news / tech talk
Packet Analysis
by Lee LeClair11/14/2008
As seen in Inside Tucson Business
- Arizona Daily Star
- BizPlanIt
- Linux World Expo
- 40 under 40
- They're on the A-List
- Dotche system built by Ephibian
- AzBusiness
- Arizona Daily Star
- Arizona Daily Star
- Phoenix Business Journal
- Ranking Arizona
- The Arizona Republic
- Hostingtech.com
- American City Business Journals Inc.
- AZtechBiz
- Inside Tucson Business
- Arizona Business Gazette
- Inside Tucson Business
- Fiesta Mall
- Arizona Daily Star
- .com Success!
- Business Wire
- Buck's Woodside Menu
- CRN
- Arizona Daily Star
- LocalBusiness.com
- The Business Journal - Phoenix
- Phoenix Business Journal
- LocalBusiness.com
- Business Wire
- Inside Tucson Business
- internet.com
- AzBusiness
- AZtechBiz
- designshops.com
- AZtechBiz
- BizAZ
- Virtualized Cloud
- Collaboration and Communication
- Personally Identifiable Information
- Cyberwarfare
- iPad and E-Readers
- Trusted Platform Module
- Smartphone Data Security
- Cyber-Espionage
- DTNs
- Have a Plan
- Cloud Computing - Part 2
- Impact of Technology on Existing...
- Data Archiving
- Mobile Telephony - Part 2
- Cloud Computing
- Social Networks
- Password Management
- Netbooks
- Microtargeting
- Packet Analysis
- IP v6
- Surge Protection
- Traveling Safely
- Thin Client
- Uptime
- Mobile Telephony
- Know Thy Programs
- Voice Over IP - Part 3
- Google Apps
- Virtual Computing
- Securing Users
- Simple Desktop Management
- Service Oriented Architecture
- Light-based Communication
- Data Mining
- Small Business Architecture
- Voice Over IP - Part 2
- Business Automation
- Database Needs
- DMZs
- CPUs
- SPAM & Botnets
- Security Testing
- Customer Advocacy
- Laptop Security
- Windows Vista
- Large Scale Deployment
- Network Access Control
- Generator Use
- Uninterrupted Power Supplies
- Web Site Security
- Blu-ray vs. HD-DVD
- Dual-Core Processors
- Business Security
- AJAX
- 3G Mobile Internet
- Apple Intel Processors
- Entertainment Tech
- Cafe Wireless
- Commercial Hosting
- Gaming Consoles
- Voice Over IP
- Blogging
- Is WI-FI Secure?
- OpenDocument Format
- Allured Publishing Changes Name to...
- Computer Model Can Help Prevent War?
- Defense contractors run gamut from...
- ASU gears on-site construction...
- The Cleveland Foundation Selects...
- Global Partners Join Forces to Speed...
- Intuit Completes Acquisition of...
- Strategy unveiled on how tobacco tax...
- Gaiam's, Real Goods' revenues increase...
- LSST Awarded Time on TeraGrid
- Aldine Independent School District...
- Miraval featured in Natural Solutions...
- Ventana Medical Systems Joins TSIA to...
- UA $3 Million Bioterrorism Grant...
- Arizona Center for Integrative...
As a computer and network geek, one of the primary tools I rely to solve network, computer, and application problems is the packet analyzer. A packet analyzer allows one to “see” almost literally what is occurring over a part of the network and is an invaluable tool in figuring out vexing problems and securing one’s network. Without a packet analyzer, one must guess about what is occurring on the network based on theory and arcane vendor literature. A packet analyzer reveals what a former employee of the NSA I know calls the “ground truth” about what is occurring on your network. It is like a magic magnifying glass allowing you to see the secret life of data packets.
I will not lie, it takes at least some background knowledge about network protocols (TCP/IP) to make sense of what is going on but not as much as you might think. There are some great books available on using packet analyzers as well, including Practical Packet Analysis by Chris Sanders, but you can learn quite a bit from some quality time with Google. If you understand some of the basics of TCP/IP and protocols like HTTP, FTP, etc. then you are on your way.
There are many uses for packet analyzers but one of the most common is to figure out why some software or computer is not reachable from some other software or computer. Usually there is a firewall or two in the way. The approach I take is to examine packets from multiple points in the path from the source device to the target device. Typically, a problem will become obvious just inside or outside a restrictive network device like a firewall or filtering router. To do this, you will need to place your packet analyzer on the network in such a way that you can “see” data in your target path. If you have sophisticated network switches, you can configure port-mirroring or spanning so that data from a particular port is replicated to another port on which your packet analyzer is listening. A more crude but very simply option is to place a hub in-line at points you would like to check.
These days, packet analyzers are especially valuable since so many security measures have migrated from specialized network devices (e.g., firewalls, switch access controls, filtering routers, etc.) to computer software. Home and business PC protections software available from Symantec, McAfee, Kaspersky, ZoneAlarm, Windows, etc. often provide a “personal firewall” and other anti-intrusion measures to try and safeguard each computer they are loaded on. Improperly configured, these can cause communication problems for valid programs but the issues are often difficult to pinpoint.
In a nutshell, packet analyzers tell you exactly what packets are sent and received on your network. If you know what should be occurring, you will quickly see what part is NOT occurring and then begin the business of finding out WHY.
A packet analyzer can be expensive gear as some of my clients use, or it can be free software, a laptop, and a hub. I usually go with the laptop, a free software program called Wireshark (formerly called Ethereal), and a 10/100 network hub. That is the great thing about packet analysis, it can be done pretty cheaply and using whatever happens to be your favorite operating system. It is not often in life you can get to the ground truth, but it is very rewarding when you can.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business
I will not lie, it takes at least some background knowledge about network protocols (TCP/IP) to make sense of what is going on but not as much as you might think. There are some great books available on using packet analyzers as well, including Practical Packet Analysis by Chris Sanders, but you can learn quite a bit from some quality time with Google. If you understand some of the basics of TCP/IP and protocols like HTTP, FTP, etc. then you are on your way.
There are many uses for packet analyzers but one of the most common is to figure out why some software or computer is not reachable from some other software or computer. Usually there is a firewall or two in the way. The approach I take is to examine packets from multiple points in the path from the source device to the target device. Typically, a problem will become obvious just inside or outside a restrictive network device like a firewall or filtering router. To do this, you will need to place your packet analyzer on the network in such a way that you can “see” data in your target path. If you have sophisticated network switches, you can configure port-mirroring or spanning so that data from a particular port is replicated to another port on which your packet analyzer is listening. A more crude but very simply option is to place a hub in-line at points you would like to check.
These days, packet analyzers are especially valuable since so many security measures have migrated from specialized network devices (e.g., firewalls, switch access controls, filtering routers, etc.) to computer software. Home and business PC protections software available from Symantec, McAfee, Kaspersky, ZoneAlarm, Windows, etc. often provide a “personal firewall” and other anti-intrusion measures to try and safeguard each computer they are loaded on. Improperly configured, these can cause communication problems for valid programs but the issues are often difficult to pinpoint.
In a nutshell, packet analyzers tell you exactly what packets are sent and received on your network. If you know what should be occurring, you will quickly see what part is NOT occurring and then begin the business of finding out WHY.
A packet analyzer can be expensive gear as some of my clients use, or it can be free software, a laptop, and a hub. I usually go with the laptop, a free software program called Wireshark (formerly called Ethereal), and a 10/100 network hub. That is the great thing about packet analysis, it can be done pretty cheaply and using whatever happens to be your favorite operating system. It is not often in life you can get to the ground truth, but it is very rewarding when you can.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business