How to Monitor Internet Traffic with protocol analyzer?

Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks.

In case we want to monitor internet traffic generated or is generating in LAN, here is a detailed process how we can do it with Colasoft protocol analyzer – Capsa.

Again we must make sure the protocol analyzer software is correctly implemented so we can capture all the traffic in LAN, if you don’t know how to do it, please make sure you read how to implement a protocol analyzer.

First let’s launch a new project with Colasoft protocol analyzer, then do some online activities, such as chatting, browsing a website, sending and receiving emails, downloading some files. All these activities will generate different kinds of internet traffic. We may keep the project running to continuously monitor internet traffic or stop the project to do some analysis.

To monitor internet traffic, we’d better first select the “Internet Addresses” in the “Explorer” on the left window:

We can see that all the internet addresses are listed by countries, to monitor internet traffic of a specific country, we just need click on it; If we want to monitor internet traffic of a specific IP address within one country, we need to expand the country node and select the IP address in it.

Also we can monitor internet traffic aggregated or internet traffic in real-time

To view what online activities have generated or are generating internet traffic, we need to use the “Protocols” Tab.

We can see there are protocols which separately stand for different internet activities:

HTTP – Website browsing

MSN – online chatting with Live Messenger

POP3 – Email

HTTPS - Website browsing via a secure link

QQ- online chatting with QQ

DNS – Domain Name System

About Capsa

Colasoft Capsa is a network analyzer (protocol analyzer or protocol analyzer) designed for network monitoring and troubleshooting. It performs packet capturing, network monitoring, protocol analyzing, packet decoding, and automatic diagnosing. By giving users insights into all of network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities. Learn more about Capsa, please visit http://www.colasoft.com/capsa/

How to Monitor http Traffic with protocol analyzer?

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. Its use for retrieving inter-linked resources led to the establishment of the World Wide Web.

In order to monitor http traffic, we will need a protocol analyzer (or a protocol analyzer) software. Here is a detail process how we can monitor http traffic in LAN with Colasoft protocol analyzer – Capsa.

Again let’s launch Colasoft protocol analyzer and start a new project. Don’t forget one thing, we have to deploy the protocol analyzer to the mirror port of the core switch in order to monitor all http traffic in LAN, if not, we can only monitor http traffic of our own computer.

Then let’s start browsing a website, for example, www.colasoft.com, to generate some http traffic. Now let’s get back to the protocol analyzer and see if there is http traffic. OK, we can see the protocol analyzer has already captured some http traffic in the “Protocols” Tab

We can see both the aggregated http traffic since start capturing and the real-time http traffic in this tab.

If we want to do a deeper analysis on http traffic, we will need to use the “Locate” function to locate http protocol in the Explorer to let the protocol analyzer display only the data that is http protocol. Right click on the protocol and select “Locate Explorer Node” in the pop-up menu.

If we want to know who are using http protocol and what they are actually browsing, we are going to use two tabs, the “Endpoints” Tab and “Logs” Tab.

Let’s see who are using http protocol:

And what they are actually browsing:

What Can Hackers Do with Packet Sniffer

What Can Hackers Do with a network sniffer?

A network sniffer in the wrong hands is a deadly weapon. A network sniffer is a real danger because it is a very powerful and difficult to detect tool

Security breaches of all kinds are reported all the time. Everyday we hear of hackers who managed to steal sensitive data, of people who become victims of identity theft, etc. Very often the breaches are so incredible that you wonder if hackers have supernatural powers. Well, hackers hardly have supernatural powers but they don't need them –supernatural powers are not necessary when a networklacks security and one has the right tools to break in.

Hackers Can Monitor Networks With a network sniffer

The tools hackers use to break into networks are more or less the same tools network admins use to monitor and maintain their network with. For example, network sniffers are among the tools hackers love most. A network sniffer captures packets and shows you their contents.This means that with the help of a network sniffer running somewhere into the network, hackers can monitor all the unencrypted traffic to and from this network.

This is really scary – just imagine a malicious hacker who knows all the secrets of your company. It gets even more dangerous for networks, where hubs (and not switches) are used because in this case a network sniffer can be installed on any computer and the hacker will monitor all the traffic in that segment, not only the traffic to and from the host. The good news is that hubs are almost out of use today and because of that hackers can do less damage with a network sniffer.

Hackers Can Obtain Passwords and Credit Card Numbers With a network sniffer

When a hacker uses a network sniffer to monitor your network, this is not nice but when he or she steals passwords, credit card numbers and other types of sensitive data, this is a real danger. Unencrypted passwords, credit card numbers and other sensitive data are an easy target for a hacker with a network sniffer.

In many of the cases of mass theft of credit card numbers and passwords happen because hackers use a network sniffer on an unencrypted network. For truth's sake, it is important to mention that even if all the traffic is encrypted, there are still many other ways to obtain sensitive data. But when the traffic over a network is not encrypted and nobody monitors the network for unauthorized network sniffers, sooner or later data will be stolen.

One of the greatest achievements for hackers with a network sniffer is to capture the administrator's password. When the administrator's password is transmitted over the network in an unencrypted form, this is an easy target for hackers. If hackers manage to intercept the admin password, they have the power to do everything they want to on your network – delete data, modify data, etc. So, do you see why hackers don't need supernatural powers but only the admin password?

5 Things Our IT Department had to skip

In last blog, we have talked about the 5 items our IT department must do even in the big recession, in addition to the things we can't do without, there are many more things we had to skip. We are not exactly happy to stop doing these things but desperate times cry for desperate measures and since these activities are something we can do without we had to either quit them, or drastically reduce them:

• No purchases of new hardware. Though it is not precise to say that we haven't bought a single piece of hardware in the last year, we have definitely cut hardware spendings. For the time being we do not plan to make major hardware purchases.

• Capital expenditures. Capital expenditures are another budget item we had to drastically shrink. We had schedules projects but the current economic situation made us have second thoughts and now capital expenditures are on hold.

• Software that is nice to have but we can do without it. Similarly to hardware and capital expenditures, some major software expenses had to be cut. Yes, there are many products, for instance accounting, HR, or ERP modules, which are great to have but we'll go for them when the economic outlook is less gloomy.

• Standardization. You know that IT people generally hate when they have to deal with bureaucracy and standardization, so if there is an item, we are happy to skip, this is standardization. More or less we skipped all standardization-related activities except those, that are related to regulations compliance. Standardization is put on hold, especially if it requires investment or other resources.

• No infrastructure upgrades. We are not exactly happy about this one but since there are more important items we can't skip, we had to significantly reduce the planned network upgrades. Some of the projects in this area are put on hold, while others are canceled.

It wasn't easy to decide what to skip and what to keep but when times are tough, it is not possible to pretend that everything is OK and go on as planned. We hope that we are right in our choices and time will show if we did wise choices or not.

James Ackland is Author of this article from www.Colasoft.com.

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use protocol analyzer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft protocol analyzer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.

Top 5 Items Our IT Department Must Do.

Even though it is a basic economic fact that recessions happen once or twice in a decade, when the economy is in a good shape, like it was a couple of years ago, people, including IT managers, tend to forget that the summer will be over and hard times will come soon. On the other hand, recessions might be bad but the current one is certainly worse than many of the ones before. Actually, this is the worst recession since the Great Depression in the 1930s and even the most optimistically-minded managers have really serious reasons to fear and be cautious.

We can't say that the recession took us by surprise but certainly we didn't expect it to be that fierce. However, recession or no recession, life must go on and if a company wants to make it, there are many things which can't be skipped. So, no matter that IT budgets are tight, there are items a company can't save on. Here are the top 5 items our IT department will not sacrifice:

1, Network security and security in general. Being in the network security business themselves, we know that network security and security in general is paramount and no matter how hard the economic situation might be, this is not an item to save on because the price is too high. Certainly, we are not buying the most expensive solutions, even though they are incredibly great but we also do not make compromises with the quality either.

2, Going green. Going green is also an item we can't skip. Green technology saves money and now this benefit is more important than ever. So, if we buy new IT stuff, we definitely go for the green items.

3, Compliance. Regulations compliance is another item we can't afford to skip, unless we really want to go out of business (and we don't). So, when there are steps in this direction to be taken, we do them – no way!

4, Training. Training is also important and even though our training budget has shrunk, we still try to keep our staff qualified.

5, Outsourcing. Outsourcing has been a successful strategy for our company at all times and now, when money issues start to surface, we are happy that outsourcing helps us cut cost with no sacrifice of quality.

Kevin Chou is Author of this article from www.Colasoft.com.

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use protocol analyzer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft protocol analyzer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.

How to Protect Your Network with protocol analyzer

A network sniffer (also called a network analyzer) can help you make your network more secure by identifying what's going on in it

Networks are large entities, even if they don't consist of thousands of machines. Large networks are especially vulnerable because they are a fruitful ground for attacks and hacking of all kinds. Even if a system administrator is a genius, he or she can't fight network security threats with bare hands.

Why Do You Need to Protect Your Network?

One of the major principles in network security is that a network is as secure as its weakest part is. In other words, it makes no sense to invest tons of money and spend many hours to secure some of the parts of a network, when there are small vulnerabilities that can be easily abused.

With networks small vulnerabilities are very common and even though one can never be sure that his or her network is secure, when no efforts in that direction are made, it is as sure as hell that this network is at risk. That is why it is absolutely clear that nobody can afford to leave a network unprotected. Fortunately, there are many tools, which help to protect a network and protocol analyzers are one of them.

How a protocol analyzer Can Protect Your Network?

protocol analyzers (or network analyzers, as they are also called) can be one of the best tools you can use to protect your network. There are many types of network threats and there is no universal tool that can help you protect your network against all of them, so if you expect that a packet sniffer can safeguard your network against all kinds of threats, this is not so but it is a fact that a protocol analyzer can help you against many threats, both internal and external.

A protocol analyzer captures all the packets which go to and from your network and shows you their contents. While a protocol analyzer is helpless against encrypted traffic, with unencrypted traffic a protocol analyzer is an indispensable tool. When you have the chance to know what's going on in your network, you can easily spot the activities, which shouldn't be taking place.

For instance, if somebody is downloading files with BitTorrent, or is generating any other kind of substantial traffic, a protocol analyzer, such as Colasoft protocol analyzer, will display this immediately and you will know that you should take the adequate measures to stop it. Actually, a protocol analyzer allows to monitor all incoming and outgoing traffic and keep logs of this, so even if you don't react immediately when suspicious traffic occurs, all the traffic is logged and you can view it later.

Depending on the features of the protocol analyzer you have selected, you will have different options to protect your network. Some of the protocol analyzers with a rich feature set, for instance Colasoft protocol analyzer, offers a lot in terms of traffic monitoring. Generally, even the protocol analyzers with less features allow to monitor suspicious activity at least from a given host or protocol.

One of the cases when protocol analyzers don't offer much help is with encrypted traffic. This is a technical limitation and even though protocol analyzers can intercept encrypted packets, they can't break the encryption and show the actual content of the packet. However, when you are monitoring a network and you notice that there is unauthorized encrypted traffic (for instance from a given host), this should ring a bell that something not nice is probably going on and you should take the adequate measures to investigate what exactly is happening.

How-to-sniff-all-images-of-a-webpage.

In case we want to sniff all images of a webpage, here is a detailed process how we can do it with Colasoft Packet Sniffer’s "Logs" feature. I will take the CNN.com home page as an example.

Step 1. Open Log Settings

Log settings allows us to set up some conditions or exceptions whether or not record some logs in the Logs tab. If we want to display just images in the Logs tab, we must enable the HTTP Log conditions.



Step 2. Enable Http Log Conditions

We must tick before Conditions to enable it



Step 3. Input "Image" into Content Type

On the right hand, lets’ input the content type in order to filter contents



Here is an explanation of Content Type



Step 4. "OK" to Activate the Setting

Now we’ve done with the Log Settings, let’s see whether we can sniff all images of CNN.com index page. First of all, let’s start capturing with Colasoft Packet Sniffer, then let’s input the URL into the address bar and start browsing.

Results start showing in the Logs Tab – Http Request Option, we can see all results are in image formats. We have successfully sniffed all the images on this webpage.



To view the image, we can click on the record, and it will be shown in a browser.

The hottest Protocol Analyzer of IT administrators

Overview
Not so hard for a freshman.
Auto diagnosis.
Real time capture.
If it's cheaper, I will definitely buy it!
After using Colasoft protocol analyzer, I found 3 features of this product:

a.supports the real-time capturing and monitoring
b.excellent capability of protocol analyzing (approximately 300 types) and packet decoding
c.Well, the most exciting part is the automatic expert diagnosing! That really saves so much money and time for me,and I do not worry about the solution of failure again!

Cost and performance are in desired level .

What It Is and What It Can Do

Colasoft protocol analyzer is an expert protocol analyzer designed for packet decoding and network diagnosis; it monitors the network traffic transmitted over a local host and a local network, with the ability of real time packet capture and accurate data analysis. Colasoft protocol analyzer makes your network operations completely transparent before you, letting you isolate and troubleshoot network problems quickly and efficiently. The flexible and intuitive user interface lets either IT professionals or novice users skilfully handle it in a few moments.

Easily understand how to use this protocol analyzer with samples provided with the Tool. Sample packets helps me a lot for my first time deployment by avoiding contacting the Technical Support during my initial days of using this tool.

For a Small Business Enterprise, This tool’s network diagnosis helps me to detect slow network and upgraded speed for better utilization.

I prefer this for a Medium Business Enterprise as troubleshooting network issues is simply superb.

For Medium and a Large Business Enterprises, Security is an issue .This protocol analyzer enhances Network Security by monitoring the network with Logs. As every packet is recorded and analyzed, loopholes can easily detect.

For every organization, security is a major concern. By using this tool Monitoring of Email Contents and Monitoring IMs, Chats is easy. Every information in Messegers, chats, HTTP Requests is logged .

Can easily find where the problem from the Packet Analysis without letting the user to report about his huge traffic.

For Internet Service Provider, this is very very useful tool. ISPs have problems of Server down issues due to huge traffics. By diagnosing with this tool, Server down issues can be reduced.
Prevent hibernation while capturing and view both IP Addresses and Hostnames. This is a good feature in upgraded version.

Colasoft protocol analyzer Supports Windows Vista-64 bit Edition. Able to identify and Analyze 300+ Network Protocols.

By going through the site www.colasoft.com, I came to know thatColasoft protocol analyzer Professional Edition available and used it for Analyses. It really good to use and operate. Everything is logged and my network usage is monitored.

Videos in the website help me to understand the ARP Attacks, Monitoring Network traffic. So I can protect my network now by identifying the deceived hosts and by identifying who is consuming maximum bandwidth in a Local Segment.

I can monitor the traffic either by protocol, IP or MAC Address. So much flexibility in using this protocol analyzer.

Internet Service Providers can use this tool for quick issue troubleshooting. Easy to identify problems and minimizes the time to service the customer.

The reports are displayed with Graphs and Tables .Viewing the connection in a matrix is wonderful and it is something special in Colasoft protocol analyzer. This pictorial epresentation is really good to sort out the issue by easily detecting.

Colasoft protocol analyzer has the tools that would not find in other protocol analyzers, including ping and scan IPs and MACS across the LAN.

Summary
Colasoft protocol analyzer is an easy-to-use and all-in-one tool for IT Network Administrator, IT Consultant and for a Security Manager in IT Company.

Protocol Analyzer，Basic Tools of Network Administrators

protocol analyers are a valuable tool for both network administrators and hackers. There are many protocol analyers on the market and one of the most sophisticated is the protocol analyer from Colasoft

protocol analyers are one of the best tools a network administrator has at his or her disposal to analyze network traffic and to troubleshoot problems. On the other hand, when a protocol analyer is in the wrong hands – i.e. hackers use it – this can cause quite a lot of damage to a company or an individual, especially if the victim hasn't taken the required protective measures. You see, as with many things in life, protocol analyers can be a great tool to maintain a network, yet they can be very destructive, if misused.

protocol analyers are very common, choose a best protocol analyer for you. There are many protocol analyers on the market and they range from free, to cheap, to expensive, from very simple, to advanced, to packed with features. Each type of protocol analyers has its purposes and if you need a simple tool for quick results on a small network, you don't have to buy the most expensive protocol analyers, no matter that they have tons of features. But in reality, if you need a protocol analyer for professional use, low-end sniffers are not the answer and you need something more sophisticated, for example Colasoft Network Analyzer. Colasoft Network Analyzer is built around packet sniffing but includes many other useful features as well.

As any other protocol analyer, the protocol analyer from Colasoft, intercepts and logs traffic, transmitted within a network (or a network segment). A protocol analyer can be really invisible because it monitors the network (almost) unobtrusively. Since a protocol analyer just sniffs the packets without modifying them, it doesn't cause disturbances to alert the administrator that something is going on. Unless the administrator doesn't run an anti-sniffer, the traffic can be eavesdropped and nobody will know about it.

Of course, a good network administrator knows how to detect a protocol analyer, so if you plan to get Colasoft protocol analyer and use it in a malicious way, don't expect that this will go unnoticed. The protocol analyer in the Colasoft Network Analyzer is not stealth but since anyway Colasoft Network Analyzer is intended for network troubleshooting, not network hacking, there is no reason to worry that the protocol analyer is not hidden. When a network administrator uses a protocol analyer in order to legitimately monitor network traffic, he or she doesn't need cover.

One of the most important features of a protocol analyer is the protocols it can sniff. In this aspect Colasoft Network Analyzer is an unbeaten protocol analyer because it can monitor over 300 protocols. Colasoft knows that when the packets of major protocols are not captured, this gives a wrong impression about the traffic in the network and that is why Colasoft Network Analyzer supports so many protocols. And no, the protocols Colasoft Network Analyzer can sniff are not exotic ones – they are protocols used frequently in networks.

Additionally, new and new protocols are added to the protocol analyer from Colasoft, so even if your network uses some really rare protocols, which are currently not supported by Colasoft Network Analyzer, they could be added in the future. Well, if you expect that the protocol analyer from Colasoft will sniff encrypted traffic, this will not happen because no can do it!