Wednesday, December 17, 2008

Detailed explanation about the filter settings of Colasoft Capsa



Advantages to set filter before using a network packet sniffer:

First of all, we should confirm what kind of data we need before start capturing data, so as to set the filter settings to capture the specific data packet in a short time, while all the data packets will be captured without this step.

About the filter settings in detail:

Take Colasoft Capsa for example, I’ll show you the process of the filter setting.
1. On the toolbar in the main software interface, Open the “Project Settings” by clicking the “Filter”:


2. The default setting on this page is “No filter, accept all packets.” We have to choose “Add” to add new filter. There are two options under “Add” – “New…” & “From Filter Tale…”. “New…” means add a new filter; “From Filter Table” means to add the condition from the default filter list in the system. As shown in the following figure:


3. This is a default protocol filter list in the system. We can add the protocol or protocol assemble that we need here to capture the related packets. If we choose “Add”→ “New…”, it is shown as the following figure:



4. Add new filter is divided into 2 ways: “Simple Filter” & “Advanced Filter”. In the upper figure we can see that there are 3 filter ways in the simple filter: Address Filter, Port Filter, Protocol Filter: (they are relatively simple)


5. What we should focus on is the “Advanced Filter”. Click “Advanced Filter”, it shows:


Advanced Filter supply 3 logical relationship “And”, ”Or”, “Not” to assemble the different added conditions, and, In the drop-down menu:”And” & “Or” supplying 6 filter conditions:



e.g. If we want to set a filter that capture all the hosts who are using MSN messenger and Yahoo messenger in a network (192.168.1.10—192.168.1.16), we can set the filter as follows:


e.g. If you want to set filter of the packet value, packet size, or packet pattern, you can set the filter according to the condition of the packet decoding. For example, if we want to capture all the Synchronous Connection TCP packets, we can set filter as follows:


After we know, During the TCP decoding process, the length of the flag is 1 byte, the offset value in the packet is 47, mask is 0x02, binary value is 10, then we can capture all the synchronous packets in the network according to the upper filter set.

Conclusion:

In short, the settings of filter is flexible. We can capture the specific packets in a short time according to the filter setting, in order to carry out fixed-point analysis.


About Capsa

Capsa is packet sniffer software designed for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.

About Colasoft

Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com

Sunday, November 23, 2008

Find Out The Host Causing Network Congestion In Local Subnet.


About the Network Congestion

In data networking and queuing theory, network congestion occurs when a link or node is carrying so much data that its quality of service deteriorates. The majority of network congestion happens in the local subnet as un-identified IP causing a huge instantaneous traffic.


Symptom & Influence
Typical effects include queuing delay, packet loss or the blocking of new connections. A consequence of these latter two is that incremental increases in offered load lead either only to small increase in network throughput, or to an actual reduction in network throughput.

Network protocols which use aggressive retransmissions to compensate for packet loss tend to keep systems in a state of network congestion even after the initial load has been reduced to a level which would not normally have induced network congestion. Thus, networks using these protocols can exhibit two stable states under the same level of load. The stable state with low throughput is known as congestive collapse.

Solution
Modern networks use congestion control and network congestion avoidance techniques to try to avoid congestion collapse. These include: exponential backoff in protocols such as 802.11's CSMA/CA and the original Ethernet, window reduction in TCP, and fair queuing in devices such as routers.


The most common phenomenon of the network congestion is abnormal traffic, and there are many reasons may cause the abnormal traffic, like BT download, P2P transmission, HTTP illegal access etc.

How to detect such host causing the abnormal traffic? The first step is to find out the host (IP address) which caused the largest traffic in the network.

  • With Colasoft Capsa, we can quickly detect the IP/Mac address of the host(s) which engrosses the largest traffic in local subnet.
1. Choose “Local Subnets” under “IP Explorer” in Node Browser;

2. Choose “Endpoints” on the right navigation bar.
It is automatically aligned according to the largest to smallest size of the total traffic each IP consumed. We can find the IP engrossed the largest traffic on the top of the Endpoints view intuitionistic.

  • How to locate the Mac Address via the IP address?
1. Right-click on the IP, and choose “Locate Explorer Node” in the drop-down menu;

2. Right-click on the navigation bar, and choose “Source Physical” in the drop-down menu. Then, you’ll get it.


And also, Capsa can help us find out more related network problems based on the traffic. Like the Bandwidth utilization, network rate, abnormal traffic etc. For more solution of network problems, please go to http://www.colasoft.com/capsa/network_solution.php

Conclusion
Network congestion is a very common phenomenon in the network, especially in local subnet. It makes great influence .to our normal works. What we can do is to find out these iffy hosts quickly once the congestion happens, locate its IP/Mac address, then give a best solution. Colasoft Capsa is a good choice in this aspect, and of course we need such a powerful network analyzer to monitor our network.

About Capsa
Capsa is packet sniffer software designed for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.


About Colasoft
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com

Monday, November 10, 2008

A freeware PC optimization tool --- CCleaner



CCleaner v2.13

- Added support for Firefox 3.1.
- Added right-click cleaning and analysis for individual items in the tree.
- Added icons to tree parent items.
- Added cleaning for Windows Error Reporting files.
- Added Include/Exclude list editing.
- Improved TypeLib registry cleaning.
- Fixed Index.dat bug that could cause a crash.
- Fixed bug with INI warning messages.
- Internal architecture improvements.
- Fixed minor GUI errors.


Over 200 million downloads!!!
CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! :)


Cleans the following


-Internet Explorer__Temporary files, URL history, cookies, Autocomplete form history, index.dat.


-Firefox__Temporary files, URL history, cookies, download history.


-Opera__Temporary files, URL history, cookies.


-Windows__Recycle Bin, Recent Documents, Temporary files and Log files.


-Registry cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... also comes with a comprehensive backup feature.


-Third-party applications
Removes temp files and recent file lists (MRUs) from many apps including Media Player, eMule, Kazaa, Google Toolbar, Netscape, MS Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more...


-100% Spyware FREE__This software does NOT contain any Spyware, Adware or Viruses.





Wednesday, November 5, 2008

Analyze Network Utilization Rate

Summary
Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Through monitoring network utilization, we can understand whether the network is busy, normal or idle. Capsa make it easy for us to monitor the network utilization, so as to find out the bottleneck and improve network performance.

What is Network Utilization?
Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. It indicates the bandwidth use in the network. While high network utilization indicates the network is busy, low network utilization indicates the network is idle. When network utilization exceeds the threshold under normal condition, it will cause low transmission speed, intermittence, request delay and so on.


Networks of different types or in different topology have different theoretical peek value under general conditions. However, this doesn't mean that the higher the network utilization is the better. We must make sure there is no packet loss when network utilization reaches a certain value. For a switched Ethernet, 50% network utilization can be considered as high efficiency. If using hub as core switch device in the network, the network utilization should be lower for the increasing collisions.

Through monitoring network utilization, we can understand whether the network is idle, normal or busy. It also helps us to set proper benchmark and troubleshoot network failures.

Monitor Network Utilization in "Summary" Tab
"Summary" is a view that provides general information of the entire network. In "Summary" we can get a quick view of the real-time network utilization and average network utilization

Monitor Network Utilization in "Graphs" Tab
If we want to get a trend chart of the network utilization, then we need to use the "Graphs" tab. "Graphs" view allows us view network utilization dynamically in different chart types.


Conclusion
By monitoring and analyzing network utilization with Capsa we can understand the performance of the entire network. Network utilization also plays an important role in benchmark setting and network troubleshooting.(Download Capsa now)

Monday, November 3, 2008

What is a Packet Sniffer?




A packet sniffer is a device or program that allows eavesdropping on traffic traveling between networked computers. The packet sniffer will capture data that is addressed to other machines, saving it for later analysis.

All information that travels across a network is sent in "packets." For example, when an email is sent from one computer to another, it is first broken up into smaller segments. Each segment has the destination address attached, the source address, and other information such as the number of packets and reassembly order. Once they arrive at the destination, the packet's headers and footers are stripped away, and the packets reconstituted.

In the example of the simplest network where computers share an Ethernet wire, all packets that travel between the various computers are "seen" by every computer on the network. A hub broadcasts every packet to every machine or node on the network, then a filter in each computer discards packets not addressed to it. A packet sniffer disables this filter to capture and analyze some or all packets traveling through the ethernet wire, depending on the sniffer's configuration. This is referred to as "promiscuous mode." Hence, if Ms. Wise on Computer A sends an email to Mr. Geek on Computer B, a packet sniffer set up on Computer D could passively capture their communication packets without either Ms. Wise or Mr. Geek knowing. This type of packet sniffer is very hard to detect because it generates no traffic of its own.

A slightly safer environment is a switched Ethernet network. Rather than a central hub that broadcasts all traffic on the network to all machines, the switch acts like a central switchboard. It receives packets directly from the originating computer, and sends them directly to the machine to which they are addressed. In this scenario, if Computer A sends an email to Computer B, and Computer D is in promiscuous mode, it still won't see the packets. Therefore, some people mistakenly assume a packet sniffer cannot be used on a switched network.

But there are ways to hack the switch protocol. A procedure called ARP poisoning basically fools the switch to substituting the machine with the packet sniffer for the destination machine. After capturing the data, the packets can be sent to the real destination. The other technique is to flood the switch with MAC (network) addresses so that the switch defaults into "failopen" mode. In this mode it starts behaving like a hub, transmitting all packets to all machines to make sure traffic gets through. Both ARP poisoning and MAC flooding generate traffic signatures that can be detected by packet sniffer detection programs.

A packet sniffer can also be used on the Internet to capture data traveling between computers. Internet packets often have very long distances to travel, passing through several routers that act like intermediate post offices. A packet sniffer might be installed at any point along the way. It could also be clandestinely installed on a server that acts as a gateway or collects vital personal information.

A packet sniffer is not just a hacker's tool. It can be used for network troubleshooting and other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive personal information that can lead to invasion of privacy, identity theft, and other serious eventualities.

The best defense against a packet sniffer is a good offense: encryption. When strong encryption is used, all packets are unreadable to any but the destination address, making packet sniffers useless. They can still capture packets, but the contents will be undecipherable. This illustrates why it is so important to use secure sites to send and receive personal information, such as name, address, passwords, and certainly any credit card information or other sensitive data. A website that uses encryption starts with https. Email can be made secure by encrypting with a program like PGP (Pretty Good Privacy), which comes with seamless plug-ins for all major email programs.

Free counter and web stats