Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems Paperback – May 27 2007
There is a newer edition of this item:
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your e-mail address or mobile phone number.
About the Author
Chris Sanders is currently the network administrator for a public school district in Kentucky. A Microsoft Certified Professional and Certified Wireless Network Administrator, he writes for WindowsNetwork.com, WindowsDevCenter.com, and maintains a blog at chrissanders.org. He is the author of Saving Money and Time with Virtual Server (O'Reilly Short Cut).
Inside This Book(Learn More)
Top Customer Reviews
To be quite frank, either the reviewers on Amazond.com that gave this publication a good review didn't bother reading the book or completely lack any technical knowledge.
Just my opinion...
Most Helpful Customer Reviews on Amazon.com (beta)
There are some typos and errors in the book (the Syn-Ack-Ack mentioned in two reviews is simply a typo in the diagram, the text on the same page correctly has it as Syn-Syn/Ack-Ack). Unfortunately, there are more serious errors than this, so there goes one star.
This is clearly a beginner's book, so some basic configuration explanations are needed to get Wireshark (and Cain and Able) set up properly. When the novice is presented with multiple network interfaces they can capture from, how do they decide which is the one to use? The author provides no help here, so the novice can do nothing but try each one in turn and see which one works. In my case, since I was using a notebook with a wireless connection, none of them worked in either program. Turning off promiscuous mode in Wireshark did the trick, but the author should have explained the need for that in the text. This book is about using these tools, so not explaining the basics is worth a star.
I downloaded the sample traces. The first one I tried: wrongdissector.dmp wasn't in the archive. An oversight perhaps? Let's try the next one in the text: suspectemployeechat.dmp. The content of this trace doesn't match the text all: the two individuals are chatting on a similar topic, perhaps, the contents of their conversation is complete different. There is no way to reconcile it with the text. Now we've moved from oversight to rubbish. Say goodbye to another star.
Final score: two stars out of five. If the publisher and/or their agents reads these reviews (they appear to have written some of them), please issue an errata and fix the download.
If you want serious, practical training in the use of WireShark, find out about the consummate expert in teaching this subject. Her name is Laura Chappell. Search the web for more info. She goes light years beyond any publication in print with on demand and live video seminars and training for the serious student. Chappell has numerous titles (10 or more) specific to this subject listed on Amazon.com.
by Jeanna Matthews". Both as reference books. See also my review on that.
Let's start by saying it's very annoying if you have to read other material or have some doubt about your own knowledge concerning specific topics and then afterwards it proved to be your understanding and assumptions WHERE RIGHT and the book presented something wrong like the three way TCP way handshake is not SYN - ACK - SYN, Richard Bejtlich mentioned. These are crucial aspects of protocol understanding, the main reason you would buy a book like this. Nevertheless some faults can be made and maybe in the next version of the book this is reviewed and solved.
Rob Faber [CISSP, CEH, MCSE]
After reading, I at least feel confidant enough that I can read a pcap file and make sense out of it.
If your a newbie to packet captures like I was, you will find this book very helpful.
Chris Sanders not only does a great job of introducing you to the mindset of packet analysis, he shows a side of it that most of the people I interact with don't consider...the day to day administrator's needs for a way to diagnose network problems.
If you live the world of network monitoring and information security then this books works for you as well. The concepts are what is important and they are presented very well.
As to those who say there are too many things like the mis-representation of the three-way handshake I say Thanks for pointing it out to the novice among us. For the novice, now you know, so...buy the book anyway. If I put a technical book back every time I saw a mistake that the proofer missed, I'd have empty shelves.
Thanks Chris for taking a tough subject and making it much easier to digest.