1. Protocol Analyzer:
   1. A tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel that uses a standard communication protocol.
2. Packet Analyzer:
   1. Also known as a packet sniffer. A computer program or piece of computer hardware that can intercept and log traffic that passes over a network.
   2. Packet Capture:
      1. The process of intercepting and logging packet traffic with a packet analyzer.
3. Examples:
   1. Wireshark
      1. A free and open source packet (and protocol) analyzer used for network troubleshooting, analysis, software and communications protocol development, and education.
      2. Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets; it runs on Linux, macOS, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows.
      3. Wireshark Cheat Sheet:
         1. http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
   2. tcpdump
      1. A common packet analyzer that runs on the command line.
      2. It allows the user to display packets being transmitted or received over a network to which the computer is attached.
      3. Tcpdump is free and open-source.
      4. Tcpdump works on most Unix-like operating systems. On those systems, tcpdump uses the libpcap library to capture packets.
      5. On Windows, tcpdump is called WinDump; it uses WinPcap, the Windows port of libpcap.
      6. Tcpdump Cheat Sheet:
         1. http://packetlife.net/media/library/12/tcpdump.pdf
   3. hping3
      1. A command-line oriented TCP/IP packet assembler/analyzer.
      2. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests.
      3. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
      4. While hping was mainly used as a security tool in the past, it can be used in many ways by people that don’t care about security to test networks and hosts. A subset of the stuff you can do using hping:
         1. Firewall testing
         2. Advanced port scanning
         3. Network testing, using different protocols, TOS, fragmentation
         4. Manual path MTU discovery
         5. Advanced traceroute, under all the supported protocols
         6. Remote OS fingerprinting
         7. Remote uptime guessing
         8. TCP/IP stacks auditing
         9. hping can also be useful to students that are learning TCP/IP.
      5. hping3 Cheat Sheet:
         1. https://cyberwar.nl/d/cheatsheets/hping3_cheatsheet_v1.0-ENG.pdf
   4. scapy
      1. Secure Capture in Python. A packet manipulation tool for computer networks, written in Python by Philippe Biondi.
      2. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.
      3. scapy Cheat Sheet:
         1. http://packetlife.net/media/library/36/scapy.pdf