Previous Table of Contents Next Summary A network analyzer is a tool that listens to network packets on a shared segment and decodes them into human-readable format. Some are horrendously expensive, some are not. The neat thing about them is that they run on most PCs if you have the right type of network card-that is, a "promiscuous" network card, which is able to listen to all network packets. Depending on the analyzer, you can expect to see many functions that will help you analyze the raw data that the analyzer captures. Some of these functions include capture filtering, sortable statistical displays, "expert" analysis of data, and customizable views. There's more than one analyzer available on the market, because there's more than one problem out there. Different analyzers are good for different things. In particular, Token-Ring needs certain features not present on generic analyzers. Knowing what and when to filter is a really important part of learning how to use an analyzer. Once you learn how to take small manageable trace files, you'll be able to quickly go through them and find what you need in order to vanquish your problems-or to entice your vendor to help out. Analyzers, like any tool, have limitations, but if you have your wits about you, they're a powerful addition to your troubleshooting arsenal. Workshop Q&A Q C'mon, Jonathan! Network analysts spend years learning how to sift through protocol data. How do you expect me to learn this in an hour? A The key here is to limit the scope of what you're expecting to accomplish. True, although you're probably able to learn the various protocols and service nuances that underlie the everyday programs and services that you know and love, why would you want to? Analyzers are simply an effective way for you to apply your black box troubleshooting skills. Don't get discouraged if you don't understand everything you see on the decode screen-just remember to keep asking yourself questions such as "which of these things is not like the other?" and you'll do very well. If you feel you need or want to dig deeper, grab a protocol book and have fun. However, in many cases, that won't be necessary. Q Where can I get an Ethernet mini-hub or Token-Ring node doubler? A The same place you can get a mini-switch: Just visit one of the various network supply houses that have homes on the Net. I've had good luck with www.networksnow.com and www.datawarehouse.com, but any of them can supply these items to you. Quiz 1. True or false? The difference between a cable scanner and a network analyzer is that a cable scanner can solve all network-level problems. 2. Most analyzers have which two modes of operation? A. Capture the flag and a secret decoder ring B. Packet capture and packet decode C. Capture of data and decode of Ethernet D. View and sort 3. A network analyzer requires a computer and a __________ network card. A. promiscuous B. promethean C. amorous D. packetized 4. True or false? Identifying how and when to filter is a highly important part of learning how to use an analyzer. 5. A filter can be _____________________. A. workstation related B. protocol related C. Both A and B D. Neither A nor B 6. True or false? If your analyzer does not gather network names (such as DNS or NetBIOS), it's impossible for you to identify whose computer corresponds to a particular MAC address. 7. You're about to connect an analyzer to a network segment. For best results, what should you have done first? A. Sniffed packets B. Formed an option C. Come up with a theory D. Decided not to use a filter Answers to Quiz Questions 1. False 2. B 3. A 4. True 5. B 6. False 7. C Previous Table of Contents Next