Troubleshooting guide
2-18
Cisco Broadband Local Integrated Services Solution Troubleshooting Guide
OL-5169-01
Chapter 2 Troubleshooting Overview
Troubleshooting Tools
Protocol Analyzers
A protocol analyzer records, interprets, and analyzes how a communication protocol operates in a
particular network architecture. It captures frames as they travel across the network. It then decodes the
various layers of protocol in the recorded frame contents and presents them as readable abbreviations or
summaries, detailing what layer is involved (physical, data link, and some protocol analyzers, right up
to the application layer) and what function each byte or byte content serves. With LAN/WAN networks
that involve multiple protocols, it is important that a protocol analyzer be able to detect and decode all
the protocols used in the network environment.
In capture mode, filters can be set to record only traffic that meets certain criteria; for example, if a
particular unit is suspected of inconsistent protocol behavior, then a filter can be configured that captures
all traffic to and from that unit. The analyzer should have the capability to timestamp all the captured
data. This can be extremely important when determining the effects of peak traffic periods and when
analyzing network performance---for example, determining protocol response times by measuring the
delta time between frames.
In display mode, an analyzer interprets the captured traffic, presenting the protocol layers in an easily
readable form. Filters can be set to allow only those captured frames that meet certain criteria to be
displayed.
It is also important that the analyzer be able to generate frames and transmit them onto the network in
order to perform capacity planning or load testing of specific devices such as servers, bridges, routers,
and switches. The analyzer should be able to send multiple captured frames in succession, as well as
allow network managers to tailor the frames by being able to edit the frames prior to generation.
Sniffer Pro analyzers include the Expert System that identifies fault symptoms and provides a diagnosis
of the network problems. Sniffer Pro provides decodes for more than 250 protocols. Portability of the
analyzer is also an important factor because networks are not physically located in one place, and the
analyzer must be moved from segment to segment as problems arise. Several manufacturers provide
tools that allow for the remote gathering (and in some cases, analysis) of data and transmission back to
a central console or master station.
The ability of the analyzer to use a set of rules and knowledge of the network operation to diagnose
network problems is the emergent feature of an expert system. The expert system gleans its knowledge
from theoretical databases (that is, from standards information), from network-specific databases (that
is, topological information relating to the network), and from users' previous results and experience.
From these repositories, the expert system generates a hypothesis about the problem it has detected and
offers a plan of action to resolve it.
Protocol analyzers are generally available in three categories:
• Software-based analyzers are software packages that are installed on personal computers (usually
portable notebook PCs) that are equipped with appropriate LAN interface adapters.
• General-purpose analyzers offer a wide range of uses, such as traffic monitoring, reasonably
extensive protocol capture and decode support, and some network traffic modeling during the
network design phase.
• High-end analyzers offer a range of advanced features and can typically capture traffic at higher
rates and provide a more comprehensive protocol decode than can the other analyzers. They also
support generate-and-capture capabilities, which means you can use them to stress-test parts of the
network.