Number of free commercial analyzers available

There are a number of free commercial analyzers available, just as Capsa Network Analyzer, Microsoft Network Monitor and the command-line tool tcpdump. There are as well commercial analyzers from companies just as NetScout, however the free, open-source Wireshark has become something of a de facto standard for portable protocol analysis. Wireshark is noted for its filter language, user interface, support for more than 1,100 protocols, and detailed information on more than 90,000 protocol fields, according to its creator, Gary Combs, director of open-source projects at Riverbed Research.

"Wireshark killed the market," says Snyder. "Companies that want to sell moved up the stack, doing more application-layer network knowledge. The old sniffer market disappeared."

As valuable they are, portable protocol analyzers aren't designed to scale across the enterprise network, especially when one considers the challenges of such a network: enormous traffic volume; diverse and complex applications, from enterprise risk management to social media; speeds of 10Gbps and above; and performance and availability requirements for high-speed financial transactions, VoIP (Voice over Internet Protocol), video streaming, when all is said and done on.

"Even the slow networks of 10 years ago were too much to analyze manually," says Notre Dame's Chapple. "Our tools have become more sophisticated, such as we have become more sophisticated in way we manage things."

For example, Wireshark is integrated into Riverbed Technologies appliances that can be deployed at key points across the enterprise to monitor and analyze traffic on the entire network and, if needed, deep-dive with Wireshark from a console or rather than having to be picked up and plugged in to analyze a problem.

The enterprise market includes a range of very powerful enterprise products and suites that focus heavily on application performance and issues on high-volume, high-speed networks, from companies just as Opnet Technologies, NetScout, HP, CA, Quest, Compuware, IBM, Oracle and Nimsoft.

The network that's the problem

"It's typically not the network that's the problem," says Steve Shalita, vice president of marketing at NetScout. "It's the context of application flows that is as a matter of fact meaningful. With huge data streams, you need to automate and get a clearer view of transactions and applications in other words than individual packets."

So, says Snyder, these tools will look at broad application statistics just as average HTTP traffic transaction time, DNS query and SQL Server response time, retransmission rates, and top talkers and listeners on the network.

Tools from other vendors, including Solera Networks, NetWitness, Niksun and Endace, are built to capture and analyze every packet that traverses the network, providing continuous monitoring and intelligence about the network, applications and users. They have a strong security play should the contingency arise to monitoring application and network health. The extensive and granular information these products as well provide can be leveraged by other security tools, just as firewalls, intrusion-detection and intrusion protection systems, security information and event monitoring systems, and malware analysis. The vendors say this level of visibility is essential in dealing with complex security problems, just as advanced persistent threats, the Stuxnet worm, malicious insider activity, bots and sophisticated malware.

So, is the goal of a protocol analyzer to assess network performance, application performance or security? It's all three.

Your communications system unites your employees, clients, customers, partners and suppliers. It should offer opportunities for increased productivity and organizational growth. This paper will help you determine the best communications solution for your practice or business.

New technology from IDG shows that SMBs are moving toward a unified communications platform that allows for more efficient collaboration. Learn how small and midsize businesses are adopting everything from VoIP and IM, to Web conferencing and document sharing.

Citrix OpenCloud Access and Citrix Receiver technologies make it possible for an enterprise to seamlessly provide SaaS applications to the user's desktops, and enable the user to have a consistent access experience both from within the enterprise network and outside.

Service that helps IT pros resolve research questions

ITworld Answers is a service that helps IT pros resolve research questions. Post a question, and let your peers in the ITworld community take a crack at solving it!