Tactical Advice

5 Tips for Using a Protocol Analyzer

This troubleshooting tool is tops for diagnosing what ails the network.
5 Tips for Using a Protocol Analyzer

Troubleshooting network problems is not an art; it’s a science. Stumbling around in the dark hoping to figure out what’s wrong works some of the time. But to become a true network ninja, IT pros must have the right tools. One of the most important tools that the network manager wields is the protocol analyzer.

Protocol analyzers watch the traffic flying by a particular part of the network and show each and every packet. By displaying and decoding the actual bits on the network, protocol analyzers shed insight into exactly what is happening, which might be the only way to understand what’s causing a problem.  

Originally offered as dedicated appliances designed to intercept serial communications, protocol analyzers have since moved into the world of software. Commercial and open-source versions are available on a variety of platforms. Here are some tips to make the best use of these tools:

Tip 1: Get tap points in place. A key step before booting up the protocol analyzer is ensuring that the network has the appropriate tap points ready to go. Today’s networks are highly switched, which means it could be hard to find a spot to watch traffic, which is necessary for debugging a problem. Managed switches usually support a mirror port — a single port that can be told to copy all the traffic on one or more other ports or virtual LANs. Hook the analyzer to the mirror port, and it sees everything. Have dedicated ports on major switches ready to be reconfigured as mirror ports when needed.

Tip 2: Repurpose old hubs. When mirror ports are unavailable, or if the switch is not managed, there are other techniques. An Ethernet tap does what the term implies: It drops in between two Ethernet devices and copies all of the traffic to other ports for traffic analysis. Many network managers also keep a stockpile of old 100 megabit-per-second hubs, which can be inserted between a misbehaving device and the network to tap traffic.

Tip 3: Know what a healthy network looks like. Learn to use a protocol analyzer before the network has a problem. Walking through simple transactions such as Address Resolution Protocol requests, Internet Control Message Protocol redirects, the Transmission Control Protocol three-way handshake and a Domain Name Server query and response, especially with a good reference guide, helps to cement book learning and identify the minor flaws of individual networks.  

Tip 4: Find something better than tcpdump.  Protocol analyzers differentiate themselves by their decoding and analytical capabilities. The simplest and oldest analyzer, the venerable Unix tcpdump command, grabs packets, and that’s about all. It’s useful for verifying that two systems are talking — an important debugging step — but commercial and open-source tools take things much further, with upper-layer statistics, decodes, expert analysis and even snazzy features such as voice call replay. The only reason to use tcpdump is to capture packets for analysis by a smarter tool.  

Tip 5: For application performance issues, go to the pros.  Protocol analyzers are best for identifying reproducible misbehavior, such as communications errors or network configuration bugs. They aren’t that useful for answering broader questions about application performance, which may require more careful instrumentation and active probing of the system. When application performance is the problem, protocol analyzers offer a useful starting point and can supplement specialized performance monitors, but they aren’t a substitute.

Sign up for our e-newsletter

About the Author

Joel Snyder

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.