Thursday, December 18, 2014

Quick Network Analysis Tool

One tool that I really like using is called Capsa, by Colasoft.  Now please dont think Im advertising for them.  Im not, but if Im being honest, it IS one of my tools in my tool pouch (my laptop).  Its really helpful for quick troubleshooting.
So, with that said, I had a customer ask me about a 97% utilization on the remote site MPLS link.  I told him that I would go figure it out and be right back.
10 minutes later, I come back with the source and destination of the troublemaker (not really).  We found out that a guy was doing legitimate work traffic, but not the way he was supposed to.  Either way, my point is that having the right tools as a network guy can help you troubleshoot problems quickly and effectively.  And yes, sometimes it does require spending some money to get those tools.


  1. I could not agree more with you Shane. There are a lot of great open source tools out there, but there are also some great commercial tools which are well worth the price. As for Capsa, I'm curious about what you get from it that you don't get from Wireshark? I use Wireshark for 95% of my network analysis issues, and for the other 5% I use Sniffer (Netscout). Does Capsa have some cool features above and beyond Wireshark? Thanks!!

    1. Not really anything wireshark can't do. It's just faster to go through the info. It will diagnose problems for you, like slowness, retransmission, etc. But I can start a capture and know within a few second where the problem is coming from, in some situations. When you consult, time is crucial. But, I don't think I know everything about capsa. I've just used what i needed in it. But it's very handy in time crunches.

    2. Thanks Shane. I'll look into Capsa...I've become very disappointed in Sniffer over the last several years. Even though it was the original network analyzer (back in the Network General days of long ago), it's been bought and sold to various companies on a regular basis, and development/improvements seems to have stalled for quite a while now.

    3. Its been worth having to me. You know in wireshark, its just takes some time to go through the captures. Capsa will compile everything together into nice graphs, etc. If you want to see more, you just click into the packet to see the rest of the header, etc. But sometimes, the packet info doesnt matter. You just need to know the problem IP, or that you see a broadcast storm, etc. It has some really nice features that you can "see" without having to thumb through the captures. I know that if I see 80,000 packets per second on a vlan that we probably have a problem on that vlan. Then I go from there. Again, TIME SAVER!

  2. Hi Shane, What edition of Capsa are you using now?


Your comment will be reviewed for approval. Thank you for submitting your comments.