Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems [Paperback]

First of all if you consider yourself an expert in packet analysis don't read this book to learn advanced techniques in packet analysis. Instead read this book as a teaching tool to help better explain packet analysis to others. I found myself reading this book and going "hey I wish someone would have explained it to me that way when I started" and "why didn't I explain it that way."
This book is written for people who have little to no experience with packet analysis. It is also a good read for those who might have been out of the packet analysis game for a little while and need a quick read to brush up the skill-set. The book is well written and Sanders does an excellent job explaining things in a manner that is well understood. He eases the reader into explanations by going from layman to more technical jargon. The examples in the book match the title, they are practical and likely to be experienced in the real world. I would highly recommend this book to those who have little to no experience with packet analysis and are looking for a solid book to help them understand what many of the other books tend to explain in a lofty manner.

Firstly, this is mostly a book about using the Wireshark protocol analyzer tool and secondly a book about packet analysis (in the sense that it does not have space to cover in detail all the sorts of protocol problems someone is likely to encounter). Nevertheless, it's a good book and I'd recommend it to anyone who's beginner to middling with Wireshark. It does a good job of explaining the use of Wireshark and in particular the various configuration options.

There are odd faults (for example, there's a diagram showing a Cisco router, except it's not). There are also some colloquialisms (such as when the author says "Why have chicken when you can have steak?"). And I was disappointed that IPv6 wasn't really covered at all.

If you're experienced with packet analysis and want to learn Wireshark, this book is good for you. If you're a beginner at packet analysis this book is also good.

The conversational style of the book and the basic idea are very sound. Some of the information is well presented. So we'll start with 5 stars and see where we end up.

There are some typos and errors in the book (the Syn-Ack-Ack mentioned in two reviews is simply a typo in the diagram, the text on the same page correctly has it as Syn-Syn/Ack-Ack). Unfortunately, there are more serious errors than this, so there goes one star.

This is clearly a beginner's book, so some basic configuration explanations are needed to get Wireshark (and Cain and Able) set up properly. When the novice is presented with multiple network interfaces they can capture from, how do they decide which is the one to use? The author provides no help here, so the novice can do nothing but try each one in turn and see which one works. In my case, since I was using a notebook with a wireless connection, none of them worked in either program. Turning off promiscuous mode in Wireshark did the trick, but the author should have explained the need for that in the text. This book is about using these tools, so not explaining the basics is worth a star.

I downloaded the sample traces. The first one I tried: wrongdissector.dmp wasn't in the archive. An oversight perhaps? Let's try the next one in the text: suspectemployeechat.dmp. The content of this trace doesn't match the text all: the two individuals are chatting on a similar topic, perhaps, the contents of their conversation is complete different. There is no way to reconcile it with the text. Now we've moved from oversight to rubbish. Say goodbye to another star.

Final score: two stars out of five. If the publisher and/or their agents reads these reviews (they appear to have written some of them), please issue an errata and fix the download.