What is a network protocol analyzer

Source: Internet
Author: User

We can use the network protocol analyzer to observe the network protocol analysis. Here we will explain the network analyzer. The best way to analyze data packets transmitted over the network depends largely on the device you have. in the early stages of network technology development using the Internet era of HUB or HUB), the answer is very simple. You only need to insert the line on a HUB, and everything is done-that is, using a protocol analyzer.

The protocol analyzer is a device that can capture network packets. the protocol analyzer is used to capture and analyze network traffic to identify potential problems in the network. for example, assume that a certain part of the network is not running very well and the message transmission is slow, but we do not know what the problem is, in this case, you can use the network protocol analyzer to make a precise problem judgment.

The protocol analyzer has many differences in functionality and design. some can only analyze one protocol, while others can analyze hundreds of protocols. in general, most sniffing devices can analyze at least the following protocols:

Ethernet

TCP/IP

IPX

DECNet

Other ......

Network protocol analyzer is usually a combination of hardware and software. It usually uses dedicated hardware or a dedicated Nic to capture data in the network. the method for capturing the data transmitted in the network is called sniffing ).

The Ethernet protocol sends packet information to all hosts in the same loop. the data header contains the correct address of the target host. generally, only the host with this address will accept this packet. if a host can receive all data packets and ignore the packet header content, this mode is usually called the "hybrid" mode (P mode ). this is the basis for the protocol analyzer to capture data, and its generation comes from a shared network.

For today's Ethernet switches, the answer begins to "depending on the situation ". according to the design, most switches do not allow users to view the traffic from the server to the workstation except the workstation that the user is using ). in fact, this situation may be solved through the port ing technology. specifically, it is to copy the transmission stream sent to a port on the switch to another port. however, the current vswitches are divided into manageable and unmanageable vswitches. Unmanageable vswitches are cheaper than manageable vswitches, however, it usually lacks the capability of port ing. although some vswitches claim to be manageable, they may only support SNMP and may not have port ing. this is an important issue that needs to be clarified when a user buys a new switch for the network.

If your vswitch does not support port ing, you can also solve this problem. These methods are more common for protocol analysis in the exchange environment:

Cheap and convenient method: you can install a hub between the tested workstation and the network, connect the network protocol analyzer to the hub, and observe the transmission flow in both directions.

Expensive and professional method: Use a professional Ethernet test interface box (TAP) to install it online on the tested network, you can view sessions in one direction without performing additional filtering in the analyzer in use. this means that you cannot view all sessions at the same time. Therefore, you may need to capture some additional data packets to understand all the situations.

The protocol analyzer was originally a common tool for network engineers, but it is also very common to be used for other purposes. today, hackers are skilled in using powerful protocol analyzer, which is both sides of a tool.

For a person who can use a protocol analyzer, his rights are huge. If he does something about it, it is hard to block it. this tool is useful and harmful in terms of security. just like a knife, it's in the hands of someone else.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.