What Is a Protocol Analyzer?
Network protocol analysis refers to the analysis of the protocol headers and tails of network data packets through programs to understand the behavior of information and related data packets during their generation and transmission. The software and equipment that contains this program is the protocol analyzer.
Protocol analyzer
- Network protocol analysis refers to
- In a typical network structure,
- Protocol analyzer can be used for both legal
- There are a variety of protocol analyzers on the market today, basically divided into two categories: portable and distributed.
- A protocol analyzer is a diagnostic tool for monitoring and tracking network activity. They can be software running on a computer or special unit devices containing special circuit boards and software. Protocol analyzers are usually portable devices that can be carried to different locations by network technicians. Here are some tasks they can handle:
- 1. Display the type information of the transmission information packet on the network. You can monitor these groups to monitor safety, determine failures, or monitor and optimize a network.
- 2. Query all nodes on an Internet network, or between any one specific node and all other nodes
- Network Protocol Analyzer Network Protocol Analyzer Ethereal is currently the best, open source, widely used network protocol analyzer that supports Linux and Windows platforms. Adding a new protocol parser to the system is very simple. Since the earliest release of Ethereal 0.2 in 1998, volunteers have added a lot of new protocol parsers to Ethereal. Now Ethereal has supported more than 500 protocol parsers. The reason is that Ehereal has a good scalability design structure, so that it can continue to add new protocol parsers to meet the needs of network development.
Protocol analyzer analyzes the format of the protocol
- Ethereal's packet capture interface has three parts. The upper part is the message list window, which displays summary information after analyzing each captured data packet, including number, time, source address, destination address, protocol, information. The middle part is the protocol tree window, which displays the protocol information of the data message. When you select different entries in the message list window, the content of the protocol tree window changes to the corresponding protocol information. The lower part is the hexadecimal message window, which can display the data form of the message at the physical layer.
- After packet capture is complete, the display filter can be used to find the packets you are interested in. You can also find the packets you are interested in based on the protocol, whether there is a certain domain, the domain value, and the relationship between the domain values.
Ethereal Packet capture features of protocol analyzer Ethereal
- * Capturing packets from different types of network hardware, such as Ethernet, Token Ring, ATM, etc .;
- * Different triggers are similar when stopping packet capture: such as total data captured, packet capture time, and number of captured packets;
- * Compiled (parsed) packages are also displayed during packet capture.
- * According to the conditions of the packet filter, filter from all the captured data and subtract the packets that meet the conditions.
- When using Ethereal for network protocol analysis, you should pay attention to: you must have administrator rights to start the packet capture process; you must choose the correct network interface to capture the packet data; you must capture the packet in the correct location of the network to see the business traffic you want to see .