Network packets are a granular unit of data used to distribute information across the internet and network. These packets are broken down into two general sections — a header or control information and the payload or user data.
The header contains information for delivering the data in the payload, like Ethernet ll segments, where the DMAC and SMAC addresses are defined; if there is a VLAN or not; and IPv4 or IPv6 protocols where the Source IP and destination IP address are defined — these are considered layer 2-3 data.
The payload is the data that is the actual intended information, the end user videos, phone audio, images and information data — like the page you are reading right now. This layer 4 data can include user data protocol (UDP).
Depending on the service, TV, computer, or mobile device, millions of packets are transmitted in a certain sequence and need to arrive in the same sequence. Receiving packets out of sequence or experiencing dropped packets, leads to network latency, slow service, interrupted or pixelated experience.
But sending data over a network is just like shipping a package: you have to follow certain rules and go through a specific process before your final product gets delivered. You can think of this process as the import/export laws of the internet.
This set of rules, known as the Transmission Control Protocol/Internet Protocol (TCP/IP), is called a protocol stack. It's composed of four layers:
To interpret what's happening with your data packets as they travel through these layers over your network, pinpointing network latency or dropped packets, you need a packet analyzer.
Packet analyzers, also known as packet sniffers or network analyzers, are a network monitoring tool that examines data traffic moving in and out of the network. These tools analyze network performance issues that can lead to traffic bottlenecks, network downtime, and other common performance issues that ultimately effect end-user experience and a companies productivity.
Continuing with our shipping analogy, you can think of packet analyzers as the gate agents and security scanners in the data transportation process. They work behind the scenes to ensure everything runs smoothly on your network.
Packet sniffers are a go-to tool for everything from making sure network traffic is routed correctly, to ensuring employees aren’t using company internet time for inappropriate websites. Packet analyzers also help detect potential network intrusion by looking for network access patterns inconsistent with standard usage.
In a process known as packet capture (PCAP), analyzers snag packet data as it moves over your network. It saves a copy of this data as a file on your monitoring device. You can analyze these copies of your packet data, to detect usage spikes, suspicious data transfer, and inconsistent network performance.
There are two different methods you can use to access packet data: network TAPs (test access points) and port mirroring or switch port analyzers (SPAN).
We’ve already covered the differences between network TAPs and SPANs; but to recap how each functions to perform PCAP analysis.
Network TAPs
Considered the industry best practice for packet visibility, “EMA recommends that enterprises use TAPs as much as possible in the access layer to avoid network performance impacts and assure packet fidelity.” -EMA [Enterprise Management Associates]
SPAN Ports
Looking to add network TAP visibility to your packet analysis, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.