Intended audience: all Capsa users
Product version: since Capsa 7.0
If we use Capsa to monitor network traffic on a core switch or a router to capture traffic from multi-VLANs or segments, we'll see IP addresses from different VLANs listed under the Local Subnet group in Node Explorer and we may like to show these IP addresses in their according subnets to have a better look at the VLANs to concentrate to the IP addresses of a particular VLAN as in which they should be. We can use Network Group to do this for us. Let’s see a simple example.
Provided that we are using Capsa to capture on a switch, with traffic from three VLAN subnets, Sales & market (192.168.6.0/24), Product (192.168.8.0/24) and Management (192.168.0.0/24), and we want Capsa to display the IPs from these three subnets to different subnet groups. First run Capsa and come to the Start Page (if you are already running a capture, stop it and go back to Start Page), then click Set Network Profile link on right-side of the window.
Double-click Network Profile 1, open Node Group and this is the place we define the subnet or VLANs. We’ll add the VLANs under the Local Subnet and we take 192.168.5.0/24 as an example.
First click on Local Subnet label and then Add… button, then enter the subnet label (in our case it’s product dept., so we input Product) and click OK.
Next input the subnet ID with its subnet mask. This text box accepts the following entry styles:
- Single IP address – 192.168.5.1
- IP subnet and mask – 192.168.5.0/24
- IP subnet and mask – 192.168.5.0/255.255.255.0
- IP range (without subnet mask) - 192.168.5.1-192.168.5.254
So we can input in the textbox with the style you like, here we choose 192.168.5.0/24.
Then we can repeat these steps to add two other subnets, and we finish the inputs as figure below:
Then click OK button and we are back to the Start Page. Of course don’t forget to choose this network profile: Network Profile 1.
Next we can start a capture, and we can navigate to Node Explorer > IP Explorer > Local Subnet and we see the IPs are grouped in their subnet now. The IP Endpoint view will do exactly the same.