This builds off of Sniffing Networks Part 3- Understanding what you’re seeing.  This article introduces another tool to use for network sniffing and compares it to the previously mentioned Wireshark.

You’ve already been introduced to Wireshark and learned how to use it.  We now consider another tool, Colasoft Capsa Enterprise Edition, which can be used for network sniffing as well.  Colasoft Capsa offers many of the same features as Wireshark and introduces new features in analysis.  Similar to Wireshark, Colasoft Capsa captures and decodes packets, and supplies a hex view of each packet.  Below is a screenshot of the packet view in Colasoft Capsa.  Both programs automatically color code protocols.

picture-1

Colasoft Capsa allows you to apply filters to view select types of packets or view all but the selected packets.  Filters can be applied by address, port, or protocol as well.  It is also possible to enable advanced filters which are similar to Wireshark’s filters.  In advanced filters, you can combine specific addresses, ports, protocols, and packets by size, value, or pattern in any combination using “and,” “or,” and “not” logic modifiers.

It is possible to view related packets in Colasoft Capsa by right-clicking a packet and choosing an option from “Select Related Packets.”  This action will highlight packets related in the specified manner.  Choosing “By Flow” from the related packets menu results in highlighting the packets that Wireshark glues together when selecting “Follow TCP Stream.”  While this shows the related packets, Colasoft Capsa does not show all packets of a stream in one window as Wireshark does.  Other relations for grouping packets in Colasoft Capsa include by source, destination, or protocol.

Colasoft Capsa offers many of the analysis features that are found in Wireshark.  For example, both programs can display endpoints and protocols from the captured packets along with statistics on the amount of information sent and received for each.  The difference is that Colasoft Capsa adds a visual interpretation to the statistics.

Colasoft Capsa offers other visual aids such as graphs and a matrix view in which all endpoints that communicate are connected.  Additional features include reports, logs, and diagnostic capabilities that can be used to discover network problems.  All of Colasoft Capsa’s features are discussed in more detail in the article Using Colasoft Capsa.

2 thoughts on “Colasoft Capsa vs. Wireshark

  1. Kevin Zhou says:

    Hi Editor,

    “Colasoft Capsa does not show all packets of a stream in one window as Wireshark does.”

    Actually Capsa allows us to view all packets of a stream.

    please choose “Conversation” tab, and then select “TCP” we can view all the packets of the stream in the lower Window.

    Hope it helps : )

    Kevin

  2. Ruby says:

    another thing is, colasoft can capture loopbacks, but in wireshark, it can’t be done.

    I’m a satisfied user of colasoft product.

    more power guys

Comments are closed.