Which statement best describes the function of a protocol analyzer?

• A. It blocks all traffic and prevents communications.
• B. It captures packets on the network and analyzes their contents to detect network problems.
• C. It encrypts data for secure transmission.
• D. It inspects only the header fields without payload.

Answer: (B)

A protocol analyzer, often called a packet sniffer, is used to gain visibility into network traffic by capturing the packets that traverse the network and decoding their contents. This lets you see headers and payloads, the sequence and timing of packets, and how different protocols behave, so you can diagnose issues such as misconfigurations, latency, dropped packets, and unusual traffic patterns. Because it’s meant to observe, it typically operates passively and doesn’t block or disrupt communications.

The other statements don’t fit because blocking all traffic is the job of firewalls or intrusion prevention systems, not a protocol analyzer. Encrypting data is the role of cryptographic techniques and devices, not packet capture and analysis. And while some tools can show headers, many protocol analyzers also examine payloads to provide the full context needed to diagnose problems, so limiting inspection to headers would miss important details.