Trouble Setting UP CNA....

Hi,

Just purchased and installed 7.2.1. Been working on this for a year. Got all swtches replaced with Netgear Managed so that I could Port Mirror the Internet port and monitor with Colasoft Network Analyzer.(have 60-90 clients to monitor)

Seems to work fine for broadcasts but not other packets. (Not sure, but theorizing)

The symptom is that all the client machine MAC's and IP's are discovered and the Matrix is busy busy, but I'm not capturing any HTTP or Email protocol packets. At least there is no information in the logs. The logs only contain DNS protocol information.

This monitoring is being done on my laptop and so I'm using the hardwire NIC for monitoring and my wireless to maintain a "normal" internet connection as well. (I did disable my wireless to verify that the behavior is the same - all clients discovered but no higher level data sniffed)

Any ideas what could be wrong? If I monitor my wireless as well I can get all the capture info on myself so I think the software is more or less configured correctly. It's like the port mirroring is not 100% or the NIC isn't properly seeing ALL packets...

Any help appreciated!

Is there any hardcore direct support from Colasoft?

Thanks,
sw

 

Dear sniffwell,

Thank you for choosing Colasoft Capsa Network Analyzer.

Which Analysis Profile did you select on the Start Page? If you are using Full Analysis, please double-click the Full Analysis icon on the Start Page, and enable the HTTP and Email analysis module.

If the Traffic Monitor, I recommend that, according to your demands, you switch to above mentioned Full Analysis because this analysis profile is designed for traffic monitoring, which doesn't go that deep to analyze the application level protocols.

 

Yeah, I've tried the different Analysis Profiles. It's not picking up any usefull data. I don't understand how it can see all the clients by sniffing the packets, but can't sniff out any HTTP info.

It shows not only the clients but all of their many links in the Matrix view. How can it see all of that but none of the HTTP URL's?

It sees bunches of ARP traffic and others, but none of the Log data except the occasional DNS. No HTTP or Email or IM info.

I've ordered a TAP to try that, but the Port Mirroring is supposed to mirror all of the packets and info. It's obviously mirroring lots of info since it couldn't possibly guess or make up all the client info it does gather.

Any ideas? I enabled all of the extended logging with log files etc. Not sure what else to try.

Frustrating.

Thanks,
sw

 

Hi sw,

I think you could try to follow my instruction to configure the Full Analysis profile and not to enable any filter, then start a capture.

We still cannot locate the problem, would it be possible for you to just capture some traffic and save them to a packet file and send it to our support mail box: support#(replaced by @)colasoft.com?

 

Ok, done. Let me know if you got it/didn't get it and if you need anything else.

Thanks!
sw

 

Hi sniffwell,

Got your packet files.