Home > Articles > Certification > Cisco Certification > CCIP

Working with Protocol Analyzers and Related Certifications

  • Print
  • + Share This
Ed Tittel, creator of the Exam Cram series, discusses the current network protocol analyzers that any real expert needs to know. Who exactly counts as an "expert?" Ed also sorts out which of the many available certifications are really useful in identifying true masters of protocol analysis.
Like this article? We recommend

Protocol analysis involves examining the traffic traversing some particular network medium (cable segment, broadcast domain, VLAN, and so forth) to determine exactly what kinds of packets are in motion at any given moment. The right tools—primarily software, though certain standalone devices also provide packet traces—enable informed users to characterize network traffic, perform security checks, capture attack signatures, and debug network communications. Still, you need to learn and know a lot about the protocols involved in network communication to make complete sense of what's happening, which is why protocol analysis is both a difficult subject to master and a valuable skill to possess. Read on to learn more about available tools and related IT certifications in this exciting technical specialty.

When I wrote the article "Understanding Protocol Analysis" in March 2003, the landscape of available tools and certifications was very different than it is today. The summary of the field in that article remains entirely relevant and accurate, though some of the pricing information has changed. There's still a strong emphasis on networking fundamentals, and an equally strong need to understand and master the packet formats and layouts for TCP/IP protocols from the data-link layer, such as point-to-point protocol (PPP) and point-to-point protocol over Ethernet (PPPoE), all the way up to the application layer (for example, for well-known services such as email, file transfer, name resolution, and so forth). And certainly it's essential to understand the key network and transport layer protocols—such as IP, TCP, and UDP—fully and completely. (For more information on the general background for this subject matter, refer to the opening section of that earlier story.)

Protocol Analysis Certifications Circa 2011

Table 1 recites protocol analysis certifications per se. (For a more general look at the certs that include protocol analysis in their coverage, see Table 1 in the earlier story.)

Table 1

Certifications Specific to Protocol Analysis

Vendor or Organization

Title (Abbreviation)



AirMagnet WiFi Analyzer Certified Professional

Certified to use AirMagnet WiFi Analyzer to plan, troubleshoot, and maintain wireless networks

AirMagnet Survey Certified Professional

Certified to use AirMagnet Survey (or the Professional version) to survey wireless network devices, security, and configurations


nGenius Certified Analyst (nCA)

Current incarnation of the base-level Sniffer protocol analysis cert

nGenius Certified Expert (nCE)

Advanced protocol analysis certification

nGenius Certified Master (nCM)

SME-level certification for network and application troubleshooting

Wireshark University

Wireshark Certified Network Analyst

Base-level protocol analysis certification built around the freeware Wireshark Network Protocol Analyzer

Please note that the landscape has altered significantly since 2003, including the departure of the NetAnalyst program (though its chief architect and developer indicates that NetAnalyst may be subject to a restart by mid-2012), and the retirement of the various WildPackets credentials (AATech, PAS, and NAX, as documented in the earlier story). WildPackets still offers instructor-led and online versions of its product training classes, however. On the other hand, AirMagnet elements included in Table 1 represent new additions to the protocol-analysis certification fold, with a focus on wireless network communications in particular.

  • + Share This
  • 🔖 Save To Your Account