hi, friends meet again with me in this post I will discuss what is Network Analysis (Network Analysis)?
Network analysis (also known as protocol analysis) is the art of listening to data and network communications is usually done to ascertain how the devices communicate and determine the health of the network.
Some of the tasks performed during the network analysis session are as follows:
- Tapping the network
- Capture the desired traffic
- Seeing the traffic that has been captured
- Filter and only see the traffic that interest
- Documentation of findings
For example, we might be interested in traffic to and from an HTTP server on a network. Some steps that need to be done to analyze traffic to and from an HTTP server on a network are:
- Connect the analytical equipment to the interface connected to the server
- Capture all traffic to and from the server
- Pay attention to the traffic to recognize a useless package
- Filter and only pay attention to broadcast traffic from the server
- Documentation of the cause of broadcast.
Figure 1. Package Flow Analysis Process (Source: Laura A. Chappell, 2001)
The usual analysis is done on traffic data of a captured network using tcpdump, sniffer, and others. A capture filter also known as a pre-filter can reduce the amount of traffic captured into the trace buffer (where packets are placed). If the catch filter is not applied, all network traffic flows into the trace buffer.
Display filters allow building a small set of packets in a trace buffer based on several criteria. For example, if we capture all broadcast traffic on the network into the trace buffer, we may want to apply a display filter to create a small set of trace buffers that contain IP-only broadcasts.
Network analysis is usually used for three things as follows:
Troubleshooting (troubleshooting) on the network
- Performance optimization/network performance
- Planning and testing (planning/testing) network