Protocol Analyzers – CompTIA Network+ N10-006 – 4.2


If you want to completely understand what’s happening across the wire, then you’ll need to use and understand a protocol analyzer. In this video, you’ll learn how this packet capture process can provide you with the knowledge you’ll need to solve the tough network problems.
<< Previous: Web-Based Troubleshooting ToolsNext: Troubleshooting Wireless Signals >>


Troubleshooting a network issue or application problem on a wired network can be easily done with a protocol analyzer. This allows me to capture everything going across the wire and display a packet-by-packet breakdown of exactly what was sent between point A and point B. On a wired network, we would either need a physical tap that would be connected somewhere inside of the network, or we would need a switch that has the ability to redirect traffic through the switch to a protocol analyzer.

A popular option to use for protocol analysis is Wireshark, and it gives you a very complete description of everything that’s going through the network. Wireshark is really a remarkable tool. We can capture information from wired networks or wireless networks that will give you breakdown, frame-by-frame, of exactly what went through the network. You can look at details of that information, and if you really even wanted a breakdown of the exact ASCII and hexadecimal that was inside of that time frame, you can break it down and view it in that way as well.

There are also a number of tools in Wireshark. You can go to and analyze screen and do things like following a TCP stream to break down exactly what was in a number of packets and recreate, effectively, what those are inside of a single window. So instead of going frame by frame by frame, you can now bring it all together and view it all as one single view.

Wireshark is even easier to use on wireless networks because it’s radio waves. It’s in the air. You don’t need a tap. You don’t need to switch to be able to send the information to your protocol analyzer. You’re able to hear everything. The challenge you have is that your device has to be quiet. If you’re sending information out on that wireless network, you’re effectively overloading your receiver. Some drivers will disable themselves when doing packet analysis so that it’s able to listen to everything that’s out there over the wireless networks.

You have to have just the right driver to be able to gather wireless information. Not all wireless chipsets work properly with programs like Wireshark, so you may have to check and make sure that your wireless adapter is supported by the protocol analyzer that you’re using.

Even if you don’t have the right chipset, you may still be able to pull out the ethernet-related information on the wireless network. You just may not have access to the wireless-specific data that’s going over the air. If you want to try it yourself, you can go out to wireshark.org, install it onto your operating system, and see what you’re sending out over the network.