DOKUZ EYLUL UNIVERSITY

Computer Engineering Department

COMPUTER NETWORKS

REPORT
Network Analysis with Network Sniffer
& Network Analyzer Tools

İzmir - Mart 2011

CONTENTS

1. INTRODUCTION

A. What is Network Analyzer?

B. What is Network Sniffer?
C. Installed Tools & Their Features

2. DATA from ULTRANET SNIFFER

3. DATA from CAPSA NETWORK ANALYZER

4. CONCLUSION

5. REFERENCE
1. INTRODUCTION

a)What is Network Analyzer?

A packet analyzer is a program (or sometimes, a device) that monitors the data traveling
between computers on a network. It basicly helps understanding how the Internet and LAN
work. It captures and decodes network traffic and makes sense of it, allowing to see what,
where, and how information leaves and enters your computer -- which is critically
important for a secure Internet experience.

b)What is Network Sniffer?

A sniffer program or a piece of computer hardware that can intercept and log traffic
passing over a digital network or part of a network. As data streams flow across the network, the
sniffer captures each packet and, if needed, decodes and analyzes its content according to the
specifications.

c) Installed Tools & Their Features

To have different analysis reports and investigate the input datas, analyzer and sniffer
tools were installed.
UltraNetSniffer and Colasoft Capsa Network Analyzer were chosen and worked on
doing investigation and observations were done according to datas that are outputs of
these softwares.
2. DATA from ULTRANET SNIFFER

As the software installed, it was ready to show network map.

Firstly, network adapter that is used to connect Wireless Network was chosen, Intel(R)
WiFi Link 5100 AGN.
Then pres start button and let the data stream flows!

The program basicly shows Protocol Statistics, Network Statistics, Mac Statistics, Size
Distributions and detailed information about received and sent data packages. There exists
different wireless network connections and three different connections were tried with this
software in order to catch changes in statistics.
Let’s take a look at some statistics and try to make sense of gathered data.

PROTOCOL STATISTICS

Table 2.1 – Protocol Statistics at time t1

Here in the Table 2.1 showed that protocols used in network currently time of t1.
Ethernet protocol has the biggest percent for this intance of time, following IP and UDP(
with UDP, computer applications can send messages, in this case referred to
as datagrams(packages) to other hosts on an (IP) network without requiring prior communications
to set up special transmission channels or data paths ) protocols.

Following table below Table 2.2, an explicit change has occurred in TCP(it is the protocol
that major Internet applications rely on, applications such as the World Wide Web, e-mail, and file
transfer ) and HTTP(Hypertext Transfer Protocol) at the instance t2.
 Table 2.2 – Protocol Statistics at time t2

Also there are some other protocols, DNS, ARP(Address Resolution

Protocol),WINS(Windows Internet Name Service),IGMP(Internet Group Management
Control),ICMP(Internet Control Message Protocol) that send packages.
Program provides seeing number of packages and bytes that are sended between
protocols.

SIZE DISTRUBITION

Table 2.3 – Size Distrubition Graph

Table 2.3 above, with the help of graph, we can see the interval of bytes that are sent with
packages. Also shown with number of inbound,outbound and pass-through packages
between that interval of size.

NETWORK STATISTICS

In the Table 2.4 below, total number of packages and bytes that are groupped as
outbound,inbound and passthrough also can be viewed with graph.

Table 2.4 – Network Statistics Graph

PACKAGES

Lastly, in Table 2.5 below, packages that flow in the network stream are listed. It can be
reached the information of source and destination address,length,time and protocol also
some additional incomes like decoded and hex view of package.We can see some values
with hex numbers. For example, let’s think it was POP3 protocol we can catch username
in that text, even the content of email if it is not encrypted!
Table 2.5 – List of Packages and Detailed View of their Features
 3. DATA from CAPSA NETWORK ANALYZER

This software is a bit more extended the previous one, also with easy usage and
understandability. Network seperated 3 nodes called;Protocol Explorer,IP Explorer,
Physical Explorer that accelerate the follow of traffic history. (As it is shown in Table 3.1)

Table 3.1 – Network Analyzer Home Page

Same in this software size distributions were listed, but more detailed(we can see a list for
each protocol and number of packets and bytes). Here in the below statictic for ARP is
shown in Table 3.2.
 Table 3.2 – ARP Packages Statistics Table

Additionally, it can be viewed physical conversations in the netwok as matrix. As you can
see in the sketch below, 7 nodes are displayed. (See Table 3.3)

Table 3.3 - Sketch

It is also showed packages that belongs to specified protocols. The next table,below it can
be seen HTTPS protocol and its packages, their destination – source and other
characteristic informations.

Table 3.4 – HTTPS Protocol Packages

It is also possible to follow ip conversation – package traffic with the help of statistics,
also there is a feature helps finding address of packages. (Table 3.5 below)
 4. CONCLUSION

Both Network Analyzer & Network Sniffer Tools present the analysis of network
traffic with convinient and easy way on a number of different protocols. After getting
Professional, it will be a need managing a network, make use of these tools while
developing a software!

5. REFERENCE

 http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm
 http://www.gjpsoft.com/UltraNetSniffer/

 http://www.colasoft.com/capsa/

 http://en.wikipedia.org/wiki/Packet_analyzer

 http://searchnetworking.techtarget.com/definition/network-analyzer