How to choose Analyzer??

Choosing a protocol analyzer is not something that you should jump right into. There are several good candidates out there. The three most popular ones that I know of are Sniffer from Sniffer Technologies aka Network Associates), Etherpeek and Ethereal I used to recommend a fourth candidate from Novell but they seem to have stopped supporting their software based analyzer. I haven't seen any new protocol decodes released for several years.

The cost of these ranges from free (in the case of Ethereal) to more than $10,000 for a fully equipped Sniffer package from Network Associates. I encourage you to get an eval copy of the above mentioned sniffers and run them through their paces. Etherpeek and Ethereal can be downloaded while Sniffer will require you to fill out a form and someone will call you in a couple of days to follow up.

You won't have to delve deep into the guts of a packet or need to decode the parts that make up a packet frame to see a problem. When I have used a protocol analyzer in the past, I have found problems by finding abnormal traffic on the network. Just like your anti-virus software, you should also keep the protocol decodes up to date. This will allow you to see the traffic that is on the wire.

Most of the vendors will offer some type of training to help you use their product to its fullest. One last option comes from Laura Chappell. Laura travels the world giving seminars on how to use protocol analyzers and has written several books on the subject. for packet trace files she has made available for download and for books she has written on the subject. If you have the chance, go hear her speak either at Novell's Brainshare conference or at other events. This is money well spent!