Network Analysis

The term - network analysis - on this page is a technology in computer networking that networking professionals can use with their networking knowledge and a network analysis tool (network analysis software) to analyze what happened on the network, such as troubleshooting network issues, locating network breaches, etc. among captured network packets.

Network Analysis Introduction

"Why is the network slow?" "Why can’t I access my e-mail?" "Why can’t I get to the shared drive?" "Why is my computer acting strange?"

If you are a system administrator, network engineer, or security engineer you have probably heard these questions countless times. Thus begins the tedious and sometimes painful journey of troubleshooting. You start by trying to replicate the problem from your computer and analyze what was wrong. Sure enough, you can’t get to anything on the local network or the Internet either. Now what? Go to each of the servers and make sure they are up and functioning? Check that your router and switch is functioning? Check each computer for a malfunctioning network interface card?

No, you are able to contain the problem relatively quickly thanks to your knowledge and use of a network analyzer and network analysis.

What is Network Analysis and Sniffing?

Network analysis is the process of capturing network traffic and inspecting it closely to determine or analyze what happened on the network. A network analyzer decodes, or dissects the data packets of common protocols and displays the network traffic in human-readable format. Network analysis is also known by several other names: traffic analysis, protocol analysis, packet sniffing, packet analysis, and eavesdropping to name a few.

Sniffing tends to be one of the most popular terms in use today. However, due to malicious users it has had a negative connotation in the past.

What is Network Analyzer?

A network analyzer can be a standalone hardware device with specialized software, or it can simply be software that you install on your desktop or laptop. Network analyzers are available both free and commercially, such as Capsa Free is a free network analysis tool presented by Colasoft.

Differences between network analyzers tend to depend on features such as the number of supported protocol decodes the user interface, and graphing and statistical capabilities. Other differences include inference capabilities, such as expert analysis features, and the quality of packet decodes. Although several network analyzers all decode the same protocols, some may decode better than others.

Who Uses Network Analysis?

System administrators, network engineers, security engineers, system operators, even programmers, all use network analysis. Network analyzers are invaluable tools for diagnosing and troubleshooting network problems. Network analyzers used to be dedicated hardware devices that were very expensive. New advances in technology have allowed for the development of software network analyzers. This makes it more convenient and affordable for administrators to effectively troubleshoot a network. It also brings the capability of network analysis to anyone who wishes to perform it.

The art of network analysis is a double-edged sword. While network, system, and security professionals use it for troubleshooting and monitoring of the network, intruders can also use network analysis for harmful purposes. A network analyzer is a tool, and like all tools they can be used for both good and bad intentions.

The following list describes a few reasons why administrators use network analyzers:

  • Converting the binary data in packets to human-readable format
  • Troubleshooting problems on the network
  • Analyzing the performance of a network to discover bottlenecks
  • Network intrusion detection
  • Logging network traffic for forensics and evidence
  • Analyzing the operations of applications
  • Discovering a faulty network card
  • Discovering the origin of a Denial of Service (DoS) attack
  • Detecting spyware or computer worm
  • Network programming to debug in the development stage
  • Detecting a compromised computer
  • Validating compliance with company policy
  • As an educational resource when learning about protocols
  • For reverse-engineering protocols in order to write clients and supporting programs

If you are interested, please visit Capsa How-to's to learn more tips and skills on how to use a network analyzer to perform network analysis tasks.