A Network Protocol Analyzer is an analyzing and detection tool used in the network administration designed and programmed to work with other such tools like Antivirus, anti-malware, firewalls, Intrusion Detection System (IDS) and Honeypots instead of replacing them. It enhances the security of a network work as a complementary part of the above-mentioned mechanisms. To learn about how much this tool affects your network and computer system and how important it is, you need to know how it functions and what are the advantages and disadvantages of it.
Below are the steps showing you it works;
• To start from the basic, the Network Protocol Analyzer runs on a host system which in the business of data transfer and exchange is also referred to as the receiver. • In the initial stage, it needs a software driver to intercept all the data traffic passing through a Network Interface Controller (NIC).
• In the next step, the intercepted data traffic is sent to the Sniffer's (Network Protocol Analyzer's) packet decoder to be separated and sent put into the layers where they belong.
• After the data packets have been identified and classified, the sniffer puts on a display on your screen giving you all the information about them. The number of tasks and functions an analyzer can perform may vary from type to type but the above-mentioned steps are essential parts of it functionality with a single exception; this is the most basic type of analyzer that has been described for you which is put into the motion by switching the network card into the promiscuous mode.
If you deploy a more advanced version of the Network Protocol Analyzer, a network driver is used instead of a card to intercept the traffic. By using this simple trick, Man in the Middle technique can be reinforced which further allows the interception process to spread to the next level and decode even the Secure Socket Layer (SSL).
There are two types of methods Network Protocol Analyzers use, these methods depend upon the requirements and necessity of the host.
They are listed below:
• When a hub is used in the network, ports carry the responsibility of receiving all the data traffic. A hub can be used by multiple users which results in a collision of traffic and since the hubs are not secure, hackers can easily victimize their targets. A passive Sniffing method is used in such cases.
• On the other hand, we have Active Sniffing where the switches are used instead of hub and the Analyzer becomes picky in this case in choosing which port to use. Performance is enhanced in this method.