In last week's post we had covered the different types of protocols and a brief insight into what is network protocol analysis. Also covered was the various network protocol analyzers or packet sniffers commonly used. This week we will be learning more on network protocol analysis. In the typical network architecture, a layered approach is used to design network protocols and communications. The most popular network architecture reference model is called the OSI model. The protocols at one layer should communicate with protocols at the same layer. Each of the seven layers of the protocol stack have specific protocols through which they communicate. The key function of a protocol analyzer is to decode the protocol at each layer. Network protocol analyzers or packet sniffers are used to analyze the network protocols. These capture the data passing through your dial-up connection or network Ethernet card, analyze this data and then represents it in an easily readable form. Analyzers defragment and reassemble network packets into streams which now become the readable form.
The packet analyzers consist of a flexible system of fully configurable filters can be used to discard all network traffic except the specific traffic patterns you wish to analyze. Like for example we can filter the FTP protocol and allow TCP/IP protocols. Protocol Analyzers can be used both for legitimate network management or for stealing information off a network. Network operations and maintenance personnel use Protocol Analyzer to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized protocol analyzers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon of hackers as they can reassemble the data transmitted in a network back in readable form hence information exchanged on the network can easily be viewed and hence pose a threat.
No comments:
Post a Comment