I promised myself that when I finally got around to writing about packet analysis I wasn't going to waste valuable time discussing the basics of networking, the seven layers of the OSI model, yada, yada, yada...
Although these fundamentals are important, I firmly believe that protocol analysis is the only tool which enables you to truly learn networking...NOT the other way around. Though network experts often use analyzers, I hope to show you how mere novices can quickly learn the basics of protocol analysis and then leverage it as a learning tool. This approach will enable you to REALLY understand networking, not just know enough to pass your favorite certification exam.
How many times have you had a complex and challenging problem and felt like you were grasping at straws rather than working towards a solution? Does the reboot, reset, replace....repeat dance seem all too familar?
Solving problems like this is like a doctor studying bateria without a microscope...it's futile. A packet analyzer is a microscope into both the network AND the applications that run across the network. By examining problems at a packet level, combined with a deep understanding of the rules (protocols), and a logical methodology, you can isolate nearly any problem.
Firewall provide only a small bit of information regarding events that they log. Packet analysis is essential to understanding the true nature of any attack and to differentiate between real issues and the numerous false positives reported by firewalls.
Most network problems are due to someone or something unitentionally failing to follow protocol. Security attacks are often just intentional protocol violations--so the same basic analysis techniques are essential to both problem solving and security forensics.