Ask the Expert

What's the difference between packet sniffers and protocol analyzers?

What's the difference between packet sniffers and protocol analyzers? The analyzer sounds much more sophisticated, but is it?

    Requires Free Membership to View

A "sniffer" is the original trademark from the "old" Network General that dates back to their DOS-based protocol analyzer (Network General has been recently re-born as a sell-off from McAfee, formerly Network Associates). Sometimes the word sniffer is generically used to mean any protocol analyzer.

The degree of sophistication depends on what other features the analyzer offers beyond basic packet capturing and decoding. For instance, more advanced analyzers have expert systems that can dramatically cut troubleshooting time. Unfortunately, like automobiles, the quality of the expert system varies dramatically from vendor-to-vendor.

Another more advanced feature is distributed analysis. Enterprise-grade analyzers offer remote 24 x 7 packet capture, expert analysis, security, and management and control features. Some analyzers also support distributed 802.11 wireless "sensors."

Finally, if you work with very high speed networks like Gigabit Ethernet, the protocol analyzer will need to support specialized hardware such as Gigabit Ethernet NICs with an on-board CPU for precision timestamping of packet arrival (OS timestamping is not accurate at high speeds), support for on-board packet triggering and filtering, and the ability to merge two streams together from a full duplex connection. An alternative but low performance option is to use off the shelf hardware and connect to a SPAN (mirror) port on a switch.

This was first published in August 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: