Network Analyzers
A network analyzer, also known as a protocol analyzer, decodes the various protocol layers in a recorded frame and presents them as readable abbreviations or summaries. These results detail which layer is involved (physical, data link, and so forth) and what function each byte or byte content serves. Most network analyzers can perform many of the following functions:
-
Filter traffic that meets certain criteria so that, for example, all traffic to and from a particular device can be captured.
-
Time stamp-captured data.
-
Present protocol layers in an easily readable form.
-
Generate frames and transmit them onto the network.
-
Incorporate an expert system in which the analyzer uses a set of rules, combined with information about the network configuration and operation, to diagnose and solve, or offer potential solutions to, network problems.
As all the Cisco Network Security devices have extensive show and debug commands and syslog capability, most of the problems that arise in those devices can be diagnosed and troubleshot without the help of any external tool such as a network analyzer. However, there are some instances where using the network analyzer is required. For example, if users from a private network cannot access the Internet through the PIX firewall, and with the show command and syslog you have discovered that the packets are not hitting the PIX inside interface, you can isolate this problem with the network analyzer. The problem might be in Layer 2 with an ARP corruption, Content-Addressable Memory (CAM) table problem on the switch, and so on.
Many commercial and freely downloadable network analyzers are available in the market. A very popular and free downloadable network analyzer (Ethereal) can be downloaded from the following location: http://www.ethereal.com/
Certain Cisco Network Security devices have built-in packets capturing capability very much like sniffer software. One such example is the capture command on the PIX firewall. More details on specific capture commands are explained in the respective product-specific chapters.