Vendors such as Agilent Technologies, Fluke Networks, McAfee, Network Instruments, and RADCOM have offered portable hardware-only network protocol analyzers for years. The field is becoming crowded with rack-mounted, appliance-based packet-capturing agents that are built for distributed environments.

The primary benefits of using a hardware-based product are threefold: mobility, increased capturing throughput, and media flexibility. Since the early days of the long-gone portable Network General Sniffer product, vendors have understood that network protocol analyzers are rarely plugged into one port and left alone. More often, they're lugged along by the network administrator heading to the latest network crisis. Another benefit of a hardware-based protocol analyzer is that, because most of the product's functionality is loaded onto specialized processing chips, it can capture more information faster, without dropping packets due to data overload. Many gigabit products require hardware-based solutions to keep up with line speeds. The third major benefit of hardware-based solutions is that typically they provide more network connection options than software-based protocol analyzers. Most software-based network protocol analyzers can connect only to Ethernet or token-ring networks. Hardware-based solutions usually have a myriad connection possibilities that range from LAN, WAN, and wireless to circuit-based telco lines.

If you're considering buying a hardware protocol analyzer, here are some questions to ask about the product:

  • How is the device managed—through a local console port or interface or through remotely connected software?
  • How much data can the hardware contain? Some products can store gigabytes of information; others are limited to hundreds of kilobits.
  • Can you save your data externally, and if so, to what file formats?
  • Can you print out reports?
  • Can you update the device's functionality easily? How often does the vendor release updates?

Although hardware-based protocol analyzers are typically more expensive than their software-based counterparts, if you need to analyze high-speed connections or a variety of network types, they're probably the better choice.