Network analysis (computer science)

from Wikipedia, the free encyclopedia

Network analysis in the field of data communication is the activity in which the so-called LAN analysis is carried out.

Classification and demarcation

Elements of the network analysis are:

  • Recording and evaluation of the data traffic
  • Statistics on traffic volumes and directions
  • Traffic matrix: who with whom, when, how much?
  • Investigation of the application behavior
  • Comparison with documentation (target / actual comparison)
  • Understanding the "medical history": migrations, upgrades, etc.

Network analysis is not the same as LAN analysis. In fact, the analysis of the entire communication network is more comprehensive, since not only the communication between the network components is taken into account, but also the internal events of the clients, servers, printers, routers, etc.

Analysis and documentation

Network analysis is linked to the processing and supplementing of existing and often incomplete documentation as a result of too strong division of labor in the company.

In the event of an error it often shows:

  • Something was tested “well” in the pilot project, there are malfunctions in the “live” network (quantity structure).
  • What a department puts into operation without close coordination with others can fail.

The knowledge of error conditions and possible solutions is usually present in the sum of all those involved, but they also have to communicate with each other, exchange documentation, etc.

The practical part of the network analysis, the LAN analysis, not only finds errors, but also provides the documentary basis for a better future approach in the event of migrations, roll-outs, etc.

The value of documentation is generally recognized, but usually does not take up enough space in the daily routine.

methodic procedure

The so-called OSI model of data communication is in many cases a helpful approach to structure the network analysis or to bring it to an orderly procedure.

A common procedure is to first test the physics, then to check the data transfer (routing), then to view the dialog behavior (transport) and, at the end, to examine the application behavior.

The necessary documentary work is carried out in parallel for each of these steps.

Network monitoring and network management

Network analysis is generally understood to mean the reactive consideration of data traffic. In fact, real-time methods are also part of every analysis.

  • Network monitoring: passive observation of communication, generation of statistics
  • Network management: active control of the components including error control

Security analysis

Network analysis is also security analysis. Countering possible attacks from inside and outside with effective means at the earliest possible point in time is a daily requirement in practice, since the attack techniques are being pushed further and further.

Questions are: Do the firewall systems block unwanted visitors and / or services? Are the server security guidelines sufficient? Is the anti-virus software on the client PCs always up to date? How are external technicians treated with their laptops, provided they are in contact with the data network? Is the radio network (WLAN) sufficiently secured (encrypted)?

An as-is recording in this environment is very time-consuming, but essential once or twice a year. So-called audits should be carried out regularly.

The Federal Office for Information Security (BSI) provides information on this topic.

Tools

Technical tools are:

  • Cable tester (cable scanner)
  • Monitoring software ( e.g. Nagios , NTop, Zabbix etc.)
  • LAN analyzers → sniffers
  • Documentation software (e.g. Visio)
  • System analysis software (registry checks, DLL tests, etc.)

Web links