If you want to see exactly what’s happening on the network, then you’ll want to use a protocol analyzer. In this video, you’ll learn about protocol analyzers and I’ll demonstrate what you can see in a captured trace file.
<< Previous: Implementing a Basic NetworkNext: Network Monitoring Tools >>
One of the ultimate ways to understand exactly what’s happening on the network is to look at the packets that are going back and forth. And the easiest way to do that is with a protocol analyzer. With this protocol analyzer, we’re able to look into exactly how the application is performing. We’ll get every detail about every 1 and every 0 that’s traversing the network. And if we can view this information in a way that makes sense to us human beings, we can then start to troubleshoot how these applications are performing.
The protocol analyzer can gather these details from either wired or wireless networks. You may need specific wireless adapters or network taps to be able to connect. But once that is in place, it does all of the hard work of decoding all of those 1s and 0s into protocols that we can understand. You may also be able to get some enhanced analytics from a protocol analyzer. So we can show you some charts and some graphs so that you can understand better exactly how information is flowing across the network.
Here’s a packet capture I took on the Professor Messer web server. And I loaded this packet capture into Wireshark. Wireshark is an absolutely free and very powerful packet analyzer. And you can download it at wireshark.org.
I’ve got three panes of information in this Wireshark view. The top pane is going to show me a summary of each individual frame as it went through the ethernet network. In the middle, I will get a detail of the frame that I’ve selected just above. And at the very bottom is a hexadecimal and an Ascii representation of what’s inside of that ethernet frame.
Let’s look at one of these frames. Here’s an HTTP response that’s sending information out OK. You can see there’s IP header information. So I can see source IP and destination IP. I can see the port numbers that were in use over TCP– the Transmission Control Protocol. This happened to be a graphic that was being sent across the network. And there’s the summary of the Ascii information that made up that particular graphic.
Wireshark also has some enhanced capabilities. If I go up to Statistics, I can get, for instance, information about the conversations that were taking place. And you can see, in this particular trace, I have 43 separate conversations between point A and point B. I could use any one of these, for instance, and click Follow Stream, and Wireshark will rebuild all of the information from those packets and show it to mean something that’s much more readable. This is effectively rebuilding those web pages that were traversing the network.
Wireshark has a lot of functionality. And one of the things that is important as you’re studying Network Plus is that you get a feel for traffic communicating across the network. And I would recommend you download Wireshark, install it on your machine, and start getting an understanding of all of the things that are happening across the wire that up to this point were invisible unless you had a protocol analyzer.