Network Packet Sniffer Software for Windows

Packet Sniffer HowtoJune 24, 2009 10:06 am

How to Detect Email Worm with Colasoft Packet Sniffer

What Is an Email Worm In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers.

What Is the Harm of Email Worm
An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash.

How to Detect Email Worm
If you are suspicious some host in your network is infected with an email worm, here is a process how we can detect email worm" in network with Colasoft Packet Sniffer, step by step.

>Step1. Download a free trial and deploy it properly.

>Step2. Launch a Project and Start Capturing Some Traffic.

>Step3. Switch to “Diagnosis” Tab
Diagnosis tab is a view we can see all the network issues automatically detected by Colasoft Packet Sniffer, also some causes and solutions are suggested.

Diagnosis Tab Screenshot

If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:

SMTP Events in Application Layer

>Step4. Locate the Source IP
Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the “Explorer” with the “Locate” shortcut in the right-click menu.

Locate Source IP

>Step5. Switch to “Logs” Tab
Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the Tab like this:

View Email Logs in

No doubt the final step is to isolate the host and kill the email worm with some AV software

Also there will be some other process to detect email worm with Colasoft Packet Sniffer, this is the shortest one.

Comments (0)
IT ManagementJune 17, 2009 9:51 am

14 Tips to Protect Your Organization’s Network

Colasoft Network Analyzer

Network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your Organization’s LAN.

1, Run Network Analyzer Frequently.Recommend an easy-to-use network analyzer, Colasoft Capsa.

2, Disable drives:Disable floppy drive access, USB ports and serial ports on networked computers.

3, Restrict Permissions: Windows 2000 and 2003 server allow you to set permissions so that users can’t run downloaded ‘exe’ or other executable files.

4, Block Instant Messenger:IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens.

5, Password Protect Your BIOS:A BIOS without an administrator password is an invitation to mischief.

6, Run AV Software: Run anti-virus software on all your computers.

7, Build Your Defenses: Install a firewall or a proxy server.

8, Beware Of Attachments From Unknown, Untrusted Sources:Do not open attachments to email unless you trust the sender.

9, Monitor Your Ports:Install a port monitor to prevent your ports from being scanned.

10, Encrypt Wireless Access.

11, Keep Back Office Systems Off The Organization Network

12, Require passwords to be changed frequently

13, Use CTRL+ALT+DEL to logon

14, Keep your networking skills up to date.

Comments (0)
Packet Sniffer Howto, IT ManagementJune 11, 2009 7:33 am

How to detect the network malfunction via the end-point view with Colasoft Packet Sniffer

Brief introduction about the Endpoint view in Colasoft Packet Sniffer

It is divided into Mac endpoint and IP endpoint in Colasoft 6.9. Users can detect the IP/Mac endpoint in the largest traffic in a short time by the endpoint analytics. And also, The system supply clear statistics of traffic ranking(Top 5 IP endpoint under HTTP protocol).

In the Endpoint view, we can see the specific traffic situation clearly of all the hosts(Including a network segment, a Mac address, and a IP address) in the currently network. Like the hosts with the largest total traffic, hosts that send/receive the largest traffic, hosts that send/receive the most packets, etc.

According to this information, we can confirm that if there are Broadcast / multicast storm, and help users detecting the network malfunctions about network slow, network disconnect, worm attack, DOS attack, and all the malfunctions besides.

Application case study Once we meet the network malfunction or attack, what the most important thing we should pay attention to, is the currently total network traffic, sent/received traffic, network connection etc, to get a clear direction to find the problem. And, all of this information are included in the endpoint view in Colasoft Packet Sniffer 6.9(figure 1):

In figure 1 we can make a compositor on the total traffic, network connection and other related information, to find and locate the host with largest traffic or most connections in the network. For example, at present, the host with the largest network connection is , we can locate the host, then check the related connection information(figure 2):

The connection information shown as the figure 2, we can know that has set up a large amount of TCP connection with other hosts, and the destination address and destination endpoint are indefinite, and Many of the state is to connect client requests synchronization. 

 

Next, check the TCP packets, we can check them out in Summary and Graphic as follows:

In the TCP packets information, we found has sent TCP synchronization packet, and the TCP FIN packets and TCP Reset packets are, this is deviant in the network.

Please go to the Colasoft Official FAQ page for more "How-tos"

Comments (0)
UncategorizedJune 10, 2009 9:58 am

How to Track BitTorrent User in Network with Colasoft Packet Sniffer

BitTorrent Consumes Big Bandwidth
Based on the working principle of BitTorrent protocol, if somebody is downloading big files with BitTorrent software, it will be a disaster for other users who need bandwidth for business operations as the user will consume large amount of bandwidth, thus causing long time network slowness, intermittence, even disconnections; because meantime the user downloading files from others, others are downloading files from him.

So it is necessary for IT administrators to track BitTorrent user at first place to regain network bandwidth for business operations. Blocking BitTorrent protocol can be one way; this article is to discuss how to track BitTorrent user with Colasoft Packet Sniffer.

How to Track BitTorrent User?

>Step1. Download a free trial and implement it correctly

>Step2. Launch a project and start capturing data

>Step3. Find BitTorrent Protocol in the "Protocols" Tab

Track BitTorrent User Screenshot 1

>Setp4. Locate BitTorrent Protocol in the "Explorer"
Use the "Locate" function to locate BitTorrent protocol in the "Explorer" to analyze dedicated data.

Track BitTorrent User Screenshot 2

>Step5. Track BitTorrent User in LAN in the "Endpoint" Tab
This is the way how to track the BitTorrent user in our network and who are connected with him. There is a lot more we can see from this tab, such as how much data has been downloaded and uploaded via BitTorrent protocol.

Track BitTorrent User Screenshot 3

View how many connections have been built in "Matrix"
You’ll be shocked to see how many connections have been built in the "Matrix" Tab. In this case, we can see this user has built more than 1000 connections with other hosts.

Track BitTorrent User Screenshot 4

About BitTorrent
BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files.

The protocol works when a file provider initially makes his/her file (or group of files) available to the network. This is called a seed and allows others, named peers, to connect and download the file. Each peer that downloads a part of the data makes it available to other peers to download. After the file is successfully downloaded by a peer, many continue to make the data available, becoming additional seeds. This distributed nature of BitTorrent leads to a viral spreading of a file throughout peers. As more peers join the swarm, the likelihood of a successful download increases. Relative to standard Internet hosting, this provides a significant reduction in the original distributor’s hardware and bandwidth resource costs. It also provides redundancy against system problems and reduces dependence on the original distributor.

Next Step
>>Download a Free Trial

Comments (0)
IT ManagementJune 9, 2009 4:33 am

Business IM: Risks and Resolutions

Do your users use IM in your network? If I ask this questions, I believe above 95% network administrators will answer: Yes, of course. MSN, Yahoo IM, Aol IM, Google Talk etc,with the rapid development of instant messaging tools,which are not just used for personal entertainment, but for workplace tools. However,according to a survey on the internet, most IM users are ignorant of its risks that may cause to the organization. Here we list the main Business IM Risks and Resolutons:

? Information leaks – Confidential materials, intellectual property, or proprietary information can be revealed, either intentionally or accidentally,through IM sessions or file transfers.

? Worms, viruses, etc. – Numerous malware programs target public IM systems and allow them to bypass standard firewalls and mail server antivirus systems.Colasoft network analyzer

? Network hacks and intrusions – Hackers use IM operating ports to bypass other security barriers and enter the corporate network unimpeded.

? Compliance, regulatory, or legal violations – Organizations subject to government oversight and compliance mandates may find themselves creating legal issues by failing to properly monitor, log, and regulate IM sessions and content.

? Productivity loss – Idle chat can disrupt employee productivity.

So many risks IM has, does it mean that we have to prohibit Instant Messaging in workplace, of course not, IM has its irreplaceable benifits other than other communication methods,as email, phone call, SMS. but we have some good suggestions to decrease the IM risks.

  • Deploy network analysis tools like Colasoft Network Analyzer in your computer, to detect network intrusion attempts, monitor network usage, gain information for effecting a network intrusion.
  • Regularly remind your users to update or upgrade their antivirus software
  • Create written policies – Clearly and explicitly define acceptable and unacceptable use of instant messaging within the business environment.

    • Comments (0)
    IT ManagementJune 2, 2009 7:57 am

    How to Troubleshoot Slow Internet Connections

    Colasoft Network Analyzer
    Follow these steps to diagnose your slow Internet connections

    1. Configure Broadband Router Settings Properly

    Improperly broadband router configuration will probably lead to slow internet connections. keep consisting your router’s settings with the manufacturer’s and your Internet Service Provider (ISP) recommendations.

    2. Reposition Router and Change WI-Fi Channel Number

    Signal interference which requires computers to resend messages to overcome signal issues constantly may affect the performance of Wi-Fi and other types of wireless connections, repositioning your router and changing your Wi-Fi channel number may benefit your connection performance.

    3. Run Antivirus Software Regularly To Diagnose and Remove These Worms

    Internet worm may begin generating huge network traffic, causing slow network connection if any of your computers are infected. Remember to run antivirus software regularly to diagnose and remove these worms from your computers.

    4. Don’t forget the Running Background Applications

    Some useful background applications, like Peer to peer (P2P) programs, will greatly consume network recourses. Therefore, don’t be blind to the running background applications when facing slow network connection issues.

    5. Temporarily Re-Arrange and Re-Configure Your Gear

    Faulty network equipment typically won’t support connections. To troubleshoot potentially faulty equipment, temporarily re-arrange and re-configure your gear while experimenting with different configurations. Try bypassing the router, swapping cables and changing network adapters to isolate the slow performance to a specific component of the system.

    6. Inquire Your Service Provider

    Internet speed ultimately depends on the service provider. Don’t forget to inquire your ISP about what happened if you suspect they have main responsibility in your poor connection performance.

    Conclusion

    Reasons for slow connection are diversified, the 6 tips for troubleshooting slow internet connections are basic solutions that may guide you when suffering network connection problems,moreover, to diagnose and troubleshoot the issues manually is not an easy work. nowadays, many network administrators usually choose some easy - to - use network analysis tools, like Colasoft Network Analyzer (also called packet sniffer, network sniffer, protocol analyzer) to monitor,analyze, and troubleshoot their network in minutes.

    Comments (0)
    Packet Sniffer HowtoMay 20, 2009 7:50 am

    How to Monitor Emails with Colasoft Packet Sniffer

    Some people may doubt if it is legal to monitor emails of employees with an email monitor software (aka. email spy or email checker), but this is not the topic of this article. We are going to discuss how we can monitor emails with some technical methods, especially how we can monitor emails with this packet sniffer – Colasoft Capsa.

    Step 1. Still we need to download a free trial and deploy it correctly.

    Step 2. Launch a project

    If we have not set Capsa to save email logs to a local disk, we’ll not be able to monitor email contents but we can monitor all email logs. So we must set the log settings to save email logs to a local path in order to monitor email contents. Also there will be a notice when start a new project.

    Monitor Email Screeshot1

    Setp3. Set Email Logs Settings

    View full image to set the email logs setting correctly.

    Monitor Email Screenshot2 - Click to view Large

    Advanced Email logs settings to split email logs and keep the most recent email logs to save disk space.

    Monitor Email Screeshot3

    Step 4. Start Capturing and Monitoring Emails in “Logs” Tab

    After email log settings is finished, we can do a test to see if we can get some email monitoring logs. Let’s launch Outlook and start sending and receiving emails. We can see that we’ve received many spam email in my email box. We can see a lot of information in the logs Tab, such as date and time, client name, email subject, sender and receiver name, size, and more.

    Monitor Emails Screeshot - Click to View Large

    Step 5. Monitor Email Contents

    In order to view the original content of an email, the process is quite simple, just double-click on the logs, then Capsa will call an email software to display the email content, basically Outlook.

    Monitor Email Screeshot5 - Click to View Large

    Now this is the entire process how we can monitor emails with Colasoft Capsa, we hope you enjoy this article.

    Next Step

    >>Download a Free Trial

    Comments (0)
    Packet Sniffer ArticlesMay 14, 2009 9:54 am

    Ten Reasons Make Packet Sniffers an Essential Network Tool

    colasoft packet snifferNo matter whether you are network administrators or IT managers, you should not be unfamiliar to the network analysis tool - packet sniffer, also known as a network analyzer, protocol analyzer or sniffer) which has been widely used by kinds of organizations, schools, enterprises, government institutions etc.

    Maybe you are yet supirsed at why more and more enterprises, like IBM, Intel, Epson, Airbus, Ericsson etc, love to deploy packet sniffer to their company’s network? OK, take a fresh coffee now, then look at the following problems, and ask yourself, as a network administrator or IT manager, if these issues are just what you have met?

    Rushing from one network problem to another every day?
    Have no way to judge if your network has been intruded?
    Helpless collecting convincing information to submit your boss even if you have realized that your network system has been intruded.
    No idea if current network usage is equal to actual need?
    Know nothing of how many staffs are not killing their time by chatting with friends, browsing irrelevant webpage etc, but focusing on their job?

    Yes, every question listed above has puzzled many network administrators, but no worry, packet sniffer can easily help you out with its strong functions, here are ten reasons make packet sniffers an essential network tools.

    * Analyze network problems
    * Detect network intrusion attempts
    * Gain information for effecting a network intrusion
    * Monitor network usage
    * Gather and report network statistics
    * Filter suspect content from network traffic
    * Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
    * Reverse engineer proprietary protocols used over the network
    * Debug client/server communications
    * Debug network protocol implementations

    Currently, there are dozens of packet sniffers in the market, some are very complex to use like wireshark, you must be versed in networking,; some are designed for common network administrators, such as Colasoft Network Analyzer, all-in-one & easy-to-use, which are more and more accepted and welcome.

    Comments (0)
    Packet Sniffer Articles 5:11 am

    Top 5 Most Welcomed Packet Sniffers

    Colasoft Network AnalyzerAccording to the latest statistic from famous download sites regarding to downloads of packet sniffer softwares, the following products are very honored to be listed as top 5 most welcome packet sniffers by network engineers, IT managers, and network administrators etc.

    #1 Wireshark - A Free Open Source Network Sniffer for Top Network Engineers

    Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

    #2 Colasoft Packet Sniffer - All-In-One & Easy-To-Use Network Analyzer and Packet Sniffers Available For Most Network Administrators.

    Colasoft Packet Sniffer - Capsa performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the complex network, conduct packet level analysis, and troubleshoot network problems.

    Whether you’re a network administrator who needs to identify, diagnose, and solve network problems, a company manager who wants to monitor user activities on the network and ensure that the corporation’s communications assets are safe, or a consultant who has to quickly solve network problems for clients, Capsa is the tool you need.

    #3 Tcpdump: The Classic Sniffer For Network Monitoring And Data Acquisition

    Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn’t receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

    #4 Etherdetect : Connection-Oriented Packet Sniffer And Protocol Analyzer

    EtherDetect Packet Sniffer is an easy for use and award-winning packet sniffer and network protocol analyzer, which provides a connection-oriented view for analyzing packets more effectively. With the handy tool, all you need to do is to set up the filter, start capturing, and view connections, packets as well as data on the fly.

    #5 Ettercap : In Case You Still Thought Switched Lans Provide Much Extra Security

    Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

    Comments (0)
    UncategorizedMay 12, 2009 7:00 am

    How to Find MAC Address with Colasoft MAC Scanner and More

    Colasoft MAC Scanner Screenshot

    In computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sublayer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address.

    Since a MAC Address is unique for most network adapters or network interface cards (NICs), it is important for IT administrators to know all the MAC addresses in LAN so as to quickly locate a network device when a network issue arises. Luckily we have tools to help us out. Let’s see how we can easily find MAC address in LAN with Colasoft MAC Scanner.

    Colasoft MAC Scanner is a Free software to find MAC address and IP address. It can automatically detect all subnets according to the IP addresses configured on multiple NICs of a machine and find MAC addresses and IP addresses of defined subnets as your need. Users can custom own scan process by specifying the subsequent threads.

    Step 1. Download Colasoft MAC Scanner

    Step2. Install Colasoft MAC Scanner

    The installation of Colasoft MAC Scanner is quick and easy, it is suggested to install Colasoft MAC Scanner on a laptop as it only scans and finds MAC addresses and IP addresses in the subnet to which the laptop is connected.

    Step3. Start a Scan

    It’s easy and quick, just press the start button, the Colasoft MAC Scanner will scan and find MAC addresses and IP addresses in the subnet and list them out. The results can be “copy and paste” or exported for future reference.

    Now the problem is: if a LAN is divided into several subnets, we’ll have to move the laptop around and scan each subnet in order to find all MAC addresses and IP addresses. Then what’s the solution?

    Find MAC Address and IP Address with Colasoft Packet Sniffer

    Colasoft Packet Sniffer allows us to find MAC addresses and IP addresses both local and remote in the network as long as there is network communication initiated.

    Find MAC Address in Colasoft Packet Sniffer

    >>>>Download Colasoft Packet Sniffer Now

    Comments (0)