TABLE OF CONTENTS Why is the network slow? Why can t I access my e-mail? Why can t I get to the shared drive? Why is my computer acting strange? If you are a systems administrator, network engineer, or security engineer you have heard these questions countless times. Thus begins the tedious and sometimes painful journey of troubleshooting. You start by trying to replicate the problem from your computer, but you can t connect to the local network or the Internet either. What should you do? Go to each of the servers and make sure they are up and functioning? Check that your router is functioning? Check each computer for a malfunctioning network card?
Now consider this scenario. You go to your main network switch or border router and configure one of the unused ports for port mirroring. You plug in your laptop, fire up your network analyzer, and see thousands of Transmission Control Protocol (TCP) packets (destined for port 25) with various Internet Protocol (IP) addresses. You investigate and learn that there is a virus on the network that spreads through e-mail, and immediately apply access filters to block these packets from entering or exiting your network. Thankfully, you were able to contain the problem relatively quickly because of your knowledge and use of your network analyzer.
Network analysis (also known as traffic analysis, protocol analysis, sniffing, packet analysis, eavesdropping, and so on) is the process of capturing network traffic and...
