Thursday, December 31, 2009

Protocol Analyzers

When studying the CompTIA Security+ exam (SY0-201) you'll come accross the following objective related to protocol analyzers:
2.3 Determine the appropriate use of network security tools to facilitate network security.

A protocol analyzer can be used to capture data packets as they travel across the network if the data is sent "in the clear" or unencrypted.

One of the early protocol analyzers was called Sniffer Network Analyzer and it became so popular protocol analyzers in general are commonly called "sniffers." Wireshark is a popular protocol analyzer that you can download for free today.

Because protocol analyzers are so readily available to attackers, network administrators need to carefully consider allowing any sensitve data (such as passwords) from being sent across the network in clear text.

Protocol analyzers can also be used by administrators to analyze traffic on the network. As an example, a protocol analyzer can detect malformed packets or other types of network attacks.

Good luck with your studies.

Darril Gibson