TEL: 0800 085 2181 | www.protocol-analyser.co.uk |
  Thursday, 23rd February 2012  

Protocol Analysis of Network Segments

Can a Protocol Analyser see all of the segments of my network (can a Protocol Analyser work over a WAN)?

No.

Protocol Analysers can only view and collect traffic from the segment where the Protocol Analyser is located. To capture and analyse traffic from another segment (local multi-segment LAN or remote WAN), a distributed or multi-segment Protocol Analyser is required. Distributed analysers offer similar functionality to a standard (non-distributed) Protocol Analyser, displaying multiple diagnostic windows, each representing a segment on your LAN - all from a single management station. Typically, distributed Protocol Analysers consist of a software based management station and ether software or hardware based probes allowing an administrator to "view" any segment that hosts a probe.

Protocol Analysers and SNMP

Do Protocol Analysers use SNMP?

Typically not.

SNMP products provide device specific information, where Protocol Analysers obtain all their information by examining the traffic on the LAN. For example, an SNMP collection utility could not provide session delta time stamps for a Unix telnet session, nor can SNMP provide bandwidth utilisation statistics directly.

Example SNMP statistics would include how many packets came in or went out of a router, a print server's IP address, or a predefined trap generated by a network printer for "out of paper". SNMP products are a good complement to any Protocol Analyser.

Being a Protocol Analyser Expert

Do I have to be an expert to Use One?

Definitely not.

While Protocol Analysers can be used by network developers to view the exact contents of a network conversation, a modern Protocol Analyser with a graphical user interface provides many other types of information beyond the bits and bytes of the actual protocols. Being able to see which device or system failed to respond is usually enough information to pinpoint the problem and focus your attention on that piece of the puzzle.

As you may have experienced, network troubleshooting can be full of hours of wasted time chasing a theory that turns out to be misdirected. If a Protocol Analyser helps you save just one wild goose chase, it is money well spent. Protocol Analysers also provide many statistical and real time trend statistics that help for management justification of new hardware.

Switched Protocol Analyser Environments

Is a Protocol Analyser useful in a switched environment?

Yes.

If your switch supports port mirroring. You can turn on mirroring of one or more of the switched ports to the span port which the Protocol Analyser is plugged in to. Using a Protocol Analyser in a switched environment is common, and can provide both global port balancing information (using station statistics) and specific conversation troubleshooting information (using packet capture and decode).

In most switched environments using a Protocol Analyser is as simple as placing the tool on a server to collect access and conversational data to and from that server. Placing the Protocol Analyser on a "downstream" hub can show if the hub's users are correctly placed to maximise the aggregate throughput of the switch. Most switches allow for port tapping to direct any port's traffic to the port where the Protocol Analyser is installed.