1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

Protocol Analyzer

Protocol analyzers (also called sniffers) are versatile tools for a variety of tasks:

  • Debugging network problems

  • Verifying proper operation of cryptographic protocols

  • Diagnosing flawed protocol implementations

  • Identifying unwanted traffic

  • Replaying of stored traffic for testing purposes

  • Reverse-engineering protocol implementations

  • Performing security checks

  • Identifying network background noise (broadcast protocols, NetBIOS, Appletalk)

If you ever find yourself confronted with learning or reverse-engineering an unknown or unfamiliar protocol, equip yourself with a sniffer, a hex editor, test gear, and any RFCs or standard documents you can find and start investigating the behavior of the protocol, the types of headers involved, the state transitions, and so on. This is really the best way of understanding the internals of protocols, and probably the most efficient as well. If available, you can also compare your observations with open source implementations and derive additional clues from the sources. When debugging a real-life problem, it is always a good approach to start from the bottom and work your way to the top of the stack in a structured manner.

Most UNIX systems come with tcpdump installed, which is a standard text-based protocol analyzer. Several graphical front ends and ancillary tools exist for tcpdump. By the way, Solaris provides the snoop utility for sniffing. Most people's tool of choice is the ethereal graphical protocol analyzer, which also provides a text-only version called tethereal (see Figure 6-7). The ngrep tool enables you to apply the functionality of the well-known UNIX grep utility to the network layer. It is a practical tool as well.

Figure 6-7. GUI of the Ethereal Sniffer

[View full size image]
graphics/06fig07.gif




    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Terminal Emulation Software
    		Secure Shell Tools
    		Protocol Analyzer
    		Statistical Tools
    		Port Scanners
    		socklist and netstat
    		Ping and Traceroute Combinations
    		DNS Auditing Tools
    		Traffic and Packet Generators
    		Lab 6-1: Using Sniffers-DHCP Example
    		Lab 6-2: UNIX CDP Configuration
    		Summary
    		Recommended Reading
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility