In-depth exploration of the functions and design of the routing protocol analyzer

The routing protocol analyzer is still very important in routing applications, and the technology is gradually improved. The best way to analyze data packets transmitted over the network is largely determined by the device you have at hand. In the early stages of network technology development using the Internet era of HUB or HUB), the answer is simple. You only need to insert the line on a HUB, and everything is done-that is, use the routing protocol analyzer.

The routing protocol analyzer is a device that can capture network packets. The legitimate use of the routing protocol analyzer is to capture and analyze network traffic to identify potential problems in the network. For example, assume that a certain part of the network is not running very well and the message transmission is slow, but we do not know what the problem is, in this case, you can use the routing protocol analyzer to make accurate judgment. The routing protocol analyzer has many differences in functionality and design. Some can only analyze one protocol, while others can analyze hundreds of protocols. In general, most sniffing devices can analyze at least the following protocols:

Ethernet
TCP/IP
IPX
DECNet
Other ......

The router protocol analyzer is usually a combination of hardware and software. It usually uses dedicated hardware or a dedicated Nic to capture data in the network. The method for capturing the data transmitted in the network is called sniffing ). The Ethernet protocol sends packet information to all hosts in the same loop. The data packet header contains the correct address of the target host. Generally, only the host with this address will accept this packet. If a host can receive all data packets and ignore the packet header content, this mode is usually called the "mixed" mode (P mode ). This is the basis for the routing protocol analyzer to capture data, and its generation comes from the shared network.

For today's Ethernet switches, the answer begins to "depending on the situation ". According to the design, most switches do not allow users to view the traffic from the server to the workstation except the workstation that the user is using ). In fact, this situation may be solved through the port ing technology. Specifically, it is to copy the transmission stream sent to a port on the switch to another port. However, the current vswitches are divided into manageable and unmanageable vswitches. Unmanageable vswitches are cheaper than manageable vswitches, however, it usually lacks the capability of port ing. Although some vswitches claim to be manageable, they may only support SNMP and may not have port ing. This is an important issue that needs to be clarified when a user buys a new switch for the network.

If your vswitch does not support port ing, you can solve this problem. These methods are more common for protocol analysis in an exchange environment: cheap and convenient: A hub can be installed between the tested workstation and the network. Connect the route protocol analyzer to the hub and observe the transmission streams in both directions.

Expensive and professional method: Use a professional Ethernet test interface box (TAP) to install it online on the tested network, you can view sessions in one direction without performing additional filtering in the analyzer in use. This means that you cannot view all sessions at the same time. Therefore, you may need to capture some additional data packets to understand all the situations.

The routing protocol analyzer was originally a common tool for network engineers, but it is also very common to be used for other purposes. Today, hackers are skilled in using powerful routing protocol analyzers, which are both sides of a tool. For those who can use the routing protocol analyzer, their rights are very great. If he does something, it is difficult to block it. This tool is useful and harmful for security purposes. Just like a knife, it's in the hands of someone else.