Packet Sniffer Software Howto’s & Articles

Colasoft, with its all-in-one & easy-to-use network analyzer -Capsa, has been known and recognized in network analysis industry. Today let me recommend 5 nice Colasoft network analysis tools to all network administrators, the tools are totally free and very simple but helpful.

• Colasoft MAC Scanner Pro

  
  List MAC addresses and IP addresses in your local subnet in seconds. Network administration will never become efficient before you know exactly who is the user and where is the computer. MAC Scanner Pro will do it for you.

  Core Values:

  .Scan MAC addresses and IP addresses
  .Save Scan Results into database for future reference and network maintenance.
  .Add attributes (such as users name and physical location of the host) to scan results and save in database.
  .Automatically compares new MAC scan results with database records and notifies difference and new records (illegal access).
  .Print and Print Review MAC Scan Results

  Special Notice:

  Colasoft is launching a campaign this month, you can get a license key of MAC Scanner Pro edition for free as long as you recommend a friend to download MAC Scanner free editon successfully.

  Find out more information about this ,please go to http://www.colasoft.com/mac_scanner/index.php?act=recommend.

• Colasoft Ping Tool
  Colasoft Ping Tool is powerful in supporting to ping multiple IP addresses simultaneously and comparing response time in a graphic chart. Users can view historical charts and save the charts to a *.bmp file. With this build-in tool, users are able to ping the IP addresses of captured packets in a protocol analyzer (e.g. Colasoft Capsa) conveniently, including resource IP, destination IP or both.
• Colasoft Packet Builder
  Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders.Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.
• Colasoft Packet Player
  Colasoft Packet Player is a packet replayer which allows users to open captured packet trace files and play them back in the network. It supports many packet trace file formats created by sniffer softwares such as Colasoft Capsa, Ethereal, Network General Sniffer and WildPackets EtherPeek/OmniPeek, etc.

  Except sending packet files in original interval between loops, Colasoft Packet Player also supports sending packet files in burst mode and defining the delay between loops if the loop count is more than one.

Network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your Organization’s LAN.

1, Run Network Analyzer Frequently.Recommend an easy-to-use network analyzer, Colasoft Capsa.

2, Disable drives:Disable floppy drive access, USB ports and serial ports on networked computers.

3, Restrict Permissions: Windows 2000 and 2003 server allow you to set permissions so that users can’t run downloaded ‘exe’ or other executable files.

4, Block Instant Messenger:IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens.

5, Password Protect Your BIOS:A BIOS without an administrator password is an invitation to mischief.

6, Run AV Software: Run anti-virus software on all your computers.

7, Build Your Defenses: Install a firewall or a proxy server.

8, Beware Of Attachments From Unknown, Untrusted Sources:Do not open attachments to email unless you trust the sender.

9, Monitor Your Ports:Install a port monitor to prevent your ports from being scanned.

10, Encrypt Wireless Access.

11, Keep Back Office Systems Off The Organization Network

12, Require passwords to be changed frequently

13, Use CTRL+ALT+DEL to logon

14, Keep your networking skills up to date.

Brief introduction about the Endpoint view in Colasoft Packet Sniffer
It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).

In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.

According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.

Application case study
Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Packet Sniffer 6.9(figure 1):

endponit_view_1

In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):

The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization.

endpoint_view_2

Next, check the TCP packets, we can check them out in Summary and Graphic as follows:

endpoint_view_3

endpoint_view_4

In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.

Please go to the Colasoft Official FAQ page for more “How-tos”

BitTorrent Consumes Big Bandwidth
Based on the working principle of BitTorrent protocol, if somebody is downloading big files with BitTorrent software, it will be a disaster for other users who need bandwidth for business operations as the user will consume large amount of bandwidth, thus causing long time network slowness, intermittence, even disconnections; because meantime the user downloading files from others, others are downloading files from him.

So it is necessary for IT administrators to track BitTorrent user at first place to regain network bandwidth for business operations. Blocking BitTorrent protocol can be one way; this article is to discuss how to how to track BitTorrent user with Colasoft Packet Sniffer.

How to Track BitTorrent User?

>Step1. Download a free trial and implement it correctly

>Step2. Launch a project and start capturing data

>Step3. Find BitTorrent Protocol in the “Protocols” Tab

Track BitTorrent User Screenshot 1

>Setp4. Locate BitTorrent Protocol in the “Explorer”
Use the “Locate” function to locate BitTorrent protocol in the “Explorer” to analyze dedicated data.

Track BitTorrent User Screenshot 2

>Step5. Track BitTorrent User in LAN in the “Endpoint” Tab
This is the way how to track the BitTorrent user in our network and who are connected with him. There is a lot more we can see from this tab, such as how much data has been downloaded and uploaded via BitTorrent protocol.

Track BitTorrent User Screenshot 3

View how many connections have been built in “Matrix”
You’ll be shocked to see how many connections have been built in the “Matrix” Tab. In this case, we can see this user has built more than 1000 connections with other hosts.

Track BitTorrent User Screenshot 4

About BitTorrent
BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files.

The protocol works when a file provider initially makes his/her file (or group of files) available to the network. This is called a seed and allows others, named peers, to connect and download the file. Each peer that downloads a part of the data makes it available to other peers to download. After the file is successfully downloaded by a peer, many continue to make the data available, becoming additional seeds. This distributed nature of BitTorrent leads to a viral spreading of a file throughout peers. As more peers join the swarm, the likelihood of a successful download increases. Relative to standard Internet hosting, this provides a significant reduction in the original distributor’s hardware and bandwidth resource costs. It also provides redundancy against system problems and reduces dependence on the original distributor.

Next Step
>>Download a Free Trial

Do your users use IM in your network? If I ask this questions, I believe above 95% network administrators will answer: Yes, of course.

MSN, Yahoo IM, Aol IM, Google Talk etc,with the rapid development of instant messaging tools,which are not just used for personal entertainment, but for workplace tools. However,according to a survey on the internet, most IM users are ignorant of its risks that may cause to the organization. Here we list the main Business IM Risks and Resolutons:

? Information leaks – Confidential materials, intellectual property, or proprietary information can be revealed, either intentionally or accidentally,through IM sessions or file transfers.

? Worms, viruses, etc. – Numerous malware programs target public IM systems and allow them to bypass standard firewalls and mail server antivirus systems.

? Network hacks and intrusions – Hackers use IM operating ports to bypass other security barriers and enter the corporate network unimpeded.

? Compliance, regulatory, or legal violations – Organizations subject to government oversight and compliance mandates may find themselves creating legal issues by failing to properly monitor, log, and regulate IM sessions and content.

? Productivity loss – Idle chat can disrupt employee productivity.

So many risks IM has, does it mean that we have to prohibit Instant Messaging in workplace, of course not, IM has its irreplaceable benifits other than other communication methods,as email, phone call, SMS. but we have some good suggestions to decrease the IM risks.

For some purposes we want to monitor MSN chat around the network, for example, parents want to monitor MSN chat of their kids to ensure their safety; bosses want to monitor MSN chat of employees for company assets security and to improve work efficiency by minimizing none-business chat during working hours. You may still remember Colasoft MSN Monitor, now it is called Unipeek MSN Monitor and it is distributed completely Free for none commercial users.

Now let’s see how we can monitor MSN chat with Unipeek MSN Monitor, the free tool.

Step1. Download Unipeek MSN Monitor

Download Unipeek MSN Monitor, the free edition; from the website. As a matter of fact there is no function difference between Unipeek MSN Monitor the free edition and the commercial edition. The only difference is Unipeek MSN Monitor Free Edition only supports 10 MSN accounts maximum, but quite enough for family users.

Step2. Install and Deploy Unipeek MSN Monitor

The installation is quick and simple, just click “next” all the way to complete the installation. But the deployment is somewhat different. As Unipeek MSN Monitor is designed based on Colasoft’s packet capturing technology, so it has to be deployed properly like a packet sniffer if you want to monitor all MSN chat around the network. Of course, you don’t have to do it if you only want to monitor MSN chat of a single computer. To monitor multiple computers, you can install multiple copies.

Setp3. Run it and Start Monitor MSN Chat

After proper installation and deployment, we can start monitoring MSN chat right away.

About Unipeek MSN Monitor
Unipeek MSN Monitor (MSN sniffer) is Free MSN monitoring software for MSN chat monitoring and MSN message archiving. Based on Colasoft’s packet analysis technology, Unipeek MSN Monitor is able to deliver the most accurate MSN monitoring statistics, and automatically record data for future reference. You need only install Unipeek MSN Monitor once to monitor all MSN chats over the local network.

Key Features include:

• Real-time and 24/7 MSN chat monitoring

• Automatically archive MSN messages for future reference

• Export messages of a custom time range

• Customize MSN account list to be monitored

• Unique Conversation Matrix showing account relations

• Support emotion icons, message font size and color.

Download Now

Download Unipeek MSN Monitor

KUB365 — Administrator of bytes.com
_________________________________________________________

There’s no escaping the slowing economy. Layoffs are being announced and companies are in cost cutting mode. Whether you are a tech at a big company or a small one man operation it’s time to cut the fat before you get cut out of work. Unnecessary expenses have to go and inefficient ways of working need to be analyzed and improved.

If done right, the use of some technologies can greatly reduce costs and make us more efficient.

Here are ten technologies every techie should consider to help cut costs in this slow economy:

1) Open Source

Dump the high cost proprietary systems for equivalent open source systems where you can. There are many operating systems, databases, content managment systems, communications tools, networking and administration tools that are open source and free to use. Choose mature products with a strong community following and plenty of available support options either via developers or third party support offerings.

2) Software as a Service

Instead of spending money on time on developing complex in-house solutions to CRM, support and project management use SaaS providers such as Sales Force, Google, 37Signals and Right Now . Not only do you save money by using these third party tools by cutting development costs, but you also reduce costs on specialized hardware to run similar in-house solutions. Many SaaS solutions can also be integrated via the providers API’s.

3) Virtualization

Do you have multiple servers and workstations handling different tasks? Combine them into one machine. With virtualization suites such as ones offered by VMware you can take one machine and turn into multiple virtual machines. One machine can act as your web server, your network share and your exchange server. Each virtual machine will work independent of the other and optimize utilization of hardware resources.

4) Thin Clients

Employees no longer need to use expensive machines for light computing work such as emailing and using basic office work. Low powered thin-clients connected to a single multi-core system with x64 architecture and virtualization can power the work of multiple employees. Besides better utilization of hardware and energy, you also introduce efficiency for IT managers by reducing the # of systems they have to manage.

5) Enterprise 2.0

Get your organization connected and sharing information. Use intranet systems with built in messaging, voice messages, wikis, profiles and contact information. Keeping your employees connected and sharing information about your business can keep the organization from making costly decisions.

6) Digital Documents

Move as much of your company’s paper usage to digital as you can. Not only do you save money with printing you also save money on office space to store all that paperwork. Other ways to save more on printed costs is move to email for memos and letters. Also consider e-fax services as an alternative to fax machines.

7) Fast Efficient Networks

Using all these cost savings technologies will require a fast internal network and fast bandwidth coming in. These days companies and individuals can subscribe to fiber-optic bandwidth providers. With higher bandwidth network such as fiber lines, you can also server voice and video through the same connection. Internally make sure you’ve upgraded as much of your hardware to gigabit speeds. Newer networking gear tends to be more energy efficient and capable of handling faster network speeds. A fast network means less waiting for employees and more working.

Data Storage

Storing as much of your company’s data and information on the network keeps it accessible for employees and staff to use at any time from any location. This saves employees from physically having to search for the required data or information. The time savings will make your staff more efficient. Saving data on cheap mass storage hard drives saves you office space for storing documents and paper work.

9) Wireless

With wireless connectivity employees can work from anywhere. They are no longer stuck to their desk and their mobile systems such as laptops can move with them from meetings to conference areas. An added benefit of wireless systems are the savings in running wire for hard networking.

10) Virtual Office

Cut the overhead costs of keeping employees on site by allowing them to work from home. Virtual offices reduce the amount of resources required for equipment and office space. Many companies have already instituted virtual office policies and have realized great results from doing so. With virtual offices upfront investments in secure networking will be required. Setting up VPNs and access to other network resources for employees will be a must.

Follow these steps to diagnose your slow Internet connections

1. Configure Broadband Router Settings Properly

Improperly broadband router configuration will probably lead to slow internet connections. keep consisting your router’s settings with the manufacturer’s and your Internet Service Provider (ISP) recommendations.

2. Reposition Router and Change WI-Fi Channel Number

Signal interference which requires computers to resend messages to overcome signal issues constantly may affect the performance of Wi-Fi and other types of wireless connections, repositioning your router and changing your Wi-Fi channel number may benefit your connection performance.

3. Run Antivirus Software Regularly To Diagnose and Remove These Worms

Internet worm may begin generating huge network traffic, causing slow network connection if any of your computers are infected. Remember to run antivirus software regularly to diagnose and remove these worms from your computers.

4. Don’t forget the Running Background Applications

Some useful background applications, like Peer to peer (P2P) programs, will greatly consume network recourses. Therefore, don’t be blind to the running background applications when facing slow network connection issues.

5. Temporarily Re-Arrange and Re-Configure Your Gear

Faulty network equipment typically won’t support connections. To troubleshoot potentially faulty equipment, temporarily re-arrange and re-configure your gear while experimenting with different configurations. Try bypassing the router, swapping cables and changing network adapters to isolate the slow performance to a specific component of the system.

6. Inquire Your Service Provider

Internet speed ultimately depends on the service provider. Don’t forget to inquire your ISP about what happened if you suspect they have main responsibility in your poor connection performance.

Conclusion

Reasons for slow connection are diversified, the 6 tips for troubleshooting slow internet connections are basic solutions that may guide you when suffering network connection problems,moreover, to diagnose and troubleshoot the issues manually is not an easy work. nowadays, many network administrators usually choose some easy - to - use network analysis tools, like Colasoft Network Analyzer (also called packet sniffer, network sniffer, protocol analyzer) to monitor,analyze, and troubleshoot their network in minutes.

Some people may doubt if it is legal to monitor emails of employees with an email monitor software (aka. email spy or email checker), but this is not the topic of this article. We are going to discuss how we can monitor emails with some technical methods, especially how we can monitor emails with this packet sniffer – Colasoft Capsa.

Step 1. Still we need to download a free trial and deploy it correctly.

Step 2. Launch a project

If we have not set Capsa to save email logs to a local disk, we’ll not be able to monitor email contents but we can monitor all email logs. So we must set the log settings to save email logs to a local path in order to monitor email contents. Also there will be a notice when start a new project.

Setp3. Set Email Logs Settings

View full image to set the email logs setting correctly.

Advanced Email logs settings to split email logs and keep the most recent email logs to save disk space.

Step 4. Start Capturing and Monitoring Emails in “Logs” Tab

After email log settings is finished, we can do a test to see if we can get some email monitoring logs. Let’s launch Outlook and start sending and receiving emails. We can see that we’ve received many spam email in my email box. We can see a lot of information in the logs Tab, such as date and time, client name, email subject, sender and receiver name, size, and more.

Step 5. Monitor Email Contents

In order to view the original content of an email, the process is quite simple, just double-click on the logs, then Capsa will call an email software to display the email content, basically Outlook.

Now this is the entire process how we can monitor emails with Colasoft Capsa, we hope you enjoy this article.

Next Step

>>Download a Free Trial

No matter whether you are network administrators or IT managers, you should not be unfamiliar to the network analysis tool - packet sniffer, also known as a network analyzer, protocol analyzer or sniffer) which has been widely used by kinds of organizations, schools, enterprises, government institutions etc.

Maybe you are yet supirsed at why more and more enterprises, like IBM, Intel, Epson, Airbus, Ericsson etc, love to deploy packet sniffer to their company’s network? OK, take a fresh coffee now, then look at the following problems, and ask yourself, as a network administrator or IT manager, if these issues are just what you have met?

Rushing from one network problem to another every day?

Have no way to judge if your network has been intruded?

Helpless collecting convincing information to submit your boss even if you have realized that your network system has been intruded.

No idea if current network usage is equal to actual need?

Know nothing of how many staffs are not killing their time by chatting with friends, browsing irrelevant webpage etc, but focusing on their job?

Yes, every question listed above has puzzled many network administrators, but no worry, packet sniffer can easily help you out with its strong functions, here are ten reasons make packet sniffers an essential network tools.

* Analyze network problems
* Detect network intrusion attempts
* Gain information for effecting a network intrusion
* Monitor network usage
* Gather and report network statistics
* Filter suspect content from network traffic
* Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
* Reverse engineer proprietary protocols used over the network
* Debug client/server communications
* Debug network protocol implementations

Currently, there are dozens of packet sniffers in the market, some are very complex to use like wireshark, you must be versed in networking,; some are designed for common network administrators, such as Colasoft Network Analyzer, all-in-one & easy-to-use, which are more and more accepted and welcome.