Protocol analyzer extends your ability to troubleshoot enterprise networks by easily gathering trace files across the network, from the network core to the most isolated segments and everything in between. Once collected, these trace files can be automatically forwarded for expert analysis by Colasoft Capsa.
A Protocol Analyzer is today considered an essential part of the Network Manager's toolkit. The traditional view is that analyzers are useful for troubleshooting networks while SNMP tools are better for trending and service management. This document asks if a Protocol Analyzer has a role to play in the day to day management of a network? Protocol Analyzers may cost many thousands of dollars, or they may be completely free. Manufacturers, of course, all claim, sometimes extravagantly, that their products will sort out all your problems when used on real life networks. Are these claims justified? Are the costly products genuinely better than the free ones? Will you find out more if you use an expensive product? Are the sophisticated features useful enough to justify the cost? How do you decide which product best suits your needs?Download Free Trial
What can Protocol Analyzers be used for?
Protocol Analyzers, often called "packet sniffers" after Network Associates market leading Sniffer product, capture packets and decode them into their component parts. Whether free or costly analyzers all do the same basic job. It's fairly obvious how analyzers can be used to troubleshooting network problems. Once a problem is detected packets are captured and analyzed and the details of the communication can be worked out. But analyzers can do more than this and, in fact, turn out to be surprisingly useful in many aspects of network management.
What to Look for?
Unauthorized Program Use
Virus Detection and Control
How much should I spend on a Protocol Analyzer?
This is the crux of the problem. Will an expensive analyzer deliver more than a cheaper one? Will I get more value from a higher cost product? My advice is to consider it very carefully before you decide. You can spend a significant amount of money on an analyzer, but you may not have to.
Proprietary solutions vary enormously in price and functionality. Although most make use of open formats (or at least allow data to be exchanged between different systems) you should check carefully that you are not tied into proprietary formats. It is very inconvenient to capture packets and then to have to mess around converting from one format to another if you need to share the information. Open Source analysis products have the huge advantage of being completely free, use open formats, and often provide as much functionality as proprietary solutions.
Decide on the features that you really need. If, in addition to protocol analysis, trending and performance measurements are very important to you a proprietary solution may be the best, since integration of the two functions is often very good. Again open source alternatives do exist so you could go for both a performance monitor and a protocol analyzer.
If technical support and training are important these are generally better provided for by proprietary solutions, though normally at additional cost.
If full wire speed packet capture is a requirement then you may have to consider a hardware solution, but these are extremely expensive and are normally only justified in special cases.
It is worth trying as many analyzers as possible to see which suits you best. For the types of problems described above the really important feature is the sophistication of the filtering mechanism. Again look carefully at what is being offered.
The combination of an SNMP based Performance Manager and a well featured Protocol Analyzer will allow you to perform many of the fundamental tasks required for successful network management.Download Free Trial