoo 15 1
121. lowing parts e Toolbar Toolbar The following table lists all the items on the toolbar Sequence Number Click to switch display relative or absolute sequence number Type Relative sequence number will display the number of the first packet as 0 and recaculate the following packet sequence number based on it Refresh o Click to refresh the tab or set the refresh options Packet Counter Shows the number of packets in the conversation Still you can read Data Flow to get more help on TCP conversation analysis UDP Conversation Tab The UDP Conversation tab provides you with all UDP conversation statistics Each single conversation record has its source IP address source port destination IP address destination port packets sent and received packet sizes and communication duration 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 84 133 gs Colasoft UDP Conversation Tab Maximize Network Value etc This tab contains the following components ndpeoint Physical Conversation TCP Conversation UDP Conversation Ma a 2 Endpoint 1 gt lt Endpoint 2 Dura Bytes Bytes gt Bytes Packets Packets gt Packets Ta ai 259 259 2990 00 08 55 11 789KB 11 789 KB
122. ly popup which contains the domain name and response time The response time in the annotation will be a range of time when your mouse cursor puts on the grid while it will be a time if your mouse cursor puts on the grid line Ping Options Users can custom own parameters of the Ping command Click Optionsj in the Options menu to open the dialog and modify the listed parameters The below figure is the parameter setting by default 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 1157133 gx Colasoft Maximize Network Value Packet Time To Live The Ping Options has the following settings e Packet Size Sets the size of ICMP packet when execute Ping command The packet size range from 1 to 1024 bytes e Packet Time To Live Indicates how many more hops this packet should be allowed to make before being discarded or returned range from 1 to 255 e Ping Timeout The amount of time to allow for a response from the peer equipment range from 100 to 2000 millisecond e Delay Between PINGs The interval time between two pings range from 100 to 10000 millisecond e Address transmitted The amount of host or domain resolution range from 1 to 5 e Poll Interval The refresh interval of graph range from 100 to 5000 e Load Default Clicks
123. n the United States and or other countries All other trademarks are property of their respective owners 99 133 gi Colasoft Using Filters Maximize Network Value The Filter flow chart refreshes when you make any change on the left pane and shows how the packets are processed when Colasoft Capsa captures them Packets match Accept condition will be accepted and passed on to the next stage packets match Reject condition will be dropped Buttons You can find the following buttons on the bottom of this dialog All buttons are described below e Add Click to add a new filter e Modify Click to open the Packet Filter dialog to edit the selected filter s conditions e Delete Click to delete the selected filter e Import Click to reload saved filters in an cscpfit file into the project When an filter file imported all the filters in the list will be replaced e Export Click to save all the filters in the list to an cscpfit file e Reset Default Click to reset the filter list All the filters you created will be lost and the filters modified be reset as well Simple Filters The Simple Filter tab allows you to create simple filters by address port and or protocol in a single filter When multiple parameters set they are connected by logical And statements That is packets must match all of the conditions of the filter to pass on to the next step 2010 Colasoft All rights reserved Colasoft the Colasoft logo Ca
124. nd measure The options are described below Precision after decimal The display precision of a number You can customize the decimal places though the thousandth in default Precision behind percentage decimal The display precision of a percentage You can customize the decimal places though the thousandth in default Byte measure By default Colasoft Capsa displays packets sizes and the traffic in an appropriate byte unit such as B KB MB GB or TB Which unit is selected depends on how large each packet or the current traffic is Users can define the unit from the combo box Byte measure By default Colasoft Capsa displays packets sizes and the traffic in an appropriate byte unit such as B KB MB GB or TB Which unit is selected depends on how large each packet or the current traffic is Users can define the unit from the combo box Bit measure By default Colasoft Capsa displays packets sizes and the traffic in an appropriate bit unit such as b kb Mb Gb or Tb Which unit is selected depends on how large each packet or the current traffic is Users can define the unit from the combo box Byte second measure Rate at which bits of information are transmitted Colasoft Capsa displays the rate of information in an appropriate unit such as Bps 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the comp
125. nd or other countries All other trademarks are property of their respective owners oie aie gs Colasoft Network Profile k og Maximize Network Value General Network Name Alarm Group Table Settings Network Profile The Network Profile dialog contains the following items e General Settings e Network Group e Name Table e Alarm Settings Context Menu Right clicking a network profile you will see a context menu containing the following items e New Click to create a new network profile e Edit Click to modify the highlighted network profile e Duplicate Click to copy a duplication of the highlighted network profile e Delete Click to delete the highlighted network profile General Settings You can open the General of the Network Profile dialog through the following e On Start Page Double click a network profile in the Network Profile section to open the Profile Management dialog You will see the General Settings on this dialog e in an analysis project Click the General icon on the Network Profile group of the Analysis tab of the Ribbon figure below Network Profile The General tab appears as follows 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 36 133 Pr Colasoft Networ
126. nd ports in your network You are allowed to select an item and click the Add to Name Table button in toolbar or right click the item and choose Add to Name Table to add any IP address MAC address and port number to Name Table in any of the Node Explorer window and tabs in the Main View The Add to Name Table dialog appears and you enter some letters or words to define the address port a label that you would like it to be displayed other than number Add to NameTable 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 40 133 Pr Colasoft Network Profile b d Maximize Network Value Add to NameTable Alarm Settings The Alarm Settings allows you to manage all the alarms that you created You can open the Alarm settings in the Network Profile dialog through the following ways e On Start Page Double click a network profile in the Network Profile section to open the Profile Management dialog You will find Alarm Settings on this dialog e in an analysis project o On Ribbon Click the Alarm icon on the Network Profile group of the Analysis tab of the Ribbon figure below o Inthe Alarm Explorer window Double click an alarm item or click T on the toolbar
127. nner e Packet Player Click to launch Colasoft Packet Player e Packet Builder Click to launch Colasoft Packet Builder The Tools tab shows as follows Tool Ping Packet Packet MAC Settings Player Builder Scanner Tools Tool Settings In addition to the four tools referred previous users can customize to add other Windows applications and tools into Colasoft Capsa with the External Tools Management You can not only invoke but also execute the added applications and tools via Colasoft Capsa To open External Tools Management dialog click Tool Settings in Tools tab of the Ribbon Analysis ee Tools Tool Ping Packet Packet MAC Settings Player Builder Scanner fo Tools The External Tools Management dialog appears 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 109 133 guColas oft Maximize Network Value External Tools Management 7 Ping Packet Player Packet Builder MAC Scanner New Tool 1 You can click New to attach new tools Delete to delete your selected Tool in Left pane And also you can rearrange the listed items order by Move up and Move Down To demonstrate you can follow the steps below to attach the Tracert command of Windows into Colasoft Capsa 1
128. nodes by switching among the Node Explorer window idpoint IP Endpoint Physical Conve IP Conversation TCP Conversation UDP Conversation Matrix Packet Log Report Node Count 43 Top100 Physical Conversation Global Analysis 3700 01 00 072 a iia a a i a URS URS LAL Ly Jser Hidden nodes 2 20001 00 03 0 21 85 FC B4 80 Ot 00 5E 7 RFR FA neta CE ma E ae a pe Pi a 00 50 56 Fe 25 F1 i a a Mj miam i eTa WT a Ta i a ni i a M is a L 1 ik ifii F i i L L nE i E You will find the following components in this tab 1 Matrix View 2 Matrix Type 3 User Hidden Nodes 4 Invisible Nodes Matrix View gs Colasoft Matrix Tab Maximize Network Value The Matrix View contains the following parts e Toolbar e The Matrix e Context Menu Toolbar The following table lists all the components on the toolbar Matrix Type Options 4 4 Select Matrix Ay cs Gi Pa Text Size Refresh Matrix Type Click the little triangle to choose a matrix type in the list Simply click the button will hide the Matrix Type pane and click it again to bring it back Click to set the display font size of the nodes in the matrix Options Click to set color of the nodes lines and background customize the number of max nodes Refresh Click to refresh the matrix or set the refresh options Matrix Node Shows the number of endpoints in the list Counter The Matrix Move you
129. not match the settings in the Display Options pane The number in the bracket on the Invisible Nodes pane head shows the number of invisible nodes Packet Tab The Packet tab displays captured packets and provides packet decoding information This page describes all components in this tab and how to view a packet and its decode information how to find related packets and how to change the layout of this tab idpoint IP Endpoint Physical Conversation TCP Conversation UDP Conversation Matrix Pac cet Log Report ab ala s Blairi g g alas Global Analysis Packets 2 417 No Absolute Time Delta Time Source Destination Frotocol Sze Decode Summary Si 1 14 22 59 700725 00 21 98 B 01 80 C2 00 00 00 STP 64 E 2 14 23 01 017856 1 317131 192 168 5 255 255 255 255 1004 UDP 93 rc 1004 Dst 1004 Lenz 3 14 25 01 700875 0 683019 00 21 9B B 01 80 C2 00 00 00 STP 64 4 14 23 2 512960 0 812085 00 19 E0 7 FF FF FRSA FP ARP 54 B Who is 192 1 5 14 25 035 701005 1 188045 O0 21 96 B 01 80 C2 00 00 00 STP b4 6 14 23 04 401463 0 700458 00 21 9B B 01 80 C2 00 00 0E Ethernet 64 Yo 14 23 04 556319 0 154856 192 168 5 61 139 2 69 55 DNS 86 C Q imgl cache neteas 8 14 23 04 568271 0 011902 1927 168 5 61 139 2 69 53 DNS 79 C Q imgcache gg com 9 14 25 04 570162 0 001941 192168 5 61 139 2 69 55 DNS 86 C Q img4 cache neteas 10 14 23 04 571184 0 001027 197 168 5 61 139
130. of the IP conversations statistics to disk as a txt format file Statistics Make Filter Opens a new dialog to make a new filter on the basis of the selection Address Resolve Resolves the both host names of your selected statistic item Add to Name Table Add an alias for the selected node to the Name Table Make Graph Generates a graph in the Dashboard tab based on the selected item Make Alarm Generates an alarm item based on the selected item Locate in Node Explorer Locates one of the IP addresses of the selected conversation in the Node Explorer window 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 79 133 TCP Conversation Tab a Colasoft Maximize Network Value Ping Invokes the build in Ping Tool to ping the endpoints Send Packet to Packet Sends the selected packets to the build in tool Packet Builder Builder Relating Tabs There are two tabs in the lower pane TCP Conversation and UDP Conversation Your selection in the Node Explorer window and the selection in the protocol list will be like filters to get more small items in the bottom tabs These tabs will save your time and clicks to find the statistics you need Read the TCP Conversation and UDP Conversation to learn detailed descriptions of these tabs
131. oft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 271 133 amie Network kae gColasoft Using Filters Select Network Ada pter Network Adapter List IP Address Speed Packs Byt PPS bps Utilization 6 006 KB Local Area Connection 2 1000 0 Mbps Utilization of the selected adapter Colasoft Capsa supports Ethernet Card and multiple adapters You can analyze and monitor network from more than one adapters The Select Network Adapter dialog contains the following two parts e Network Adapter List Colasoft Capsa identifies all adapters in your machine and reads information Name IP address and speed etc of all adapters Also it counts and works out packet number byte pps bps and utilization of the selected adapter e Utilization of the selected adapter On selecting an adapter the Utilization of the selected adapter graph refreshes every second to display the adapter s traffic utilization Move mouse over the pane you can check the adapter s traffic to help to understand the traffic trend and peak Using Filters If no filter created Colasoft Capsa will capture and analyze all the packets transmitting through your adapter Thus a filter is an important way to filter out those packets you are not interested in A filter enabled Colasoft Capsa will
132. ons Advanced filters let you set precise parameters so that Colasoft Capsa can almost capture any packet you need For example you can create advanced filters as follows e Value e Size e Pattern Network Profile Network Profile is designed to store general properties of different networks Different network segments may have their own environment Colasoft Capsa lets you save the most common used properties e g bandwidth network structure name table and alarms When you installed Colasoft Capsa on a laptop and need to move it between different network segments you are recommended to save the network properties in a network profile and recall the profile when you come to the network again You can open the Network Profile dialog through the following e On Start Page Double click or right click a network profile and choose Add Edit or Duplicate in the context menu in the Network Profile section to open the Network Profile Management dialog which collects all the saved network profiles You can use the buttons on the right side of the Network Profile Management dialog to add a new edit the selected network profile and delete the selected network profile e in an analysis project Click any icon on the Network Profile group of the Analysis tab of the Ribbon figure below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States a
133. opy of the SOFTWARE PRODUCT may only be used for purposes of demonstration the SOFTWARE PRODUCT s resources With an NFR version of the SOFTWARE PRODUCT you may not make or distribute additional copies Demo Version If the SOFTWARE PRODUCT is marked as a demonstration version for the final user DEMO you must buy a legal license and delete all copies of the demo version after expiring the time limit The demo version may be distributed freely by any kind of MEDIA Internet server BBS etc as long as no changes are made and package content is not changed 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 7 193 Maximize Network Value gs Colasoft Installation and Deployment Limitation on Use You may not permit other individuals to use the SOFTWARE PRODUCT except under the terms listed above modify translate reverse engineer decompile decrypt extract disassemble or create derivative works based on the SOFTWARE PRODUCT copy the SOFTWARE PRODUCT other than as specified in Software Usage section of this License sell rent lease grant a security interest in or otherwise transfer rights to the SOFTWARE PRODUCT or alter or remove any proprietary notices or labels on the SOFTWARE PRODUCT LICENSEE warrants that it will not use or redis
134. ork Value EF Colasoft MAC Scanner IP Address 192 168 5 2 i 192 168 5 3 W 19216854 19216855 W 192 168 5 6 W 19216858 J 19216857 192 168 510 192 168 5 11 i 192 168 5 13 i 19216851 i 192 168 5 14 W 192 168 5 15 e Add to Namelable with Compare Result New IP address and MAC address New IP address and MAC address New IP address and MAC address WORKGROUP New IP address and MAC address Mew IP address and MAC address New IP address and MAC address New IP address and MAC address New IP address and MAAC address WORKGROUP MSHOME OFFICE Mew IP address and MAC address WORKGROUP Mew IP address and MAC address Mew IF address and MAC address New IP address and MAC address New IP address and MAC address i 192168517 i 192 168 5 20 i 192 168 5 4 WORKGROUP New IP address and MAC address WORKGROUP WORKGROUP New IP address and MAC address Mew IP address and MAC address New IP address and MAAC address New IP address and MAC address New IP address and MAC address L I 1 d L i TE T L EI T7 oO 7 r iL L E T rr Ser Ses kr or or kr kr kr Jer rr G 1 3 3 t t r i 192 168 5 56 192 168 5 101 192 168 5100 Export all records to file T E ao 3 Scan N
135. orresponding tab introduction to learn how to use these tabs 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 70 133 Physical Endpoint Tab gx Colasoft Maximize Network Value Physical Endpoint Tab Endpoints are all the objects communicating in the network Colasoft Capsa divides all nodes by physical address and IP address This tab provides a great number of statistics on physical endpoints to help you find useful information on MAC addresses For example you can find the physical endpoints with the largest traffic and with that to check if there is any broadcast storm or multicast storm in network This tab contains the following components SET s ee Global Analysis Physical Endpoint 343 Mame Packets Interval Bytes Interval Packets Broadcast Bytes Broadcast Packets EP Local Segment 147 824 3 440 MB 71 685 0B 0 3 a EY 00 1 23 59 32 CA i 17 242 0B 0 T 00 0F FE 01 227C B 23 983 1 464 MB E be 00 21 9B BC c7 c6 fj 3 567 08 BB 1921680183 ff 0 963 MB 1 651 a 0B bo lll 207 218 235 182 25 523 KB 57 0B oo BA 220 181 9 15 21 782 KB 114 s 0B oo lif 65 55 50 99 16 305 KB 202 0B oo olf 64 12 26 89 11 640 KB 110 0B oo a 192 168 5 1 5 625 KB 90 0B 3 592
136. os T Time T Host Name Server T Login Host Protocol T XNS Time Protocol T Remote Inh Entry G p Local Engine Settings CMIP Agent CMIP Mlan ot TP RAP RLP Radius Radius acct Radius dynauth SShell Kerberos Time Nameserver Tacacs xns tme RIF ae 37 42 49 52 Built in Built in Built in Built in Built in Built in Built in Built in Built in Built in Built in Built in Built in Rusilt n Protocol List You can click any of the column headers to rearrange the protocols in descending order or in ascending order You can double click a protocol item to customize it You are not allowed to modify the color of the pre specified protocols Display Filter There are two protocol filters on the top for you to locate a certain type of protocol e Select protocol Displays the selected type of protocol in the list and hide the rest e g Ethernet Il IP TCP and UDP e Filter display Displays the protocols by their status e g All Protocols Built in Protocols Customized Protocols and Modified Protocols Buttons e Add Click to create a new rule to recognize a new protocol e Modify Click to edit a highlighted protocol item e Delete Click to delete a highlighted protocol item e Import Click to read the protocol list from an cscpro file e Export Click to save the protocol list to an cscpro file e Default Click to reset the protocol list All your create items will be deleted and buildin
137. osis event occurred it is organized to its corresponding network layer Choose one event item other three panes refresh to show statistics and information to it The Diagnosis Addresses pane lists out all the IP addresses and Physical Addresses that relating to the selected diagnosis event Click Only Instance only the events with records will be listed Click again to bring them back All events are grouped into protocol layers or security levels Protocol Layers are Application Transport Network and Data Link layer Security levels are listed in the table below 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 65 133 gs Colasoft DIET LONI am Fle Maximize Network Value Information Indicates a normal message no corrective action is required etc Indicates normal but significant conditions may require special handling Warming Indicates an error condition that requires attention and should be addressed soon Critical Requires immediate intervention by administrators to prevent serious problem to the Severity Level Icon Description network Different analysis profiles may have different items in Diagnosis Events List for more details see Application Layer Transport Layer Network Layer and Data Link Layer
138. otocols by Bytes X Global Packet Size Distribution by Bytes 224 375 KB 117 160 KB 0 B The Dashboard tab contains the following components Toolbar By default there are five graphs provided Graphs take a lot of space and too many graphs in a single page will make the tab very crowded and hard to view Therefore Colasoft Capsa allows you to organize graphs in different tabs to get a better view New Tab Remove Tab NON EEr Fara Rename Tab Refresh e New Tab Click to create a new graph tab e Rename Tab Click to give the selected graph tab a new name e Remove Tab Click to delete the selected graph tab 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 58 133 Maximize Network Value gs Colasoft Dashboard Tab e Reset Default Click to reset the Dashboard tab Be careful of click this button that all of your created graphs in the Dashboard will be deleted Context Menu The pop up menu contains the following items e Pause Refresh Click to pause graph refresh e 3D View Click to display the graph in 3D style e Legend Box Click to set legend display options e Line Chart Click to display the graph in line style e Bar Chart Click to display the graph in bar style e Pie Chart Click to display th
139. profile to lock down problems in real time Colasoft Capsa 7 1 2 adopts new user interface style of Microsoft Office 2007 which intends to display analysis statistics in a more simple straight and graphical style The new organized statistics tabs will really help shorten network engineers time spent on finding useful information to diagnose the network New Dashboard tab gives you enough choices to customize and create almost any kind of statistics graphs you want Based on the second generation Colasoft Packet Analysis Engine CSPAE platform Colasoft Capsa 7 1 2 ehhances its performance in large traffic network No matter in 100M or 1000M network Colasoft Capsa provides you with efficient and complete network analysis solution With the help of Colasoft Capsa you can easily accomplish the following tasks e Network traffic analysis e Network communication monitoring e Network problems diagnosis e Network security analysis e Network performance detecting e Network protocol analysis Colasoft Capsa analyzes your network from the lowest level and all the way up to the application level so that it finds out all the problems of your network Colasoft Capsa cooperation with other network management tools will maximize your network value New Features Adopts the latest 2007 Microsoft Office Ul Template and displays statistics in a clearer and graphical style Analysis Guiding Guides you to start an analysis project on Start Page in new steps
140. protocols will be reset You should be careful of clicking this button 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 50 133 gs Colasoft Local Engine Settings Maximize Network Value You cannot delete any built in protocols The Add New Protocol dialog and the Modify Protocol dialog are as following figures Display Format The Display Format pane lets you customize the format of decimals and measures You can define the formats for data display including decimal places of normal number decimal places of percentage byte format bit format bytes per second format and bits per second format 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 51 133 gi Colasoft Local Engine Settings Maximize Network Value Local Engine Settings PDisply Format splay Format Report Settings Precision after decimal Precision behind percentage decimal Byte measure Bit measure Byte second measure Bit seco
141. psa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 30 133 gi Colasoft Using Filters Maximize Network Value 00 00 00 00 00 00 Port Rule Port 1 You can also see the defined simple filter in Advanced Filter tab In order to capture precise packets you can define packet transmit direction address 1 gt address 2 address 2 gt address 1 and address 1 lt gt address 2 in IP address rule MAC address rule and port rule Simple filter lets you combine freely among address port and protocol and define filter name and filter color for your customized attentions Filter Conditions You can use three types of conditions to create a filter e Address e Port e Protocol Address filter You can set an address filter by physical address IP address IP range and IP subnet To define an address filter check the checkbox of Address filter first select an address type from the upper combo box of Address1 then input an address into the lower combo box or select from the Name Table Click the icon to get references if you are not familiar with address formats The combo box of Direction is for you to specify the send receive relationship between the two addresses You should select Both directions to match all packets going in either direction between address 1 and address 2 otherwise you could ins
142. pter selected by default Click Select to open the Select Adapter dialog choose an adapter from the combo box The window under the combo box will display the detailed information of the selected adapter Realtek RTL8168C 8111C PCI E Gigabit Ethernet NIC 00 21 85 FC B3 CD 1000 0 Mbps 1500 bytes 192 168 5 24 255 255 255 0 192 168 5 1 Operational Burst Mode Check this option Colasoft Packet Builder will send packets one after another without intermission If you want to send packet as the original delta time please do not check this option Loop Sending Defines the repeated times of the sending execution one time in default Please enter zero if you want to keep sending packets until pause or stop it manually Delay Between Loops Appoints the interval between every loop if you defined the loop times more than one Colasoft Packet Builder will send without interval between every loop by default The pane below shows the Sending Information when you start to send packets 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 132 133 gi Colasoft Maximize Network Value Adapter Realtek RTL8168C 8111C PCI Gigabit Ethernet NIC Burst Mode no delay between packets Loop Sending loops zero for infinite loop
143. pture If necessary you are recommended to save the packets in buffer to your hard disk before you make any change in Select Network Adapter dialog Filter Shows the filter information Accept means the number of the Accept checkboxes you checked in the Filter dialog The same as Reject You can click it to open the Filter dialog to set filters See Using Filters for details Duration Shows how long the current project has been initiated Accepted amp Dropped Packets Accepted number means Colasoft Capsa has accepted those packets and analyzed them Dropped number means those packets are failed to meet the filter criteria and are not analyzed by the program Button and Menu Tips Mouse moved over a button of the Ribbon or item in the Menu the tip of the focused item shows in the status bar By default it shows Ready here 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 96 133 Maximize Network Value gs Colasoft Choosing Network Adapter Analysis Project 1 Full Analysis Colasoft Capsa 7 1 View T i ate M K Stat Stop General Network Name Alarm Analysis Packet Log Diagnosis 1 E 1 Group Table Settings Object Storage Settings Settings Capture Network Profile Analysis Profile Utilization 0 pps 1 Tra
144. r mouse over a node the lines that connecting a node to other nodes that communicated with it will be highlighted and bolded A tip box shows the statistics of this node The matrix view helps you to get information on e All nodes in network communication e All conversations in network communication e Nodes communicating with a physical address e Nodes communicating with an IP address e Node address of a conversation If too many node showing in a matrix you can e Hide other nodes e Drag nodes to a clear place Context Menu There are two types of Context Menus e Right click any empty place e Right click on a node The following table lists all the items in the Context Menus Sets the display font size of the nodes in the matrix Option Sets color of the nodes lines and background customize the number of max nodes 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 89 133 gs Colasoft Matrix Tab Maximize Network Value Show Packet in New Sends the packets relating to the selected node to a new packet decode window Window Rearrange Nodes Rearranges the position of nodes Hides some nodes to concentrate on important nodes Resolve Name Resolves the host name of your selected item With the resolved name you can easily
145. rks are property of their respective owners 12 133 gs Colasoft Installation and Deployment Maximize Network Value machine Click Next to continue or Cancel to exit setup 2 Read the License Agreement carefully in the next screen to learn our terms and conditions concerning possession and use of Colasoft Capsa You must accept the terms of the license agreement to continue the installation The screen presents the important information from the ReadMe file 4 Select Destination Location screen It suggests the default location to install Colasoft Capsa You may click Browse to choose another installation location Space requirement display on the bottom of the dialog make sure you have enough space for the installation Click Next to continue 5 Select Start Menu Folder screen Click the Browse button to designate an alternate start menu folder Click Next to continue 6 Select Additional Tasks screen Create a Desktop Icon and Create a Quick Icon are checked by default Uncheck any checkbox if you do not want to create the icon Click Next to continue 7 Now you are Ready to Install Colasoft Capsa on your machine Click Install to start installation or click Back to change your settings 8 When installation is complete the completing screen appears Click Finish to close the setup wizard Colasoft Capsa will be started if you checked Launch Program If no change on default create desktop icon and shortcut icon check boxes
146. s Object Storage Settings Settings Capture l Network Profile Analysis Profile Utilization 0 pps 4 Traffic History Chart bps Packet Buffer 16 MB e Analysis Contains commonly used commands and statistics for the current project e System Contains all the Local Engine Settings commands and product information e Tools Contains all the integrated and external tools and tool settings e View Contains commands of hide and show windows and display format of IP address and MAC address You also find the Help icon on the top right corner of the ribbon You can click it to open help document to learn how to use the program You can use the mouse scroll wheel to navigate from one tab to another when the mouse pointer is over the Ribbon Analysis Tab The Analysis tab contains the following groups e Capture Click the Start Capture icon to start capture packets and click the Stop Capture icon to stop capture packets e Replay Click the File icon to open the Packet File Management dialog to manage the files to be replayed e Network Profile Click to open the Network Profile Management window e Profile Options Click to open the Analysis Profile Options window e Dials o Utilization 0 Shows network utilization per second in percentage form as a analog dial and digits pps Shows the number of captured packets as a analog dial and digits e Traffic History Chart bps Refreshes every second to display the total traffic utilization
147. s in the list choose them and press Delete Key to delete them Bust Mode Checks this option Colasoft Packet Builder will send packets one after another without intermission If you want to send packet as the original delta time please do not check this option Loop Sending Defines the repeated times of the sending execution one time in default Please enter zero if you want to keep sending packets until pause or stop it manually Delay Between Loops Appoints the interval between every loop if you defined the loop times more than one Colasoft Packet 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 1247133 gi Colasoft Maximize Network Value Builder will send without interval between every loop in default Ignore any file error The Packet player will skip the file error in any packet file and keep playing Current File Displays the file name with file path that is sending Packets Sent Shows the number of packets have been sent successfully Colasoft Packet Builder will display the the packets sent unsuccessfully too if there is a packet did not sent out Status Displays tips or status of your actions Progress The process bar simply presents an overview of the sending process you are engaged in at the moment Replay Pack
148. s profile e Delete Click to delete the highlighted analysis profile Analysis Profile Settings The New Analysis Profile Settings dialog appears as follows New Analysis Profile Analysts Profile 1 Name Description ARP RARP Analysis ARP RARP Protocol DNS Analysis DNS Protocol Email Analysis SMTP POP3 Protocol FIP Analysis FTP Protocol HTTP Analysis HTTP Protocol ICMP y4 Analysis ICMPv4 Protocol It contains five parts e Name Enter a name for the new analysis profile e Description Input text to distinguish the analysis profile from others e Profile Icon Click the Change button to select an image for the analysis profile e Analysis Module Check the analysis modules that you want to use in the analysis profile e Buttons Click Next to open the Analysis Profile Options window and click Cancel to close the dialog 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 108 133 gi Colasoft Maximize Network Value Tools The Tools tab of the Ribbon contains the tools settings and invoking commands This tab has the following icons e Tool Settings Click to open the External Tools Management dialog to manage the external tools e Ping Click to launch Colasoft Ping Tool e MAC Scanner Click to launch Colasoft MAC Sca
149. s the detail information of the alarm Status Information The Status Information pane displays properties of your selected alarm in detail Top 10 statistics displays in this pane if you enabled Top 10 statistics of the selected alarm 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 102 133 Maximize Network Value g Colasoft Alarm Explorer Window Status Information Details Statistics Infomation Statistics Object Global Statistics Group Packet Size Distribu Statistics Counter gt 1518 Statistics Unit Packets Statistics Type Second Value Condition Infomation Enter Conditions gt 1 Duration 1 Seco Lifting Conditions Last one infomation Triggle Time 2010 01 26 10 39 10 Lifting Time 5 Duration Time Pas Fa You can click to collapse an information group Toolbar The toolbar is on the top of the Alarm Explorer window It is described as follows Add Alarm Show Alarm Instance Property iB id Ay ay Show Switching Dismissed Alarm The toolbar contains the following icons Add Alarm Click to open the Make Alarm dialog to create a new alarm Show Switching Click to switch layout between hierarchical and tiled style Show Alarm Instance Click to display triggered alarms only
150. scanned results including IP address MAC address Host Name and Manufacture in the list It will group all IP addresses according to MAC address if a MAC address configured multiple IP addresses The scanned results can be exported into txt file for future reference Database View Database View saves your scan result to database which is used by Scan Network View to inform you the discrepancies if any when you execute another scan later on MAC Scanner Scan Network Setting Users can custom own scan process by clicking the Setting button to open the Setting dialog You can custom the subsequent threads ranging from 1 to 100 It will take more time to finish the scan operation if the subsequent thread is more less 1 Colasoft MAC Scanner will scan all address one after another 10 Colasoft MAC Scanner will generate 10 threads and each will scan 25 addresses synchronously Default scan threads number is 20 Start Scan Next step after setting scan threads number is to click Local Subnet combobox to select a subnet segment item Click Start to execute scanning You may click Pause to pause or Stop to stop in a scan process 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 118 133 aae olasoft Maximize Netw
151. sis of the selection Make Graph Generates a graph in the Dashboard tab based on the selected item Make Alarm Generates an alarm item based on the selected item 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 72 133 gi Colasoft IP Endpoint Tab Maximize Network Value Add to Name Table Add an alias for the selected node to the Name Table Address Resolve Resolves the host name of your selected address item Relating Tabs Only Physical Conversation tab displays on the lower pane when any node in Protocol Explorer root and Physical Explorer root selected in the Node Explorer window Read the Physical Conversation to learn how to use this tab IP Endpoint Tab Endpoints are all the objects communicating in the network Colasoft Capsa divides all nodes by physical address and IP address This tab provides a great number of statistics on IP endpoints to help you find useful information on IP addresses This tab contains the following components 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 7a 120 IP Endpoint Tab a Cola
152. soft Maximize Network Value Dashboard Physical Endpoiny PP Endpoint a Eye i Ea a Lar Name a Packets Interval Bytes IP Count TCP Conversation Bytes H 192 168 0 0 16 5 006 MB 29 707 4 233 ME 80 38 34 509 E E 10 0 0 0 8 EE 3725MeB 28 010 2 394 MB 131 1 25676 a EP Multicast Addresses E i666MB 13431 0B 6 0 11488 Administratively Scoped Block J 1 067 MB 3 428 OB 1 0 f 354 lS Local Network Control Block 139 KB 10 003 0B 5 0 4133 2 Broadcast Addresses 471 860 KB 2271 0B 1 0 3176 ER 255 255 255 255 471 860 KB 2 271 a 5 0 3176 a 2 Internet Addresses 303 426 KB 2 250 90 293 KB 20 25 20B amp Japan 176 074 KB 1 530 90 293 KB 6 0 1185 g United States 66 038 KB 445 0B 7 12 0445 a N A 33 047 KB 120 0EB 1 0 0 222 lf China 28 267 KB 155 0B 6 13 O Link Local 25 313 KB 270 25 313 KB 2 0 o Or TCP Conversation Pupp Conversation bales ech 1 gt lt icicle 2 Duration Bytes Bytes gt lt Bytes Packets Packets gt lt Packets 10 10 0 240 239 255 255 250 00 34 45 529 775 KB 529 775 KB 0 B 1 560 1 560 192 168 5 222 239 255 255 250 00 34 45 529 775 KB 529 775 KB 0 B 1 560 1 560 192 168 1 12 192 168 1 255 00 34 46 444 877 KE 444 877 KB OB 2776 2 716 192 168 0 61 192 168 0 55 00 34 43 393 779 KB 393 779 KB OB 2 490 2 490 10 251 8 252 224 0 0 18 00 34 43 393 750 KB 393 750 KB OB 6 720 6 720 192 168 0 61 192 168 0 50 00 34 43 270 820 KE 270 820 KB O
153. start an analysis You can click wa on the right side to read tips and introduction of each setting part If you just want to analyze some specific packets on the network you should use packet filters You can click Packet Filter Settings to open the Filter dialog to configure filters Read Using Filters for more details Start a Capture Follow these steps to start an analysis capture 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in 16 133 the United States and or other countries All other trademarks are property of their respective owners gx Colasoft Analysis Mode Maximize Network Value 1 Analysis Mode section o To analyze packets from network adapters select the Capture analysis mode and select at least one network adapter in the list If you need more information about the adapters Read Capture to know more about this analysis mode o To analyze packets from packet files select the Replay analysis mode and click the Add button to add packet files to be analyzed or click Remove to delete the selected packet file from the list or click Clear All to remove all packet files in the list Read Replay to know more about this analysis mode 2 Network Profile section Select a network profile that meets the network environment Read Network Profile for more details about this section 3 Analysis Profile section Read the
154. t 4 697 145 1354 THE PLAWET car4 Dallasi Level3 net 4 71 122 2 Colasoft Ping Tool is a powerful graphic ping tool it supports ping multiple IP addresses at the same time and compares response time in a graphic chart To start Colasoft Ping Tool do one of the followings Click the Ping icon in Tools tab of the Ribbon figure below Choose Start gt All Programs gt Colasoft Capsa 7 1 gt Capsa 7 0 Toolset gt Ping Tool Choose Start gt Run enter cping and click OK ce a wa A A A A The Colasoft Ping Tool window appears gi Colasoft Maximize Network Value Colasoft Ping Tool a Colasoft Capsa li T g F i u Packet Analyzer Colasoft Capsa is very intelligent to let you ping either one single IP address domain name or multiple IP addresses domain names Enter IP addresses or domain names multiple items be separated by comma click Start Ping to start Ping a single domain name 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 113 133 Maximize Network Value gi Colasoft ae i B NA TEON way E 41 a lt J File A i i UN E Iae E 7 www colasoft com Colasoft Ping Tool SA www colasoft com PP A yg Pays AA ei A aa PETE
155. tead match only 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners ai 22 gi Colasoft Using Filters Maximize Network Value traffic going from address 1 to address 2 or match only traffic going the other direction Similar as Address1 you must select an address type and enter a valid address in Address2 or simply choose Any Address You can select an address from the Name Table for both Address1 and Address2 by clicking the L icon Below is an example of address filter Please input address value as Address Format below ae Address format 1 physical address og 2 IPv4 address g g g 00 00 00 00 00 g 3 IPv4 range g 4 IPv4 subnet 0 0 0 0 0 0 0 0 of 0 0 0 0 0 H 00 0 0 0 0 0 0 0 Port filter To define a port filter check the Port filter checkbox select a port type and input parameters with correct format in Port 1 Notice that if you select multiple ports the ports you enter must be separated with semicolon Other settings are similar as the Address filter section Please input port value as Address Format below 1 Single port 2 Port range 3 Muolti porta Protocol Filter To define a protocol filter check the Protocol filter checkbox click the Select button to open
156. til you done Make Alarm A node selected and this icon clickable click it or right click the node and choose Make Alarm to open a dialog to create an alarm based on the node Successful created a prompt box shows up to tell that the alarm created successfully click OK to close it Main View Colasoft Capsa provides a wide variety of statistics through tabs in Main View each focusing on different missions The table below collects all 14 tabs and one window in analysis projects Please note that different analysis profiles may have different tabs in the Main View Dashboard The Dashboard tab provides a wide variety of useful graphs and charts of the statistics in line area and bar form You can easily get graphical statistics result from the whole network to a specific node This tab allows you to create graphs on your need Summary Associated with your selection in Explorer the Summary tab provides general statistic information on the selected node Diagnosis The Diagnosis tab presents the real time diagnosis events of global network by groups of protocol layers or security levels Colasoft Capsa diagnoses your network with the captured packets and lists all diagnosis events in severity levels Protocol The Protocols tab displays the recorded protocols used in network transactions The pane under the protocol list offers the packet and conversation details if you select a protocol You can view the packet in the Packet pane in a ne
157. tion IP Conversation TCP Conversation UDP Conversation TCP DNS rile Refresh This tab refreshes every ten seconds by default You can click the refresh icon on the top left corner of this tab to refresh or to set refresh options You can either choose Manual Refresh or set an automatic refresh time Statistic Items By selection a node in Node Explorer window the Summary tab refreshes automatically Different selections result in different Statistic items The ae Sea Gai RecA table lists all the statistic items you will see in the aia E tab tem Description Abnormal Abnormal Causes ss s s Alarm Statistics on the number of the three types Anomalies occurred check the Alarm Explorer of triggered alarms window for details Traffic Statistics on throughput of total broadcast Over 50 of total traffic utilization network and multicast traffic of a node or the whole may be overloaded network Over 20 of broadcast or multicast traffic utilization broadcast multicast storm and 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 63 133 gi Colasoft DIET LONI am Fle Maximize Network Value Packet Size Statistics on the packet sizes of captured Large portion of traffic at lt 64 or gt 1518 fragment Distribution
158. to check if the FTP transmission is working in order or if there is any FTP attack uploading or downloading file to from a host Records all HTTP activities including Client Address Server Address Request URL Method Status Code and Server Response Look into these records you can easily get web browsing activities records from a specific user to the whole network and check if there is any web attack via port 80 Records MSN communications in your network You can read the messages in plain text and login and logout MSN Lo status records Yahoo Records YAHOO communications in your network You can read the messages in plain text and login and Messenger Log logout status records Not every analysis project has all of the five log tyoes What log types you have in an analysis project depend on what analysis modules selected Every analysis project however has the Global Log If you have a certain Log Type in the Log tab but without any record in it you should check if the certain logging functionality enabled See Log Settings Toolbar and Context Menu This page describes the toolbar and the context menu of the Log tab Toolbar 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners O77 132 gt Colasoft Maximize Network
159. tribute the SOFTWARE PRODUCT for such purposes Disclaimer THE SOFTWARE PRODUCT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE IN NO EVENT WILL COLASOFT BE LIABLE TO YOU FOR ANY DAMAGES INCLUDING INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THE SOFTWARE PRODUCT EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES YOU ACKNOWLEDGE THAT YOU HAVE READ THIS LICENSE UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS Governing Law This Agreement will be governed by the laws of the People s Republic of China Distribution The DEMO version of the SOFTWARE PRODUCT may be distributed freely in its original unmodified and unregistered form The distribution must include all files of its original distribution Distributors may not charge any money for distributing this version Anyone distributing the SOFTWARE PRODUCT for any kind of remuneration must first contact us for authorization Colasoft does not grant you the right to give away sell license or otherwise distribute the full version or Not For Resale copies of the SOFTWARE PRODUCT Installation and Deployment Installation Environment Colasoft Capsa is professional in monitoring and analyzing intranet packets and packets from internet even packets crossing VLAN Colasoft Capsa only need to be installed on the management machine but other managed clients
160. ttom line to install and run Colasoft Capsa normally it would be better if your system has a higher configuration especially in a busy or big network Minimum requirements e P42 8GHz CPU e 2GB RAM e Internet Explorer 6 0 Recommended requirements e Intel Core Duo 2 4GHz CPU e 4GB RAM or more e Internet Explorer 6 0 or higher Supported Windows Operating Systems e Windows XP SP1 or later and 64bit Edition e Windows Server 2003 and 64bit Edition e Windows Vista and 64bit Edition e Windows 2008 and 64bit Edition e Windows 7 and 64bit Edition Installation and Uninstallation Before Installation 1 Carefully read Installation Environment and check if your network topology is fit for Colasoft Capsa working environment 2 Carefully read System Requirements and make sure your machine meets the minimum requirements at least 3 Close all running applications on your machine 4 Uninstall any earlier or trial versions of Colasoft Capsa on your machine You can skip the unistallation step Colasoft Capsa will automatically check the older versions and ask you to uninstall them in the installation wizard Installation 1 Double click the installation file Welcome screen appears telling you that Colasoft Capsa will be installed on your 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other tradema
161. type of the current node is broadcast address and 3 Internet address Internet Address Grouping IP addresses are grouped by countries in the node Internet Addresses of IP Explorer Buttons 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 23 133 gx Colasoft Main User Interface Maximize Network Value The Node Explorer window has the following buttons figure below e Add to Name Table e Add to Filter e Make Graph e Make Alarm Add to Name Table A node selected and this icon clickable click it or right click the node and choose Add to Name Table to open a dialog to add an alias of the node into the Name Table Add to Filter A node selected and this icon clickable click it or right click the node and choose Generate Filter to open a dialog to create a filter based on the node Make Graph A node selected and this icon clickable click this icon or right click a node and choose Make Graph to open a dialog to create a graph based on the node Click OK in the Make Graph dialog a prompt box appears to ask if you would like to see this graph Click YES you will be redirected to the created graph in Graph tab If you need to create another graph click NO to continue to create graphs and click YES to show them un
162. u can choose to create a graph based on the selected node 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 67133 Maximize Network Value gx Colasoft License Agreement License Agreement Colasoft Capsa End User License Agreement Copyright c 2001 2010 Colasoft Co Ltd All rights reserved THIS LICENSE AGREEMENT SHALL ONLY APPLY TO COUNTRIES AND REGIONS OTHER THAN THE MAINLAND CHINA This License Agreement is a legal contract between you either as an individual or as an entity and Colasoft Co Ltd COLASOFT for the Colasoft Capsa and related add ons SOFTWARE PRODUCT You should carefully read the following terms and conditions before using the Software Product Installation or use of the SOFTWARE PRODUCT indicates your acceptance of this License Agreement Copyright The SOFTWARE PRODUCT and Documentation are copyrighted by COLASOFT and are protected by international copyright laws The SOFTWARE PRODUCT contains copyrighted software of COLASOFT All rights reserved You agree not to remove any trademarks or copyright notices from the SOFTWARE PRODUCT and Documentation License Types 1 Single Seat License A Single Seat License grants you the right to install and use the SOFTWARE PRODUCT on one single computer and provide access for
163. w window by double clicking a packet 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 24 133 gt Colasoft Main User Interface Maximize Network Value Physical Endpoint IP Endpoint Physical Conversation IP Conversation TCP Conversation UDP Conversation Alarm Explorer Window Status Bar The Physical Endpoint tab display statistics of all MAC addresses that communicating in the network You can easily find out the nodes with top biggest traffic volumes and with that to check if there is any broadcast storm or multicast storm in you network The IP Endpoint tab display statistics of all IP addresses that communicating in the network You can easily find out the nodes with top biggest traffic volumes and with that to check if there is any broadcast storm or multicast storm in you network The Physical Conversation tab dynamically presents the real time status of physical conversations between the two nodes the lower pane on the bottom of this tab offers the related IP conversation TCP conversation and UDP conversation that help you drill down to analyze the conversations The IP Conversation tab dynamically presents the real time status of IP conversations between the two nodes the lower pane on the bottom of this tab offers th
164. y Packet Files You can find three buttons on the right side of this section e Add Click and choose a packet file from the file selection dialog To replay multiple packet file Packet replaying orders depend on the time stamp of the first packet of the packet files instead of file listing order in packet file list e Remove Click to remove the highlighted packet file name from the list e Clear All Click to clear the packet file list Replay Speed You can replay the packets in the files into the program at the following two kinds of speed e Replay Replay packets according their original delta time e g a file saved 20 minutes of packets will take 20 minutes to replay back into the program 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 18 133 Pr Colasoft Main User Interface b d Maximize Network Value e Quick Replay Replay packets without delta time intermission You can visit Start Page to read how to start a Replay analysis project Main User Interface Ribbon In an analysis project you can find four tabs in the Ribbon The tabs are described below Analysis lysis System Tools View BY re BsIA RU AN Adapter Filter Start Stop General Network Name Alarm Analysis Packet Log Diagnosis Group Table Setting
165. y one second then fades away The corresponding alarm bubble on the right side of the Status Bar starts flashing when an alarm triggered Creating and Editing Alarms Colasoft Capsa allows you create new alarms from any node in the Node Explorer window and any item in all tabs of the Main View A great many of options and thresholds enable you create useful and powerful alarms You can also open Top 10 statistics in an alarm This page describes the following topics e Make anew alarm e Edit an alarm Make Alarm To open the Make Alarm dialog do any of the following ways e In Node Explorer window click 4 on the toolbar or right click a node to open the context menu and then choose Make Alarm e In Main View Right click an item to open the context menu then choose Make Alarm if clickable The Make Alarm dialog has the following parts 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 104 133 gx Colasoft Alarm Explorer Window Maximize Network Value When and last seconds then dismiss Top10 Traffic Statistics Top 10 IF Address by Packets Top 10 IP Address by Bytes Top 10 Physical Address by Packets Top 10 Physical Address by Bytes Top 10 Application Protocols by Packets Top 10 Applicat
166. you will see an icon on the desktop and one in Quick Start Uninstallation To open Colasoft Capsa Uninstallation dialog do one of the following e To uninstall Colasoft Capsa choose Start gt All Programs gt Colasoft Capsa 7 1 gt Uninstall Colasoft Capsa 7 1 e Open the Control Panel gt double click Add Remove Programs icon the Add Remove Programs window appears gt find Colasoft Capsa 7 1 2 in the list and click Remove The Uninstallation dialog appears Follow these steps to uninstall Colasoft Capsa 1 If you want to completely remove Colasoft Capsa 7 1 2 and all of its components from your machine click YES to continue or click NO to quit uninstallation 2 Ifyou want to delete the license information click YES or click NO to remain license information on your machine to continue You are recommended to click NO to keep license information on your machine in case you want to install Colasoft Capsa on your computer again 3 If you want to delete your customized alias in Name Table and filters in Colasoft Capsa click YES or NO to remain them on your machine to continue 4 To finish uninstallation click YES to restart your machine Privacy Statement The Colasoft Product Activation is an anti piracy technology designed to verify that the software products have been legitimately licensed When you activate Colasoft Capsa over the Internet you are not required to send any personal information to Colasoft the product activation
167. ystem Options Maximize Network Value Decoder Settings Always maximize the window when starting the program Disable windows from suspending during capture Disable list smooth scrolling Show Save Packet when exiting program Show online resource Window on Startup The following table lists all four items in the left pane of the System Options dialog Item Description General Settings General settings for window size windows suspending and display etc Decoder Settings All pre specified decoders are listed here which are designed modularity You can decide to enable or disable whichever decoder to meet your specific need All decoders are enabled by default You can read the detailed description of each item via links above General Settings You can configure the listed settings below in the right pane 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 55 133 gi Colasoft System Options Maximize Network Value Decoder Settings Always maximize the window when starting the program Disable windows from suspending during capture Disable list smooth scrolling Show Save Packet when exiting program Show online resource Window on Startup Always maximize the window when starting the program If unchec
168. ze Network Value Recent Packet Files F New Ctril N BitTorrent cscpkt Export Packets 2 Capsa_2010 2 21 10 24 7 rawpkt Capsa_ 2010 2 21 10 27 4 rawpkt ee Print Capsa_ 2010 2 21 10 27 30 rawpkt Capsa_2010 2 1 15 11 29 rawpkt os Local Engine Settings F 2010 01 28 10 28 06 cscpkt er Capsa_ 2010 2 1 12 43 16 rawpkt Resource Capsa_ 2010 2 1 11 33 53 rawpkt A Product gt mge iz Clase There are three quick access icons beside the Menu button DEH e New Project Click to create a new instance of the program e Close Project Click to close current project and go back to the Start Page e Export Packets Click to save all packets in the buffer to disk The Items of the Menu Command Shortcut Description Beon paxes T oreto save althe packets nthe bulrtodsk Print isthe art page or sets print contguratons Local Engine Customize the protocols display format and report settings Settings Resource fF Offers product information and resources 2010 Colasoft All rights reserved Colasoft the Colasoft logo Capsa are among the trademarks or registered trademarks of the company in the United States and or other countries All other trademarks are property of their respective owners 91 133 aN Colasoft Main User Interface Maximize Network Value Recent Files A list of recently opened packet files with the most recently opened listed first You can select a file from th
Download Pdf Manuals
Related Search