Windows optimize

Test-drive: Colasoft Capsa network analyzer

Having the right tools on the network are critical to a network administrator's success. In this TechRepublic blog post, IT Jedi Rick Vanover takes look at the Colasoft Capsa tool for network analytics.

Having good insight to your network is critical. There are so many potential issues that can be going on that any additional tool can be welcome. This can include attacks, transmissions and applications without encryption, or incorrect configurations bogging down the network.

Recently, I had a chance to evaluate the Colasoft network analyzer or Capsa. Capsa offers a lot of features in a small package, though the network analyzer field is very crowded. One thing that can differentiate a network tool is ease of use. While test-driving Capsa on my lab network, I immediately saw a message coming in through a conversation detail indicating an incorrect network configuration, shown in Figure A. Figure A

Figure A

Click to enlarge

Sure enough, this message quickly pointed out that the 10.187.187.200 host was incorrectly configured to look to 10.187.187.2 for the default gateway and DNS server. So, right away, Capsa saved me needless broadcasts on my network by identifying this issue on one host.

But what else did I see with the tool? Well, of course, I confirmed again that my Yahoo Instant Messenger traffic is sent plain text -– we all knew that, right? The Capsa tool identified remote desktop connectivity on port 3389 TCP from my Windows 7 host (rick-vanover-w7) to the system mentioned above with the incorrect default gateway and DNS configuration. Figure B shows this traffic pattern. Figure B

Figure B

Click to enlarge

The capture worked pretty good; the next observation I had is that I was able to see Windows file sharing going on between two hosts. This is important as it may be a way to determine if any authorized peer-to-peer file exchanges are occurring. Here is a capture from the Capsa system; notice the Windows 7 host mentioned earlier copying a file from a file and print resource. Figure C shows this traffic pattern with the highlighted row. Figure C

Figure C

Click to enlarge

This traffic was expected, but it can be monitored in ways such as this to capture the traffic patterns to identify unauthorized file exchanges.

How do you go about monitoring your traffic? Do you want to see more of the Capsa tool? There are a lot of filters, address tools, protocol awareness configuration, and other parts to the product. Share your comments below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

{"msg": "None", "status": "error", "error_type": "ServiceUnavailableError", "code": 503}