The Time Has Come for Packet Analysis


The Rolling Stones once wrote a song about how time waits for no one, but the inverse is also true today. These days, no one waits for time; certainly not government personnel who depend on speedy networks to deliver mission-critical applications and data.

Fortunately, agency administrators can employ deep packet-level analysis to ensure the efficiency of their networks and applications. Packet-level analysis involves capturing and inspecting packets that flow between client and server devices. This inspection can provide useful information about overall network performance, including traffic and application response time, while fortifying network security.

Before we get into how this works, let’s take a minute to go back to the concept of time – specifically, network response time (NRT), also known as network path latency. NRT measures the amount of time required for a packet to travel across a network path from sender to receiver. When latencies occur, application performance can be adversely impacted.

Some applications are more prone to latency issues – we’ve all seen our videos stutter and our voice calls experience delays. However, even lower bandwidth applications aren’t completely immune. This type of latency can seriously hamper communications and productivity within agencies.

End-users commonly think that these problems are the result of a “slow network,” but that may not necessarily be true. It could be the application itself, the network, or a combination of both.

Packet analysis can help identify whether the application or network is at fault. Managers can make this determination by calculating and analyzing both application and network response time. This allows them to attack the root of the problem without wasting time pointing their resources in the wrong places.

They can also use analysis to calculate how much traffic is using their networks at any given time. This is critically important for two reasons: first, it allows administrators to better plan for spikes in traffic, and second, it can help them identify abnormal traffic and data usage patterns. The latter is highly useful information that can alert managers to unusual activity and potential security threats.

Finally, administrators can identify which applications are generating the most traffic. Packets can be captured and analyzed to determine data volume and transactions, among other things. This can help managers identify applications and data usage that may be putting a strain on their networks.

The challenge is that, traditionally, packet-level analysis has typically been either too difficult or expensive to manage. There’s a free powerful open source tool called Wireshark, but it’s also a bit difficult to wrangle for those who may not be familiar with it (kind of like a real shark). Many proprietary tools are full-featured and easier to use, but their expensive price tags will inevitably take a shark-size bite out of federal IT professionals’ already constrained budgets.

The good news is that some standard network monitoring tools now include packet analysis as another key feature. That makes sense, because packet analysis can play an important – and very precise – role in making sure that networks continue to run efficiently. As a result, federal IT administrators now have more options to reach deep into their packets and honor the words that Mick Jagger once sang: “Hours are like diamonds. Don’t let them waste.”


By Joel Dolisy, CIO, SolarWinds

DLT Staff