Tools of the Wi-Fi Trade – Protocol Analyzers – OverviewBy CWNP On 07/15/2016 - 104 Comments
In this blog, we will talk about protocol analyzers, what they do, why they are important for a network engineer, and which is the best protocol analyzer available in the market today. These are lot of questions to be answered in a single blog, but I will try.
What are protocol analyzers?
They are always-have-it tools in the network administrator's toolkit, and are used for network protocol analysis, and are also called packet sniffers. They are primarily used to capture data packets and protocol details from a communication channel and decode their various components. Also, if you, as a network administrator, needs to know why a network device is functioning the way it is, then you would need a protocol analyzer to capture the network traffic going in and out of that device to understand the protocols that are utilized.
With the help of a network protocol analyzer, you can perform a lot of network traffic analysis and network troubleshooting, which includes the following:
- Detect and identify malicious software available in the network
- Eavesdrop on network traffic to locate unauthorized access points or users
- Work in collaboration with the Intrusion Detection System (IDS) to identify unauthorized users
- Learn about the network in general
The following diagram illustrates how a typical network protocol analyzer works:
Figure courtesy: http://windowsitpro.com/
Unlike the common belief that network protocol analyzers were only useful for troubleshooting network problems, now days, protocol analyzers are used in day-to-day network management, and perform the following functions:
- Monitor unexpected network traffic. As a primary function, protocol analyzers capture network traffic, and if any unusual traffic is detected, protocol analyzers can be put into use to capture and analyze this unexpected traffic for security or performance reasons.
- Monitor unnecessary network traffic. As a good network management practice, any unused network protocols should be removed. For example, some older printers may try to communicate using Novell's IPX protocol, though rare today. Therefore, the protocol analyzers can be used to filter specific type of network traffic so that you can monitor bandwidth usage and identify the non-used protocols.
- Detect unauthorized users accessing the resources. A network management practice is to periodically check for the services provided by your servers. Some servers can be providing unauthorized services or unauthorized users might be accessing the servers, both of which are detrimental for your network. Protocol analyzers can be put to use here as well, and packets from the servers can be captured to identify which services are running on the server. After you have identified the services being run on the server, you can disable the services that are unauthorized or not required. This will help you to reduce unnecessary network traffic and prevent unauthorized users to access the servers on the network.
- Detect viruses and control their spread within the network. Protocol analyzers can be used to detect virus in the transmission by allowing to build specific virus detection filters.
- Resolve email problems, now did you even think of this!! Yes, protocol analyzers can be used to detect problem with your email server because email systems use standard port numbers, and protocol analyzers can be used to monitor both incoming and outgoing email traffic to detect any issue or cause of an email problem. Of course, this is just one example as any standard protocol can be captured and analyzed, assuming it is not encrypted.