Network and Protocol Analyzers


Network and protocol analyzers record, interpret, and analyze the operations of a protocol within a network. In addition, they filter traffic from a particular device and generate frames for transmission over the network. Protocol analyzers do not have any impact on network performance. They only provide details about network traffic and protocol paths, network configuration and operation, and offer potential solutions to critical network problems.

When a node transmits frames on the network, the protocol analyzer captures the frames and decodes the protocol layers in a recorded frame. This information is in the form of readable summary, which provides information about the protocol layer and the function of each byte in the frame. As the size of the network increases, the scope of the functions performed by the protocol analyzer increases. This is because the protocol analyzers detect and decode all the protocols used by the frames.

The protocol analyzer also generates and transmits frames for capacity planning and for performing load tests on the network. For example, if network performance regularly deteriorates at a particular time or in a particular region, one of the possible reasons can be heavy network traffic during that period or in a particular region. To detect and reduce such performance-related issues, the protocol analyzer should be able to send multiple captured frames.

A protocol analyzer works in two modes, capture and display. In the capture mode, it records the frames or the network traffic depending on certain performance criteria or a predefined threshold. For example, you may observe network downtime when data is transmitted to a particular network. To determine the exact cause of network failure, attach a threshold or filter to the protocol analyzer to capture the frames directed to that particular network. In such a situation, the protocol analyzer captures the frames directed to that particular network in the capture mode. The captured frames will have a timestamp attached to them that will determine the exact period during which the network performance deteriorates. This type of information is critical for organizations such as banks and stock exchanges that require seamless network connectivity.

In the display mode, a protocol analyzer decodes the captured frames and stores the information in a readable format for future interpretation. To view the captured frames, you can use thresholds. In addition, you can apply these thresholds to view only those frames that match a certain criteria.

Protocol analyzers are intelligent tools that use specialized techniques to diagnose problems based on the symptoms. The knowledgebase of this system includes:

  • Theoretical databases, which store information about the standards

  • Network-specific databases, which store information about the network topology

  • End user experience, which includes records of the network problems that have occurred within the network

The expert system administrator uses this knowledgebase to generate a hypothesis that describes the most probable cause of the problem.

Based on the different characteristics and information captured, there are three types of protocol analyzers:

General purpose analyzers: Provide information about the network such as traffic monitoring, protocol capture, and network traffic modeling in the network design phase.

Software-based analyzers: Provide information restricted to a particular network or LAN. The software is usually installed on a PC on the network and performs internal network troubleshooting.

High-end analyzers: Provide relatively expansive protocol decoding and capture traffic at higher rates. A significant feature of the high-end analyzer is the “generate and capture” capability, which is used for network capacity planning and load testing.

One of the most commonly used protocol analyzers is Sniffer Pro. It diagnoses network problems based on the symptoms. This product can decode as many as 250 protocols.

Another effective network protocol analyzer tool is Ethereal, which examines data in an active network and has a GUI for viewing data. You can interactively view both the summary and detailed information about the data packets. The tool assembles the data packets transmitted in a TCP session and displays the ASCII data for the session. In addition, it provides powerful filters, which accommodate a large number of fields.

To demonstrate use of network analyzers, consider a situation in which a network has problems with workstations attached to a particular port of a switch. To resolve this problem, you need to analyze the packets that are transmitted by the workstation. Connect a network analyzer to the port and configure a span to monitor the incoming and outgoing packets to the port.




Cisco IP Routing Protocols(c) Trouble Shooting Techniques
Cisco IP Routing Protocols: Trouble Shooting Techniques (Charles River Media Networking/Security)
ISBN: 1584503416
EAN: 2147483647
Year: 2006
Pages: 130

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net