Monitor your traffic and troubleshoot problems

Network Protocol Analyzer is a software tool used to capture and analyze the data traffic in a network. Network protocol analyzers can build the network's graphic map, generate alarms when the number of packets increases above a certain level or when it detects specific packet types in the network.

Developers may use network protocol analyzers for intercepting and analyzing the traffic from their applications, usually for HTTP protocol traffic.

Network Protocol Analyzer Main Functions

The number of functions depends on maturity and complexity of the network protocol analyzer. But all packet sniffers and analyzers must be able to capture and analyze network packets and filter data. Some of them can display network utilization statistics, show usage and error rates, and alert you to unusual actions. Bellow are to 10 main functions of a network protocol analyzer.

• 1. Capture packets from LAN and WiFi adapters
• 2. Advanced filtering
• 3. Save data to a disk
• 4. Create network maps
• 5. Display error rates
• 6. Display network utilization statistics
• 7. Programmable alerts
• 8. Unusual actions alerts
• 9. Decode SSL packets
• 10. Built-in HTTP protocol analyzer

Most network sniffers and analyzers work in a similar way and display nearly the same set of information. Simple network sniffers work by switching the network card into the so-called promiscuous mode, the more advanced ones intercept network traffic at the network driver level. This allows them to intercept and decode the SSL traffic as well by using the Man-in-the-middle technique.

HTTP Debugger is an example of a network protocol analyzer and sniffer for Windows that intercepts all of the network traffic at the driver level as well as it can decode the SSL traffic.



Most protocol analyzers can decode over three hundred different protocols. The more information presents the protocol analyzer, the less manual work you will have to do. A common problem for network protocol analyzers is the inability to accurately identify a protocol that is on a non-default port number, and this can be a problem in protecting against malicious hackers.

Network Monitoring

Network protocol analyzers are often used to monitor the performance of the network. The protocol analyzer can display network utilization, number of collisions and number of defective frames.

The network protocol analyzer can be programmed to display alarms for a number of conditions; for example, a load level has been exceeded, an error level has been exceeded, a new workstation (new MAC address) has been added to the network, or detect packets with specific words or to certain destinations.

Data Collection and Analysis

Network protocol analyzers are usually used for collecting and analyzing captured data. The burst rate or the maximum rate at which the device can collect data without losing any information is an important characteristic of the network protocol analyzer.

Detect Defect Frames

Network interface cards can become faulty and begin transmitting packets with errors; for example, by specifying the packet data in the destination field and cause the network overload. Protocol analyzers can detect and notify about such defective cards, as well as can detect and warn about expired frames. A network protocol analyzer can detect broadcast packets and indicate which particular station sends these packets.