Why Protocol Analysers are such Good Tools

Why Protocal Analysers are such good tools

Peter McKenzie spoke at our last WLPC Phoenix 2017 Conference on the topic: “The Magic of Analysis”. A major focus of his presentation was on tools that can assist with troubleshooting and how he has used the Protocol Analyser to help him solve his client’s network problems faster. He referred to the protocol analyser as a “magic wand” that can allow us to look like real experts to our clients based on the visibility it provides to locate problems and provide solutions faster. **note -In this article we use the UK spelling of “analyser” as opposed to the US version of “analyzer” since this material was from Peter’s presentation

Protocol Analyser and Visibility

Protocol analysers allow us to see what is happening on a network and give us visibility where you might not normally have it.

The packets never lie.

You may think you know how you configured your network. You might think you know what it is doing and what is happening, however it is the packet which shows you what is actually happening. This at times can be quite different from what you think should be happening on the network. Protocol analysers provide visibility that others who have been trying to fix a problem never had. Without the visibility the analyser provides someone will typically follow the process of checking configurations several times and reviewing logs over and over again.

Limitation of a Protocol Analyser

Sometimes the problem is not manifested in packets and so part of any troubleshooting toolkit should also be a Spectrum Analyser. This provide insight into what is happening at Layer 1. Even when the problem is not manifested in the packets, looking at an analyzer can still give an indication of what the problem might be. A lack of packets can still point to where the problem is.

4 Ways to leverage the Protocol Analyser?


The protocol analyser can save time when troubleshooting. Often the protocol analyser is seen as a last resort. Only until after the wireless LAN professional has gone through a procedure of checking the configuration, and then looking at the logs, and then exploring many other possible solutions do they think to pull out the protocol analyser. If the protocol analyser is the tool to count on when everything else fails, why not use it first? Using the protocol analyzer will help solve troubleshooting problems much faster than looking at the switch configurations.

Performance analysis

The protocol Analyser is also a good tool for performance metrics and analysis. While there may not be a problem with the network, it is still worth looking at:

  • How the network functions?
  • What the channel utilization looks like?
  • What is the retry rate?
  • What channels is the network operating on?


A protocol analyser is a good tool for baselining. Instead of waiting for problems to arise, use the analyzer to figure out what “normal” is on a network. Discover what the average number of retries, as one example. Using the protocol analyzer will help clarify  802.11 environments and provide a better understanding of how to quickly address issues when the do arise


Analysers are great for education. To know how Wi-Fi really works, one can read books or read standards, but there is no better way than having a look at the protocol.

Tips for troubleshooting 

#1 Make no assumptions of what the problem might be

Often times the reason people can’t fix a problem or troubleshoot networks is they have made an assumption of what the problem is and can’t see past that.

#2 Observe the problem (whenever possible)

To be able to troubleshoot a problem it’s best to observe it firsthand. It’s important to know what is actually happening on the network. Real time observation is obviously much more accurate than common complaints like:

  • “We haver users in this area and we’re getting kicked off the network”
  • “Users can never get connected to the network”’
  • “They keep getting kicked off the Wi-Fi”
  • “There must be something wrong, we think it’s interference. Could you bring your spectrum analyzer down and have a look for us?”

Being able to observe the problem firsthand will help pinpoint the solution to the problem.

#3 Troubleshooting is a lot like detective work

When troubleshooting it’s important to look for leads. When  looking at leads, look for anything unusual or suspicious. This suspicion might be in the protocol, nodes, and conversations. Once there are leads, just like a good detective it’s time to follow up on each lead until you find the main problem. Of course this all goes back to “knowing the protocols”…

This is just a taste of all that Peter shared. He goes into much more detail and this presentation is definitely worth going through when you have the time. Be sure to watch the whole thing here and let Peter know what you thought or if you have more questions – you can reach out to him via twitter @MackenzieWiFi