Network protocol analysis software problems

There are always some problems with the use of network protocol analysis software. Some people often ask why I can only see my own communication? Why can't I see the Communication Status of XX? Is it software limitations? In fact, this kind of problem is not the limitation of the software, but caused by improper installation and deployment of the software. We know that the network protocol analysis software works in sniffing mode. It must collect raw data packets in the network to accurately analyze network faults. However, if the installation location is incorrect, the collected data packets will be significantly different, which will affect the analysis results and cause the above problems.

In view of this situation, I think it is necessary to introduce the installation and deployment of the network protocol analysis software. I will briefly introduce it below.

Generally, the installation and deployment of the network protocol analysis software are as follows:

Shared Network

The network that uses the Hub as the network switch device is a shared network. The Hub works in the OSI Layer in the shared mode. If your local area network

The network protocol analysis software can be installed on any host in the LAN. In this case, the software can capture all the data communication in the network.

Swap network with image Function

Switch) the network that acts as the center Switch device of the network is a switched network.

Switch) works in the data link layer of the OSI model. Its ports can effectively separate conflicting domains. The network connected by the Switch will separate the entire network into many small domains.

If the vswitch in your network has the image function, you can configure the port image on the vswitch, and then install the network protocol analysis software on the host that connects the Image Port, in this case, the software can capture all the data communication in the entire network.

Swap network with no image Function

Some simple vswitches may not have the image function and cannot monitor and analyze the network through port images.

In this case, you can concatenate a shard Tap or Hub between the vswitch and the vro or firewall to complete data capture.

Analyze a department or CIDR block at a specified point

In actual situations, the network topology is often very complex. During network analysis, we do not need to analyze the entire network, but only need to analyze some departments or network segments with abnormal work. In this case, you can install the network protocol analysis software on a mobile computer, and then attach a shard Tap) or Hub ), you can easily capture data from any department or network segment.