Home > Articles > Certification > Cisco Certification > CCIP

Understanding Protocol Analysis

By Ed Tittel
Mar 1, 2003
Article is provided courtesy of Que

Article Contents

The Protocol Analysis Certification Landscape
Understanding the Protocol Analysis Certifications
The Importance of Currency
The Value of Certification

Page 1 of 4 Next >

Ed Tittel

Learn more…

Windows 7 Start Menu: A Shortcut to Higher Productivity: Nov 11, 2009
Windows 7 Repair and Troubleshooting: Oct 20, 2009
Top Five Sysinternals Windows Utilities: Jun 30, 2009
Defragmenting the Windows Registry: Jun 16, 2009
Information Security Bookshelf, Part 2 (2009 Edition): May 18, 2009
Information Security Bookshelf, Part 1 (2009 Edition): May 8, 2009
Managing Windows Vista Volume Shadow Copies: Apr 24, 2009
Speeding Windows Vista Startup: Apr 23, 2009
Understanding the Windows Vista Reliability Monitor: Feb 17, 2009
Using HWMonitor to Track Windows System Temps and Health: Feb 3, 2009
Implementing the Physical Database: Nov 11, 2005
Network+ Exam Cram: Networking Devices in Modern Networks: Aug 5, 2005
Understanding Windows Media Center PC Software: Sep 17, 2004
Understanding Windows Media Center PC Hardware: Sep 3, 2004
Managing and Troubleshooting Desktop Storage: Aug 27, 2004
Setting Up, Managing, and Troubleshooting Security Accounts and Policies in Windows XP Professional: Jul 30, 2004
Designing Strategies for Security Management: Jul 23, 2004
Intrusion Detection Overview: Jun 18, 2004
Mixing MP3 and FM Radio: Maybe, Maybe Not!: Jun 11, 2004
Taking MP3 (and Other Digital Formats) On the Road: Jun 4, 2004
Packaging MP3s for Flash Players: Apr 30, 2004
Infrastructure Security Practice Exam Questions: Apr 9, 2004
IT Certification in Academia: An Overview and Survey: Mar 5, 2004
Network and System Administration Certifications Survey: Feb 6, 2004
Home Security and Surveillance Systems: Jan 16, 2004
Ed Tittel's Wireless Certification Survey: Jan 9, 2004
Understanding IT Credential Maintenance: To Recertify, Maintain Credentials, or Not: Nov 7, 2003
DHCP for Windows 2000 Network Infrastructure Exam #70-216: Oct 24, 2003
ISC-Squared Security Certifications: Aug 8, 2003
The Database Certification Landscape: Aug 8, 2003
Installing, Configuring, and Troubleshooting Access to Resources in Windows 2000 Server: Jun 20, 2003
Cisco Certification Programs: Jun 13, 2003
The Servlet Container: May 2, 2003
Installing and Maintaining Solaris 8: Apr 18, 2003
MCSE Windows 2000 Exam Cram 2 (Exam 70-217): Implementing and Administering DNS: Apr 11, 2003
Solaris 9 User Account Administration: Mar 7, 2003
Ed Tittel's Survey of Wireless Technology: Mar 1, 2003
Introducing the Computing Technologies Industry Association or CompTIA: Mar 1, 2003
The Certified Protection Professional Program: Mar 1, 2003
The CIW Security Professional Exam: Mar 1, 2003
The Computer Security Bookshelf, Part 1: Mar 1, 2003
The Computer Security Bookshelf, Part 2: Mar 1, 2003
The SANS Security Certification Program: Mar 1, 2003
The Web Certification Landscape: Mar 1, 2003
Understanding Protocol Analysis: Mar 1, 2003
TICSA Certification: Information Security Basics: Nov 22, 2002
Ed Tittel Returns to ExamCram2: Oct 14, 2002
Always on? Always headed for trouble!: Oct 11, 2002
Phone Books? We Don’t Need No Stinkin’ Phone Books!: Sep 20, 2002
Burning ROM: Writable CDs Find Lots of Uses: Aug 23, 2002
The Essential IP Toolkit: Jul 19, 2002
Back to the Future: Using the SendtoX PowerToy in Windows XP: Jun 14, 2002
Big Certs, Big Pay, Big Effort, Big Deal!: May 1, 2002
The Power, Value, and Virtues of Rumor: Mar 22, 2002
Moving onto a Windows XP Desktop: Mar 8, 2002
Understanding the Internet Information Server Situation: Feb 15, 2002
Anyone But Microsoft: Feb 8, 2002
Understanding Security Policies: Jan 25, 2002
Software Auditing and License Management: Jan 18, 2002
The “Inverse Golden Rule” of Security: Jan 4, 2002
Small Web Sites Can Be Beautiful: Dec 28, 2001
Microsoft’s Change of Heart on MCSE: Dec 21, 2001
E-Cards Go Everywhere the Internet Goes: Dec 14, 2001
Security's "Top 10": Nov 16, 2001
Say Hello to Another "New and Improved" MCSE Program: Nov 9, 2001
Musings on Personal (and SOHO) Firewalls: Nov 2, 2001
The New XP GUI Phooey, or How I Learned to Stop Worrying and Love the Bomb: Oct 26, 2001
Profiting from Infection?: Oct 19, 2001
New Windows Means New Windows Certifications, Right?: Aug 13, 2001
Security Certification Overview: Aug 13, 2001

MCAD Developing XML Web Services and Server Components with Visual C#™ .NET and the .NET Framework Exam Cram 2 (Exam Cram 70-320), Adobe Reader: Feb 14, 2006
MCSE Windows 2000 Network Infrastructure Exam Cram 2 (Exam Cram 70-216), Adobe Reader: Feb 14, 2006
MCSE Windows XP Professional Exam Cram 2 (Exam Cram 70-270), Adobe Reader: Feb 14, 2006
Network+ Exam Cram 2 (Exam Cram N10-002), Adobe Reader: Feb 14, 2006
Novell Netware 5.x to 6 Upgrade Exam Cram 2, Adobe Reader: Feb 14, 2006
TICSA Training Guide, Adobe Reader: Feb 14, 2006
Network+ Exam Cram 2 (Exam Cram N10-003), 2nd Edition: Jun 8, 2005
MCAD/MCSE/MCDBA 70-229 Exam Cram 2: Designing & Implementing Databases w/SQL Server 2000 Enterprise Edition: Jun 1, 2005
MCDST 70-271 Exam Cram 2: Supporting Users & Troubleshooting a Windows XP Operating System: Jul 15, 2004
MCDST 70-271 Exam Cram 2: Supporting Users & Troubleshooting a Windows XP Operating System, Adobe Reader: Jul 15, 2004
MCDST 70-272 Exam Cram 2: Supporting Users & Troubleshooting Desktop Applications on a Windows XP Operating System: May 19, 2004
MCSE 70-298 Exam Cram 2: Designing Security for a Windows Server 2003 Network: May 18, 2004
MCSE 70-298 Exam Cram 2: Designing Security for a Windows Server 2003 Network, Adobe Reader: May 18, 2004
MCSA/MCSE Implementing and Managing Exchange Server 2003 Exam Cram 2 (Exam Cram 70-284): May 4, 2004
MCSA/MCSE Implementing and Managing Exchange Server 2003 Exam Cram 2 (Exam Cram 70-284), Adobe Reader: May 4, 2004
Network+ Certification Practice Questions Exam Cram 2 (Exam N10-002): Apr 14, 2004
Network+ Certification Practice Questions Exam Cram 2 (Exam N10-002), Adobe Reader: Apr 14, 2004
CSIDS Exam Cram 2 (Exam Cram 623-531), Adobe Reader: Mar 15, 2004
MCSE Windows XP Professional Practice Questions Exam Cram 2 (Exam 70-270): Mar 15, 2004
MCSE Windows XP Professional Practice Questions Exam Cram 2 (Exam 70-270), Adobe Reader: Mar 15, 2004
A+ Certification Practice Questions Exam Cram 2 (Exams: 220-301, 220-302), Adobe Reader: Mar 10, 2004
Security+ Practice Questions Exam Cram 2 (Exam SYO-101): Mar 9, 2004
Security+ Practice Questions Exam Cram 2 (Exam SYO-101), Adobe Reader: Mar 9, 2004
MCSE 70-294 Training Guide: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory InfraStructure: Feb 13, 2004
MCSE 70-294 Training Guide: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory InfraStructure, Adobe Reader: Feb 13, 2004
MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2 (Exam Cram 70-297): Dec 12, 2003
HTI+ Exam Cram 2: Dec 11, 2003
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam Cram 70-293): Dec 1, 2003
MCSA/MCSE Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam Cram 70-291): Oct 28, 2003
MCSA/MCSE Managing and Maintaining a Windows Server 2003 Environment Exam Cram 2 (Exam Cram 70-290): Oct 20, 2003
MCSA/MCSE 70-291 Training Guide: Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure: Aug 26, 2003
Java 2 Developers' Exam Cram 2 (Exam Cram CX-310-252A & CX-310-027): Aug 20, 2003
MCAD Developing and Implementing Web Applications with Microsoft Visual C#™ .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-315): Aug 20, 2003
MCAD Developing and Implementing Web Applications with Microsoft Visual C#™ .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-315), Adobe Reader: Aug 20, 2003
MCAD Developing XML Web Services and Server Components with Visual Basic® .NET and the .NET Framework Exam Cram 2 (Exam Cram 70-310): Jul 16, 2003
MCAD Developing XML Web Services and Server Components with Visual Basic® .NET and the .NET Framework Exam Cram 2 (Exam Cram 70-310), Adobe Reader: Jul 16, 2003
MCAD Developing and Implementing Web Applications with Microsoft Visual Basic® .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-305): Jul 1, 2003
MCAD Developing and Implementing Web Applications with Microsoft Visual Basic® .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-305), Adobe Reader: Jul 1, 2003
MCAD Developing and Implementing Windows-based Applications with Microsoft Visual C#™ .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-316): Apr 23, 2003
MCAD Developing and Implementing Windows-based Applications with Microsoft Visual C#™ .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-316), Adobe Reader: Apr 23, 2003
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219), Adobe Reader: Apr 23, 2003
MCSD Analyzing Requirements and Defining .NET Solution Architectures Exam Cram 2 (Exam 70-300): Apr 22, 2003
MCAD Developing and Implementing Windows-based Applications with Microsoft Visual Basic® .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-306): Apr 17, 2003
MCAD Developing and Implementing Windows-based Applications with Microsoft Visual Basic® .NET and Microsoft Visual Studio® .NET Exam Cram 2 (Exam Cram 70-306), Adobe Reader: Apr 17, 2003
MCSE Windows 2000 Professional Exam Cram 2 (Exam Cram 70-210), Adobe Reader: Apr 17, 2003
Security+ Certification Exam Cram 2 (Exam Cram SYO-101), Adobe Reader: Apr 10, 2003
MCSE Windows 2000 Active Directory Services Infrastructure Exam Cram 2 (Exam 70-217), Adobe Reader: Apr 2, 2003
MCSE Windows 2000 Server Exam Cram 2 (Exam Cram 70-215), Adobe Reader: Apr 2, 2003
MCAD/MCSD/MCSE Training Guide (70-229): SQL Server 2000 Database Design and Implementation, 2nd Edition: Mar 27, 2003
Solaris 8 System Administrator Exam Cram 2 (Exam CX-310-011 and CX-310-012), Adobe Reader: Mar 17, 2003
Java 2 Programmer Exam Cram 2 (Exam Cram CX-310-035): Mar 7, 2003
Solaris 9 System Administration Exam Cram 2 (Exam Cram CX-310-014 & CX310-015): Dec 23, 2002
Solaris 9 System Administration Exam Cram 2 (Exam Cram CX-310-014 & CX310-015), Adobe Reader: Dec 23, 2002
MCSA Managing a Windows 2000 Network Environment Exam Cram 2 (Exam Cram 70-218), Adobe Reader: Dec 6, 2002
Java 2 Enterprise Edition (J2EE) Web Component Developer Exam Cram 2 (Exam Cram 310-080): Nov 26, 2002
Java 2 Enterprise Edition (J2EE) Web Component Developer Exam Cram 2 (Exam Cram 310-080), Adobe Reader: Nov 26, 2002
A+ Exam Cram 2 (Exam Cram 220-221, Exam Cram 220-222), Adobe Reader: Nov 21, 2002

Sorry, this author hasn't posted any blogs.

From the author of
CCNP BSCI Exam Cram 2 (Exam Cram 642-801)

Protocol analysts know how to employ esoteric hardware and/or software tools to examine traffic in motion across a network. Furthermore, they know how to decode and understand the implications of what they see in that data stream, where network pathologies, outside or inside attacks, poorly designed applications, and strange network layouts, among many other causes, can make life interesting. Author and columnist Ed Tittel explains why such esoterica may not only be of interest, but also of great value to your career as he explores certifications available in this essential technical field.

Editor's Note: Content updated on April 28, 2003.

Before I can wax too eloquent on the various certifications that relate to protocol analysis, it’s probably a good idea to explain and explore the subject matter for such credentials. To that end, let me offer the following definition: “Protocol analysis consists of employing proper software and/or hardware tools to capture, decode, interpret, and react to the contents of data packets as they transit a network’s media.”

A fundamental tool for protocol analysis is something called a protocol analyzer. As the preceding definition implies, such tools come in software-only and hardware/software flavors. Some of this software is Open Source, available to anyone who wants to download it at no charge; other software is commercial and can cost as much as several thousand dollars. Special hardware/software combinations can cost $10,000 or more. In fact, where interfaces to high-speed media like ATM or SONET place high demands on hardware processing capability, speed, buffering, and so forth, high-end, high-speed protocol analyzers can cost upwards of $25,000.

The bodies of knowledge relevant to protocol analysis span the ISO/OSI Reference Model from Layer 1 (hardware, connections, and so forth) all the way through Layer 7 (application interfaces). But the primary emphasis in this field—except when working with software developers to test or debug code—falls from layers 2 (Data Link) through 5 (Session). Nevertheless, a strong background in networking fundamentals is a must for would-be protocol analysts, especially in the layers most relevant to designing and implementing physical networks. The following topics are entirely germane to this kind of work (and thus, to related certifications):

Networking hardware. Cables, connectors, interfaces, hubs, bridges, routers, and other networking devices
Network topology and design. How to deploy and employ networking technologies from 10 Mbps up to 1 Gbps and beyond
Network addressing and routing. How to design, implement and troubleshoot common network addressing, subnetting and supernetting, and name resolution services
Common network protocol suites. Includes some or all of TCP/IP, IPX/SPX, NetBEUI, frame relay, ATM, X.25, and so forth
Common network services. Includes protocol-related request-reply sequences, traffic patterns, related packet formats, and so forth
Network attack and pathology signatures. Includes common attacks (Denial of Service, Distributed Denial of Service, Ping of Death, etc.) and misbehaviors (broadcast storms, excessive errors, etc.)

It’s not at all unreasonable to think of protocol analysis as a kind of cap to one’s career as a network professional. By extension, this make a protocol analysis certification likely to fall rather later than earlier in one’s career, and itself to be a kind of capstone for other, less formidable certifications.

The Protocol Analysis Certification Landscape

As is true for so many other kinds of IT certifications, protocol analysis credentials come in both vendor-neutral and vendor-specific sorts. For the former, this means a more general, catholic approach to the tools used for analysis as well as to the protocol suites subject to analysis; for the latter, it means focusing on specific analytical tools, but also usually implies a rather more open view on protocol suites and related services. Table 1 provides a list of useful credentials that can serve as warm-ups to protocol analysis certifications; Table 2 covers the small number of “pure” protocol analysis certifications currently available.

Table 1—Protocol Analysis Certifications

Vendor/Org	Title (Acronym)	Explanation	URL
Brainbench	IP Routing & Switching	General IP and routing concepts	http://www.brainbench.com/xml/bb/ common/testcenter/taketest.xml?testId=113
	Networking Monitoring	General network monitoring, management & protocols	http://www.brainbench.com/xml/bb/ common/testcenter/taketest.xml?testId=424
	LAN/WAN Communications	Covers LAN/WAN protocols & architectures (general)	http://www.brainbench.com/xml/bb/ common/testcenter/taketest.xml?testId=122
Cisco Systems	Certified Internetwork Professional (CCIP)	For individuals who work in Cisco-intensive environments; concentrations in IP routing, IP multicast, cable, IP telephony, or DSL will lead nicely into protocol analysis.	http://www.cisco.com/warp/public/10/ wwtraining/certprog/c_and_s/ccip
	Cisco Security Specialist	Focuses on Cisco systems and tools, but provides thorough training in protocol structures and attack signatures.	http://www.cisco.com/warp/public/10/ wwtraining/certprog/cqs/security
	Certified Internetwork Expert (CCIE)	Cisco’s premier certification requires protocol knowledge and some analysis skills (mostly at Layers 2 and 3).	http://www.cisco.com/warp/public/625/ccie/
Global Knowledge	TCP/IP Network Analyst	To demonstrate IP management expertise, including IP internetworking, trouble-shooting, and management.	http://www.globalknowledge.com/training/ certification_listing.asp?PageID=12&certid=243&country=United+States#
	Telecommunications Analyst	To demonstrate expertise in DSL, ATM, and Frame Relay; includes coverage of telecomm fundamentals I and II, plus converging voice and data networks.	http://www.globalknowledge.com/training/ certification_listing.asp?PageID=12&certid=189&country=United+States#
	VoIP Engineer	To demonstrate expertise on structure, components, and architecture of voice and data networks, including ATM, Frame Relay, plus explicit VoIP protocols and designs	http://www.globalknowledge.com/training/ certification_listing.asp?PageID=12&certid=190&country=United+States#
Learning Tree	Local Area Networks Certified Professional	To identify individuals qualified to work as network managers, systems analysts, engineers, planners, IS and IT professionals, or support technicians involved in day-to-day network planning, operations, and management.	http://www.learningtree.com/us/cert/progs/7065.htm#
	TCP/IP Certified Professional	To identify individuals qualified to work as network or system administrators, network planners or support personnel, or system analysts in environments where TCP/IP protocols and services are in use.	http://www.learningtree.com/us/cert/progs/7045.htm#
Lucent Tech	Lucent Certified Technical Expert (LCTE)	Lucent offers associate and specialist credentials in ATM, Frame Relay, internetworking, DSL, VoIP, and VPNs that should all provide good preparation for protocol analysis.	http://www.gocertify.com/vendors/Lucent.shtml
NACSE	Senior Network Specialist (NSNS)	Identifies advanced networking and telecom specialists with good knowledge of network design, protocols, services, and troubleshooting.	http://www.nacse.com/pages/whois/cert/ datanetwork/datanetworkflow.htm
	Telecom Technician Level 1/2 (NTT1, NTT2)	Identifies beginning (L2) and advanced (L1) expertise in servicing, troubleshooting, and repairing voice and data networks.	http://www.gocertify.com/vendors/NACSE.shtml

Remember, the intent of including these warm-up certifications for protocol analysis is to identify programs where protocols and services receive enough attention and coverage to help individuals prepare for the items covered in Table 2. None of the credentials covered in Table 1 would qualify an individual who attained them as a “protocol analyst” (this is especially true of the CCIE which, despite its profound cachet and market value, does not mold truly well-rounded protocol analysts).

Table 2—"Pure" Protocol Analysis Certifications

Vendor/Org	Title (Acronym)	Explanation	URL
Pine Mtn Group	Certified NetAnalyst-Cross Technology	Formerly the NetAnalyst Level I, this credential focuses on general protocol analysis and identifies those who seek to design, manage, and troubleshoot production networks, LANs, and WANs.	http://www.pmg.com/cna_chart.htm
	Certified NetAnalyst-Architect	Formerly the NetAnalyst Level II, this credential focuses on more advanced network analysis concepts, techniques, and technologies.	http://www.pmg.com/cna_chart.htm
Sniffer Tech	Sniffer Certified Professional (SCP)	Identifies individuals with good working knowledge of Sniffer Pro Network analyzer to detect and troubleshoot common network problems.	http://www.sniffer.com/education/scpp.asp
	Sniffer Certified Expert (SCE)	Identifies individuals who’ve obtained SCP credentials, and passed any two exams on topics and technologies that include RMON, Ethernet, WAN, ATM, Windows, TCP/IP, or wireless analysis and troubleshooting topics.	http://www.sniffer.com/education/scpp.asp
	Sniffer Certified Master (SCM)	Identifies individuals who’ve obtained SCE credentials, and have passed three additional topic/technology exams.	http://www.sniffer.com/education/scpp.asp
WildPackets, Inc.	Applied Analysis Technician (AATech)	Identifies individuals with strong basic grounding in protocol analysis concepts and knowledge of related tools.	http://www.nax2000.com/index.php/aatech.html
	Protocol Analyzer Specialist (PAS)	Identifies individuals with advanced topics and expertise in capturing and interpreting protocol analysis trace files and performance statistics.	http://www.nax2000.com/index.php/pas.html
	Network Analysis Expert (NAX)	Identifies individuals who’ve passed the PAS, then go on to take additional Data Link and Area of Specialty knowledge exams, plus write a technical white paper. Knowledge exams include Ethernet, Wireless, TCP/IP, and Apple Networking topics.	http://www.nax2000.com/index.php/nax_expert.html

Page 1 of 4 Next >

Discussions

Make a New Comment

You must log in in order to post a comment.

Related Resources

OnSecurity (Audio + Video)

Recent Episodes

OnNetworking (Audio + Video)

Recent Episodes

See More Podcasts

Social Networking for the Anti-Socialites: By John Traenkenschuh on November 11, 2009 No Comments; How would Scrooge handle today's emphasis on social networking?

Would You Use an iPhone App for IT Certification Study?: By Tim Warner on September 29, 2009 No Comments; Hey there. I have a question for those of you who own either the Apple iPhone or iPod Touch device: would you purchase an app to help you prepare for your IT certification exams?

On the New Microsoft Virtual Lab Certification Items: By Tim Warner on September 20, 2009 No Comments; For several years now, Microsoft has included simulation items in some of their IT certification exams. Simulation items are intended to test the candidate’s hands-on expertise with the Microsoft product/technology under consideration. Much has happened in the virtualization space in ensuing years; the latest innovation is what is known as the Virtual Lab-based exam item.

See All Related Blogs