Q

What's the difference between packet sniffers and protocol analyzers?

Learn the difference between packet sniffers and protocol analyzers in this Ask the Expert response with our networking fundamentals expert.

What's the difference between packet sniffers and protocol analyzers? The analyzer sounds much more sophisticated,

but is it? A "sniffer" is the original trademark from the "old" Network General that dates back to their DOS-based protocol analyzer (Network General has been recently re-born as a sell-off from McAfee, formerly Network Associates). Sometimes the word sniffer is generically used to mean any protocol analyzer.

The degree of sophistication depends on what other features the analyzer offers beyond basic packet capturing and decoding. For instance, more advanced analyzers have expert systems that can dramatically cut troubleshooting time. Unfortunately, like automobiles, the quality of the expert system varies dramatically from vendor-to-vendor.

Another more advanced feature is distributed analysis. Enterprise-grade analyzers offer remote 24 x 7 packet capture, expert analysis, security, and management and control features. Some analyzers also support distributed 802.11 wireless "sensors."

Finally, if you work with very high speed networks like Gigabit Ethernet, the protocol analyzer will need to support specialized hardware such as Gigabit Ethernet NICs with an on-board CPU for precision timestamping of packet arrival (OS timestamping is not accurate at high speeds), support for on-board packet triggering and filtering, and the ability to merge two streams together from a full duplex connection. An alternative but low performance option is to use off the shelf hardware and connect to a SPAN (mirror) port on a switch.

This was first published in August 2004

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close