Packet analysis, protocol analysis, six of one, half a dozen of another, right? You might think so. Just do a web search on either term and you’ll find them used interchangeably by just about everyone out there, including the “experts.” But packet analysis is quite different from protocol analysis, and far more complete. Let me explain.
Protocol analysis is a subset of packet analysis. Protocol analyzers interrogate packet headers to first of all determine which protocol is being used for communication, like HTTP (always a well-understood example), and then to ensure that the rules of the protocol are being adhered to. Valuable, and somewhat complicated, analysis for sure, but this is strictly at the communication layer.
But what about when the protocol is absolutely correct, yet users are still raging about poor network performance? That’s when we need to get to deeper layers of analysis, or true packet analysis. Packet headers, which contain the information about the protocol, aren’t the only sources of information for network analysis. Packet payloads also contain critical information regarding the workings of your network, and when you include payload analysis with protocol analysis you get packet analysis – the complete solution. Packet analyzers can now address more complex network issues, like is it the network or a specific application that is causing a problem.
The answers lie in the packet payloads, and in packet, not just protocol, analysis.