Sunday, December 6, 2009

Analyzer 3.0 (alpha)

What does Analyzer?

Analyzer is not a simple network sniffer. Here there is a brief summary of what it can do.

Network Sniffer
Analyzer can capture (and display) packets on both the local machine and remote probes, thanks to the full support of the Remote Capture functionality of WinPcap.
Additionally, one of the most valuable point is the ability to parse network packets according to the protocol description contained in external files, which can be modified at run-time by the user. These files are written in the new NetPDL language; for who is interested in that, please read the Protocol Dissectors Section.
Advanced sniffing capabilities
Due to the full support of the WinPcap remote capture capabilities, Analyzer is able to display packets currently being captured on another (remote) host. This can be done even if the remote host is behind a firewall, thanks to the support of the Active Mode remote capture. Additionally, Analyzer supports also sampling in order to reduce the amount of traffic generated by the remote host toward Analyzer. Sampling is available also when capturing from a local interface.
End-to-end Reachability Monitor
Analyzer can monitor the reachability (through a set of ICMP ECHO, aka PING, packets) of remote host, saving data into a database and making additional statistics. The user can later retrieve historical data to see how the reachability of some host changed over time.
Additionally the user can set some alarm (e.g. "send an e-mail") in case of some event (e.g. "host down").
Local Network Host Monitor
Analyzer can discover the presence of the active station on your local network and display their MAC, IPv4 and IPv6 addresses, and their canonical name.
This module can monitor the availability of the stations and signal whether an host is up, is down, and so on. Furthermore, it can detect address spoofing (e.g. when the same IPv4/IPv6 address appears to bind more than one MAC addresses).
Additionally the user can set some alarm (e.g. "send an e-mail") in case of some event (e.g. "possible spoofing").
Network Sessions Logger
Analyzer can monitor the presence of TCP/UDP/ICMP "sessions" over the network, saving a database record for each session detected within a time frame. A summary of the session is then saved into a database for later processing.
Network Data Mining
Analyzer is able to apply Data Mining techniques to the database of the sessions, created with the Network Sessions Logger (NetLogger). This module is able to find some relevant relationships over the data which may be unexpected and it is able to give an insight about how the network looks like (e.g. which are the servers, which are the clients, and more). Furthermore, it can compare the relationships that come out from two different NetLogger databases and display the differences (e.g. a new server has been added to the network).
Event Handling
Analyzer has a module that manages events associated to the other modules and it executes the appropriate actions. The number of events and the actions associated to them are customizable by the user.


  • Analyzer is a tool that is still under development. Please be patient when you use it.
  • Analyzer could not work with earlier versions of Windows 95
  • Analyzer does not work in Windows CE
  • Some features could not be supported on all platforms

Analyzer Roadmap

The first step is to get the WinPcap 3.1 out. As soon as this library will be released, we will release a beta version of Analyzer.

A 3.0 final version of Analyzer should came in September 2005.

The 3.0 release will provide a first, affordable tool. For instance, a lot of users are pushing for getting the 3.0 final out, even if some of our objectives (in terms of functionalities) are not reached. Refinements are expected in the next minor releases.

Protocol Analyzer

Protocol analyzer extends your ability to troubleshoot enterprise networks by easily gathering trace files across the network, from the network core to the most isolated segments and everything in between.

A Protocol Analyzer is today considered an essential part of the Network Manager's toolkit. The traditional view is that analyzers are useful for troubleshooting networks while SNMP tools are better for trending and service management. This document asks if a Protocol Analyzer has a role to play in the day to day management of a network? Protocol Analyzers may cost many thousands of dollars, or they may be completely free. Manufacturers, of course, all claim, sometimes extravagantly, that their products will sort out all your problems when used on real life networks. Are these claims justified? Are the costly products genuinely better than the free ones? Will you find out more if you use an expensive product? Are the sophisticated features useful enough to justify the cost? How do you decide which product best suits your needs?
What can Protocol Analyzers be used for?

Protocol Analyzers, often called "packet sniffers" after Network Associates market leading Sniffer product, capture packets and decode them into their component parts. Whether free or costly analyzers all do the same basic job. It's fairly obvious how analyzers can be used to troubleshooting network problems. Once a problem is detected packets are captured and analyzed and the details of the communication can be worked out. But analyzers can do more than this and, in fact, turn out to be surprisingly useful in many aspects of network management.

Brimrose NIR Analyzer

A new series of miniature near-infrared (NIR) spectrometers is said to offer a cost-effective tool for inspecting incoming raw materials and product quality control. Compact, battery-powered Model 5030 ATOF-NIR Portable Analyzer from Brimrose Corp. of America, Baltimore, allows laboratory tests to be performed anywhere in a plant environment. The instrument, which sells for $28,000 (compared with $40,000 for larger units), is reportedly insensitive to ambient light, vibration, dust, and dirt. Its design allows for quick switchover from solids to liquids, and results appear instantly on its LCD. Applications include material identification or measurement of moisture content and active-ingredient levels. Once the instrument is calibrated, it reportedly can be used by an inexperienced operator.

gas analyzer

The Thermal and Evolved Gas Analyzer (TEGA) is a scientific instrument aboard the Phoenix spacecraft. TEGA's design is based on experience gained from the failed Mars Polar Lander. Soil samples taken from the Martian surface by the robot arm are eventually delivered to the TEGA, where they are heated in an oven to about 1,000ºC. This heat causes the volatile compounds to be given off as gases which are sent to a mass spectrometer for analysis. This spectrometer is adjusted to measure particularly the isotope ratios for hydrogen, oxygen, carbon, nitrogen, and heavier gases. Detection values as low as 10 parts per billion. The Phoenix TEGA has 8 ovens, which are enough for 8 samples.

A residual gas analyzer (RGA) is a small and usually rugged mass spectrometer, typically designed for process control and contamination monitoring in the semiconductor industry. Utilizing quadrupole technology, there exists two implementations, utilizing either an open ion source (OIS) or a closed ion source (CIS). RGAs may be found in high vacuum applications such as research chambers, surface science setups, accelerators, scanning microscopes, etc. RGAs are used in most cases to monitor the quality of the vacuum and easily detect minute traces of impurities in the low-pressure gas environment. These impurities can be measured down to 10 − 14 Torr levels, possessing sub-ppm detectability in the absence of background interferences.

RGAs would also be used as sensitive in-situ, helium leak detectors. With vacuum systems pumped down to lower than 10 - 5Torr—checking of the integrity of the vacuum seals and the quality of the vacuum—air leaks, virtual leaks and other contaminants at low levels may be detected before a process is initiated.

oxygen analyzer sensor

An oxygen analyzer sensor, or lambda sensor, is an electronic device that measures the proportion of oxygen (O2) in the gas or liquid being analyzed. It was developed by Robert Bosch GmbH during the late 1960s under supervision by Dr. Günter Bauman. The original sensing element is made with a thimble-shaped zirconia ceramic coated on both the exhaust and reference sides with a thin layer of platinum and comes in both heated and unheated forms. The planar-style sensor entered the market in 1998 (also pioneered by Robert Bosch GmbH) and significantly reduced the mass of the ceramic sensing element as well as incorporating the heater within the ceramic structure. This resulted in a sensor that both started operating sooner and responded faster. The most common application is to measure the exhaust gas concentration of oxygen for internal combustion engines in automobiles and other vehicles. Divers also use a similar device to measure the partial pressure of oxygen in their breathing gas.

Scientists use oxygen sensors to measure respiration or production of oxygen and use a different approach. Oxygen sensors are used in oxygen analyzers which find a lot of use in medical applications such as anesthesia monitors, respirators and oxygen concentrators.

There are many different ways of measuring oxygen and these include technologies such as zirconia, electrochemical (also known as Galvanic), infrared, ultrasonic and very recently laser. Each method has its own advantages and disadvantages.