Home > Articles > Certification > Cisco Certification > CCIE

Understanding Protocol Analysis

📄 Contents

  1. The Protocol Analysis Certification Landscape
  2. Understanding the Protocol Analysis Certifications
  • Print
  • + Share This
  • 💬 Discuss
From the author of
Protocol analysts know how to employ esoteric hardware and/or software tools to examine traffic in motion across a network. Furthermore, they know how to decode and understand the implications of what they see in that data stream, where network pathologies, outside or inside attacks, poorly designed applications, and strange network layouts, among many other causes, can make life interesting. Author and columnist Ed Tittel explains why such esoterica may not only be of interest, but also of great value to your career as he explores certifications available in this essential technical field.
Editor's Note: Content updated on April 28, 2003.

Also note Ed's more recent (2011) article, Working with Protocol Analyzers and Related Certifications.

 

Before I can wax too eloquent on the various certifications that relate to protocol analysis, it’s probably a good idea to explain and explore the subject matter for such credentials. To that end, let me offer the following definition: “Protocol analysis consists of employing proper software and/or hardware tools to capture, decode, interpret, and react to the contents of data packets as they transit a network’s media.”

A fundamental tool for protocol analysis is something called a protocol analyzer. As the preceding definition implies, such tools come in software-only and hardware/software flavors. Some of this software is Open Source, available to anyone who wants to download it at no charge; other software is commercial and can cost as much as several thousand dollars. Special hardware/software combinations can cost $10,000 or more. In fact, where interfaces to high-speed media like ATM or SONET place high demands on hardware processing capability, speed, buffering, and so forth, high-end, high-speed protocol analyzers can cost upwards of $25,000.

The bodies of knowledge relevant to protocol analysis span the ISO/OSI Reference Model from Layer 1 (hardware, connections, and so forth) all the way through Layer 7 (application interfaces). But the primary emphasis in this field—except when working with software developers to test or debug code—falls from layers 2 (Data Link) through 5 (Session). Nevertheless, a strong background in networking fundamentals is a must for would-be protocol analysts, especially in the layers most relevant to designing and implementing physical networks. The following topics are entirely germane to this kind of work (and thus, to related certifications):

  • Networking hardware. Cables, connectors, interfaces, hubs, bridges, routers, and other networking devices
  • Network topology and design. How to deploy and employ networking technologies from 10 Mbps up to 1 Gbps and beyond
  • Network addressing and routing. How to design, implement and troubleshoot common network addressing, subnetting and supernetting, and name resolution services
  • Common network protocol suites. Includes some or all of TCP/IP, IPX/SPX, NetBEUI, frame relay, ATM, X.25, and so forth
  • Common network services. Includes protocol-related request-reply sequences, traffic patterns, related packet formats, and so forth
  • Network attack and pathology signatures. Includes common attacks (Denial of Service, Distributed Denial of Service, Ping of Death, etc.) and misbehaviors (broadcast storms, excessive errors, etc.)

It’s not at all unreasonable to think of protocol analysis as a kind of cap to one’s career as a network professional. By extension, this make a protocol analysis certification likely to fall rather later than earlier in one’s career, and itself to be a kind of capstone for other, less formidable certifications.

The Protocol Analysis Certification Landscape

As is true for so many other kinds of IT certifications, protocol analysis credentials come in both vendor-neutral and vendor-specific sorts. For the former, this means a more general, catholic approach to the tools used for analysis as well as to the protocol suites subject to analysis; for the latter, it means focusing on specific analytical tools, but also usually implies a rather more open view on protocol suites and related services. Table 1 provides a list of useful credentials that can serve as warm-ups to protocol analysis certifications; Table 2 covers the small number of “pure” protocol analysis certifications currently available.

Table 1—Protocol Analysis Certifications

Vendor/Org

Title (Acronym)

Explanation

URL

Brainbench

IP Routing & Switching

General IP and routing concepts

http://www.brainbench.com/xml/bb/
common/testcenter/taketest.xml?testId=113

 

Networking Monitoring

General network monitoring, management & protocols

http://www.brainbench.com/xml/bb/
common/testcenter/taketest.xml?testId=424

 

LAN/WAN Communications

Covers LAN/WAN protocols & architectures (general)

http://www.brainbench.com/xml/bb/
common/testcenter/taketest.xml?testId=122

Cisco Systems

Certified Internetwork Professional (CCIP)

For individuals who work in Cisco-intensive environments; concentrations in IP routing, IP multicast, cable, IP telephony, or DSL will lead nicely into protocol analysis.

http://www.cisco.com/warp/public/10/
wwtraining/certprog/c_and_s/ccip

 

Cisco Security Specialist

Focuses on Cisco systems and tools, but provides thorough training in protocol structures and attack signatures.

http://www.cisco.com/warp/public/10/
wwtraining/certprog/cqs/security

 

Certified Internetwork Expert (CCIE)

Cisco’s premier certification requires protocol knowledge and some analysis skills (mostly at Layers 2 and 3).

http://www.cisco.com/warp/public/625/ccie/

Global Knowledge

TCP/IP Network Analyst

To demonstrate IP management expertise, including IP internetworking, trouble-shooting, and management.

http://www.globalknowledge.com/training/
certification_listing.asp?PageID=12&certid=243&country=United+States#

 

Telecommunications Analyst

To demonstrate expertise in DSL, ATM, and Frame Relay; includes coverage of telecomm fundamentals I and II, plus converging voice and data networks.

http://www.globalknowledge.com/training/
certification_listing.asp?PageID=12&certid=189&country=United+States#

 

VoIP Engineer

To demonstrate expertise on structure, components, and architecture of voice and data networks, including ATM, Frame Relay, plus explicit VoIP protocols and designs

http://www.globalknowledge.com/training/
certification_listing.asp?PageID=12&certid=190&country=United+States#

Learning Tree

Local Area Networks Certified Professional

To identify individuals qualified to work as network managers, systems analysts, engineers, planners, IS and IT professionals, or support technicians involved in day-to-day network planning, operations, and management.

http://www.learningtree.com/us/cert/progs/7065.htm#

 

TCP/IP Certified Professional

To identify individuals qualified to work as network or system administrators, network planners or support personnel, or system analysts in environments where TCP/IP protocols and services are in use.

http://www.learningtree.com/us/cert/progs/7045.htm#

Lucent Tech

Lucent Certified Technical Expert (LCTE)

Lucent offers associate and specialist credentials in ATM, Frame Relay, internetworking, DSL, VoIP, and VPNs that should all provide good preparation for protocol analysis.

http://www.gocertify.com/vendors/Lucent.shtml

NACSE

Senior Network Specialist (NSNS)

Identifies advanced networking and telecom specialists with good knowledge of network design, protocols, services, and troubleshooting.

http://www.nacse.com/pages/whois/cert/
datanetwork/datanetworkflow.htm

 

Telecom Technician Level 1/2 (NTT1, NTT2)

Identifies beginning (L2) and advanced (L1) expertise in servicing, troubleshooting, and repairing voice and data networks.

http://www.gocertify.com/vendors/NACSE.shtml

Remember, the intent of including these warm-up certifications for protocol analysis is to identify programs where protocols and services receive enough attention and coverage to help individuals prepare for the items covered in Table 2. None of the credentials covered in Table 1 would qualify an individual who attained them as a “protocol analyst” (this is especially true of the CCIE which, despite its profound cachet and market value, does not mold truly well-rounded protocol analysts).

Table 2—"Pure" Protocol Analysis Certifications

Vendor/Org

Title (Acronym)

Explanation

URL

Pine Mtn Group

Certified NetAnalyst-Cross Technology

Formerly the NetAnalyst Level I, this credential focuses on general protocol analysis and identifies those who seek to design, manage, and troubleshoot production networks, LANs, and WANs.

http://www.pmg.com/cna_chart.htm

 

Certified NetAnalyst-Architect

Formerly the NetAnalyst Level II, this credential focuses on more advanced network analysis concepts, techniques, and technologies.

http://www.pmg.com/cna_chart.htm

Sniffer Tech

Sniffer Certified Professional (SCP)

Identifies individuals with good working knowledge of Sniffer Pro Network analyzer to detect and troubleshoot common network problems.

http://www.sniffer.com/education/scpp.asp

 

Sniffer Certified Expert (SCE)

Identifies individuals who’ve obtained SCP credentials, and passed any two exams on topics and technologies that include RMON, Ethernet, WAN, ATM, Windows, TCP/IP, or wireless analysis and troubleshooting topics.

http://www.sniffer.com/education/scpp.asp

 

Sniffer Certified Master (SCM)

Identifies individuals who’ve obtained SCE credentials, and have passed three additional topic/technology exams.

http://www.sniffer.com/education/scpp.asp

WildPackets, Inc.

Applied Analysis Technician (AATech)

Identifies individuals with strong basic grounding in protocol analysis concepts and knowledge of related tools.

http://www.nax2000.com/index.php/aatech.html

 

Protocol Analyzer Specialist (PAS)

Identifies individuals with advanced topics and expertise in capturing and interpreting protocol analysis trace files and performance statistics.

http://www.nax2000.com/index.php/pas.html

 

Network Analysis Expert (NAX)

Identifies individuals who’ve passed the PAS, then go on to take additional Data Link and Area of Specialty knowledge exams, plus write a technical white paper. Knowledge exams include Ethernet, Wireless, TCP/IP, and Apple Networking topics.

http://www.nax2000.com/index.php/nax_expert.html

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus