Protocol analysis involves examining the traffic traversing some particular network medium (cable segment, broadcast domain, VLAN, and so forth) to determine exactly what kinds of packets are in motion at any given moment. The right toolsprimarily software, though certain standalone devices also provide packet tracesenable informed users to characterize network traffic, perform security checks, capture attack signatures, and debug network communications. Still, you need to learn and know a lot about the protocols involved in network communication to make complete sense of what's happening, which is why protocol analysis is both a difficult subject to master and a valuable skill to possess. Read on to learn more about available tools and related IT certifications in this exciting technical specialty.
When I wrote the article "Understanding Protocol Analysis" in March 2003, the landscape of available tools and certifications was very different than it is today. The summary of the field in that article remains entirely relevant and accurate, though some of the pricing information has changed. There's still a strong emphasis on networking fundamentals, and an equally strong need to understand and master the packet formats and layouts for TCP/IP protocols from the data-link layer, such as point-to-point protocol (PPP) and point-to-point protocol over Ethernet (PPPoE), all the way up to the application layer (for example, for well-known services such as email, file transfer, name resolution, and so forth). And certainly it's essential to understand the key network and transport layer protocolssuch as IP, TCP, and UDPfully and completely. (For more information on the general background for this subject matter, refer to the opening section of that earlier story.)
Protocol Analysis Certifications Circa 2011
Table 1 recites protocol analysis certifications per se. (For a more general look at the certs that include protocol analysis in their coverage, see Table 1 in the earlier story.)
Table 1
Certifications Specific to Protocol Analysis
Vendor or Organization |
Title (Abbreviation) |
Description |
AirMagnet |
Certified to use AirMagnet WiFi Analyzer to plan, troubleshoot, and maintain wireless networks |
|
Certified to use AirMagnet Survey (or the Professional version) to survey wireless network devices, security, and configurations |
||
NetScout |
Current incarnation of the base-level Sniffer protocol analysis cert |
|
nGenius Certified Expert (nCE) |
Advanced protocol analysis certification |
|
nGenius Certified Master (nCM) |
SME-level certification for network and application troubleshooting |
|
Wireshark University |
Base-level protocol analysis certification built around the freeware Wireshark Network Protocol Analyzer |
Please note that the landscape has altered significantly since 2003, including the departure of the NetAnalyst program (though its chief architect and developer indicates that NetAnalyst may be subject to a restart by mid-2012), and the retirement of the various WildPackets credentials (AATech, PAS, and NAX, as documented in the earlier story). WildPackets still offers instructor-led and online versions of its product training classes, however. On the other hand, AirMagnet elements included in Table 1 represent new additions to the protocol-analysis certification fold, with a focus on wireless network communications in particular.