Sometimes the best way to troubleshoot and protect a network is by examining individual data packets in detail. This low-level security is made possible by using a protocol analyzer, which allows you to see the very bits and bytes being carried around in data packets.
Here are some tips to help you get the most out of the protocol analyzer:
- Set up tap points: Tap points are network points you choose to monitor traffic at, and their selection plays a key role in how effective the protocol analysis is going to be. There should be dedicated ports on major switches which can be tapped into.
- Configuring hubs: If your network does not have managed switches, a workaround is to use hubs to copy traffic from between two Ethernet devices and send it for analysis. However, this method should only be resorted to in emergency, and in general you need to make sure there are mirror ports available.
- Get better tools: You need a tool that only captures the packet data, but is also able to perform basic analysis and reporting. The tool most commonly used by administrators is tcpdump, but in an enterprise-class network, you need something much more capable and smart.
- Get a reference guide: It’s possible to make very good guesses about potential vulnerabilities just by performing some simple troubleshooting steps. That’s why it’s important that you have access to a good network troubleshooting guidebook.
Protocol analyzers are very helpful tools, and can be made even better by understanding and smartly monitoring the network.