Protocol Analyzers – CompTIA Security+ SY0-401: 1.1

If you ever want to know exactly what’s happening on a network, then you need a protocol analyzer. In this video, you’ll learn about protocol analyzers and how they can be used to monitor traffic and solve network problems.

<< Previous Video: Network Intrusion Detection and PreventionNext: Spam Filters >>

If you recall from the CompTIA Security Plus requirements we looked at at the beginning of this video, one of the things it asked us to know about was a sniffer. And it has a little bit of a double meaning in our industry, it’s sort of a generic term we’re now using. But the term sniffer is actually a product, it’s actually a registered trademark of a company called NetScout systems.

It’s a product that’s been around for a long time, and because it has such longevity in our industry, we’ve almost used the name generically as a device that is able to capture packets from the network and provide us with analysis and decodes of that information. So if you’re using the term sniffer, you’re really referencing a product line from another company.

It’s almost becoming the xerox and the Kleenex of the network security industry. There are very common ways to capture packets and display those packets on the screen, and that’s really what we’re talking about. When you hear somebody say sniffer, what they’re really talking about is a network analyzer. It’s something that can grab those packets and show them in plain English on the screen what’s going through the network.

Take all those ones and zeroes, and those signals that are going across that ethernet connection, and somehow put them all together and show us that that was a web conversation, or exactly what might be going across that link. Very, very common technology. In fact, these days it’s almost an easy one to find, because there are some very good open source options.

One of the most popular network analysis tools you’ll find is one called Wireshark. If you go to, you’ll be able to download that, load it on your machine, capture your packets from the network right now, and be able to see exactly what’s going on on your protocol analyzer.