A protocol analyzer is a software which is used to decode information inside a specific protocol. These software are predominantly used to analyze the internals of protocols. Some of the common scenarios where protocol analyzers are used are described below.
1. Network troubleshooting.
Network engineers use protocol analyzers as part of their troubleshooting. A troubleshooting scenario would be when a user is unable to connect to a FTP server. The network engineer can use a protocol analyzer and view the packet level communication between a client and the server and analyze the FTP protocol and check where the communication is failing.
Security engineers can use protocol analyzers to find known patterns on the network to detects security issues. Most commercial security appliances like IDS/IPS uses inbuilt traffic monitoring which is performed using software which has protocol analyzer functionality. Security administrators can write known filters for security attacks on protocol analyzers which would help them to detect malware and attacks at a network level, providing for a custom security monitoring solution.
Protocol analyzers are also used for network testing. They are used to confirm if a specific hardware or software which has protocols inbuilt, work in adherence to known standards. Also as part of testing, engineers can verify fields inside protocols and packets.
Wireshark is the most popular protocol analyzers. It is a freeware and can be downloaded from www.wireshark.org. Wireshark can be used for some of the following purpose.
1. Decode packets
2. Decode protocols
3. Write and apply filters.
4. Performance monitoring.
5. Packet capture on multiple interfaces.