PCQuest : Infrastructure Mgmt Tools : Tools to Analyze your Network Traffic

Tools to Analyze your Network Traffic

A major concern for any Network Manager is to keep his network and mission critical apps working all the time. Network protocol analyzers make his life astonishingly simple, we tell you how

Tuesday, May 15, 2007

Print Comment Email Digg Del.icio.us Reddit Twitter

Remember the good old packet capturing utilities? Those wonderful tools that capture all traffic flowing across your network to tell you what's wrong. Well, they're undergoing a change, and today they can do much more than packet capturing. So much so that many packet capture utilities have rechristened themsevles as protocol analyzers. As the name suggests, a protocol analyzer will give you a complete report on the protocols flowing across your network. At the core, they're still packet capture utilities, but they give you a protocol wise breakup of the traffic, so that it's easier to analyze. Protocol analyzers are useful in many ways. If your network is choked for instance, and you can't figure out what's causing it, then you can easily find out what's wrong by running a protocol analyzer. Likewise, if any of your applications are not responding, say your mail server is taking ages to send out mails, then again you can bring a protocol analyzer to the rescue. For instance, we've had experiences in the past where a mail server had been completely choked by a mass mailing worm. We ran a protocol analyzer and were able to detect not only the nature of the worm, but also the machines infected by it. A protocol analyzer tells you the exact problem.

Using the decode module of sniffer portable, you can see details of captured packets in human readable format

A network protocol analyzer captures a copy of the packets flowing across your network and decodes them with information about the physical and logical addresses from where these packets are coming and going to, their sequence numbers, protocol used by the packets and other similar information. They let you determine the health of your network packet by packet.

Sometimes protocol analyzers are also referred to as 'Sniffers'. A network protocol analyzer can be a hardware appliance or just a piece of software running on a laptop or desktop. Protocol analyzers usually are of two types, namely, distributed and standalone. Distributed protocol analyzers like OmniPeek allow you to capture packets from a number of nodes on the network at the same time, while the standalone ones operate from one node only. In this article, you will find standalone protocol analyzers, which we have divided into four categories. The first category contains protocol analyzers for WiFi networks. The second one is meant for wired networks, and there's a third only for analyzing HTTP protocols. Lastly are the do-it-all protocol analyzers.

How to deploy
If you want to analyze the traffic going out of your organization, then you should put your protocol analyzer between your Firewall and main network switch. If you are using a protocol analyzer from any port of your switch then make sure, you point it to your organization's gateway. Otherwise, you will only get broadcast and multicast packets from that port. Some switches have a special port known as SPAN (Switched Port Analyzer) which is specifically meant for traffic analysis purposes. The concept of SPAN port started due to the basic differences between hub and switch. While hubs broadcast traffic to all ports, switches contain it between the source and destination ports only. A SPAN port will capture all traffic.

Features
Now that you know how to deploy a protocol analyzer, let's look at the kind of features you can expect to find in a good protocol analyzer.

Decode: After a packet has been captured, a protocol analyzer will decode it into human readable format using it's decode module. While it may not be able to decode all contents of a packet, it provides various useful information which otherwise can be hard to understand.

Expert analysis: This feature gives a detailed view of the events taking place on the network. Based on algorithms present in the protocol analyzer, it gives a diagnosis of the network which includes information like severe events, key trends, utilization, etc.Packet generation: Many protocol analyzers allow you to create your own customized packets and send them across the network. This is used for various purposes, such as stress testing a network or you can send packets to specific nodes to check their behavior.

Triggers: These are used to stop or start traffic capturing, when a particular network event takes place or at a particular time.

Address book: An address book entry usually contains information about IP addresses, MAC addresses, descriptions and the hostnames of the nodes.
Filters: Filters are used for capturing only the required data for a specific condition. This saves your valuable time of going through all the captured packets, before you can find what you are looking for and also saves the buffer size. Filters can be based on IP addresses, protocols, MAC addresses, etc. Filters can be applied to capture data and also on captured data.

Reports: You can create reports of network behavior, which can be useful during network audits and also for understanding the trends on your network.

Page(s) 1 2 3 4




	Server Management Tools for your Data Center

Untitled Document

ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Global Services Media] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]