Hitting the Hot Spots: NetAnalyst Certification
The PMG NetAnalyst certification is a program designed to help IT and networking professionals understand networking from the wire level on up through the application. This program started in 1995 and has more than 2,500 certified professionals currently among its ranks. This program was even profiled in the August 2001 issue of Certification Magazine in the article, “Pine Mountain Certification: Between the Cracks.” This title didn’t refer to the location or status of the certification itself, but rather it emphasized the ability of someone who completes this program to determine exactly where network behaviors, problems or issues originate by examining the kind of information that moves across the network. Because this often occurs in the gray areas between vendor platforms, services or other boundaries between products and platforms, this emphasizes the knowledge and skills necessary to track things down properly.
PMG is an acronym for the Pine Mountain Group, a once-independent training and certification organization. Today, PMG and the NetAnalyst certification program are the property of Austin, Texas-based network management software company NetQos Inc.
Bill Alderson, well-known protocol analyst, instructor and consultant — and the primary force behind NetAnalyst — is still actively involved in its architecture and delivery as a senior consultant for the company. And while the content for the NetAnalyst certification continues to be improved and updated to reflect state-of-the-art networking technologies, tools, protocols and situations, it remains essentially the same vendor-neutral network analysis certification program it always has been.
At a fundamental level, the NetAnalyst program takes the topic of network forensics as its root subject matter. Network forensics should be understood to mean the informed capture, inspection and analysis of actual network traffic and behavior to produce information to be used for a variety of purposes. These can range from network characterization and base-lining to understand what typical behavior and usage looks like, to examination of specific pathologies related to intrusion attempts, security breaches, unauthorized access or usage, and so forth.
Unlike the kind of forensics that reconstructs crimes from evidence left at the scene at some point in the past, network forensics is as useful in examining real-time network behavior as it is at reconstructing and understanding historical network behavior. Understanding what has happened (and is happening) on a network at various levels of detail helps individuals and organizations better understand how to control and manage that network today, how to optimize the network to meet business goals, and how to plan for network growth and expanded use in the future.
The NetAnalyst program consists of three levels of certification, as follows:
- Level 1—Cross Technology: This credential indicates that its holders understand basic network forensics, including core theory and technologies, and know how to construct a big-picture view of a network. The term “cross technology” is an important key because truly understanding a network’s behavior and characteristics means knowing what kinds of hardware and software elements make up a network’s infrastructure, as well as what kinds of software (particularly applications) and activities best describe how it’s used and what it’s used for.
This requires individuals to use multiple tools and techniques to construct such an understanding and that they are able to move among the various vendor-specific platforms and technologies that comprise a network infrastructure as needed.
The Level 1 credential matches up with a five-day class on network theory and principles. This class covers TCP standards, performance, flow control and troubleshooting, along with IP subnetting, addressing and fragmentation.
It also includes coverage of ARP, ICMP and routing algorithms, as well as Ethernet-specific standards and characteristics, cabling and switches, VLANs, Qos and traffic-engineering topics and more. Candidates must pass a single exam to earn this credential, consisting of 60 questions in a 90-minute period.
- Level 2 — Architect: This credential indicates that its holders understand how networks are organized, how they operate, and how applications and services behave when they use them. Thus, qualified individuals know how to monitor, analyze and resolve complex networking issues.
The architect label in the credential’s name reflects the holder’s deep and thorough understanding of how basic principles that govern network design, implementation and maintenance come into play when dealing with specific networking situations and behaviors.
The Level 2 credential matches up with a five-day class on network troubleshooting essentials. It begins with an in-depth analysis of the OSI network reference model and proceeds through its individual layers to describe and show how each one operates and behaves.
Topics covered include Ethernet operation and analysis, wireless 802.11b/g Ethernet networks, switched-network analysis and VLANs, IP operation and analysis, TCP throughput and latency analysis and a look at various TCP application layer protocols. Students work with a protocol analyzer to complete numerous hands-on labs and exercises as they work through the topics for this class. Candidates must pass a single exam to earn this credential, consisting of 30 questions in a 90-minute period.
- Level 3 — Elite: This credential indicates that its holders can use a protocol analyzer, understand TCP/IP protocols in depth, and can dig into specific TCP/IP applications and services at the expert level to illustrate or characterize behavior, diagnose potential or actual pathologies, and to ferret out the networking factors that contribute to network performance and problems.
The Level 3 credential matches up with a five-day class on network performance forensics and includes in-depth coverage of some or all of the following topics, depending on student interests and inclinations: application layer protocols such as Voice over IP (VoIP), SMTP, FTP, DHCP/WINS/DNS and more.
Broadcast analysis, Qos validation, network design and IP multicast also can number among its topics. Students work with a protocol analyzer as their primary hands-on and lab activity in this class and spend significant time working through case studies and detailed scenarios. Candidates must pass a single exam to earn this credential, consisting of 15 questions and five short essays in a 90-minute period.
All these classes cost $2,495 to $2,995, depending on topic and location (discounts are available to organizations that send multiple attendees) and include the exam at the end of each offering. Individuals who wish to challenge the exams without taking the classes are welcome to do so at a fee of $495 (including one free retake for those who don’t pass on their first try), but they must make themselves available at the teaching location for the linked class by 10 a.m. on the final day of training to sit for its exam. Information about class schedules and locations is available through www.NetPerformance.com.
Ultimately, the real value of the NetAnalyst program is the insight into networking it can help candidates develop, as well as the profound skills and knowledge to which its senior levels (2 and 3) attest. Protocol analysis remains a nonpareil area of network specialization and continues to score well on salary and job satisfaction surveys for networking professionals.
This program represents an excellent way to acquire and demonstrate such skills and knowledge and offers interesting opportunities for networking professionals to advance further in their field.
Ed Tittel is