Working as a Protocol Analyst
When it comes to understanding what’s happening on a network, nothing beats protocol analysis. That’s because protocol analysis involves the use of special tools (protocol analyzers) to capture, decode and interpret the data packets that constantly move across network media.
Protocol analyzers may be software-only or may be special-purpose combinations of hardware and software designed to attach to and capture traffic from various network media. Although software-only tools work fine on slower, conventional media, higher-speed media usually require special interfaces and capture software, along with high-speed hardware and storage.
Some protocol analyzer software is open-source and is available for free download. Other protocol analyzer software is commercial and involves significant expense for enterprise license and use. Hardware-based solutions like those from Sniffer Technologies or communications test equipment from companies like HP or Acterna are more expensive and usually travel with protocol analysts who use such gear to do their jobs.
Now that you know what tools protocol analysts use, it’s appropriate to talk about the things they do on the job:
- Network troubleshooting: Protocol analysis can detect and diagnose all kinds of problems, ranging from addressing errors to protocol configuration mistakes. When networks don’t work, looking at what’s happening on the media can be informative.
- Network traffic characterization: Because protocol analysis captures everything moving on a media segment, it can enumerate and describe the types and composition of traffic it finds. This helps network professionals tune services, manage bandwidth, handle service priorities and perform other useful tuning or tweaking maneuvers.
- Developer support: When programs create, send or receive network traffic, it’s helpful for developers to examine in detail what’s in network packets. Whether they try to understand and correct outbound traffic emitted from programs or inbound traffic aimed at programs, nothing beats seeing all the details.
- Security analysis and troubleshooting: From denial of service attacks to attempts to exploit specific security vulnerabilities, network attacks (and specific “attack signatures”) manifest themselves clearly when analysts can investigate and interpret network traffic. Although not originally designed for security use, protocol analysis lends itself to a broad range of security applications and offers job opportunities to those who work this angle.
The knowledge necessary to work as a protocol analyst covers the ISO Network Reference Model from Layer 1 through Layer 7. That said, the primary emphasis in the field—except when testing and debugging code or attempting to interpret high-level application commands or instructions—falls between the data link and the session layers. A deep understanding of networking fundamentals is also a must for protocol analysts, including the following:
- Networking hardware, devices and media.
- Network topologies and design principles.
- Network addressing and routing.
- Networking protocols.
- Network attack and pathology signatures.
Interested professionals will find a small number of related IT certifications in protocol analysis. Obtaining such certifications, however, requires substantial investments of time and effort. (See Table 1.)
Ed Tittel is vice president of IT certification at iLearning.com and contributing editor for Certification Magazine. E-mail Ed with your questions and comments at email@example.com.
Table 1: Protocol Analysis Certifications
Pine Mountain Group
Certified NetAnalyst – Cross Technology