on March 31, 2012
Whether you are just starting out, or are more advanced, if you need to understand what is on your network, this book should be on your bookshelf. Chris Sanders has found a way to start from the first principles necessary to perform and understand packet analysis, while at the same time providing a book which is useful to the more advanced. The writing style is very easy to read and very logically organized. Figures are used on nearly every page and real life scenarios are woven throughout the text, reinforcing the material wonderfully.
The book is divided into 11 chapters divided roughly into a beginner, intermediate, and advanced sections.
The first four chapters are aimed at the beginner who is not very familiar with Wireshark.
The first chapter provides the basics of networking and packet analysis.
The second chapter delves into the basics of sniffing and sniffer placement.
Chapter three goes into a brief history of Wireshark, installing Wireshark and how to capture and read Wireshark packet captures.
In chapter four the basics of working with the Wireshark features are covered, including saving, exporting and merging capture files as well as capture options and filtering captures.
Chapters five to eight cover more advanced material.
In chapter five some of the additional Wireshark features are covered, including how to use the protocol dissectors, following TCP streams, and graphing.
Chapter six looks into some of the common lower layer protocols and how they look in Wireshark.
Chapter seven repeats the same exercise with some higher level protocols like HTTP, DNS, and DHCP.
Chapter eight is my favorite section, walking through some real world packet analysis scenarios.
Chapters nine through eleven present even more advanced material, including troubleshooting network issues, using Wireshark for security analysis and analyzing wireless packets.
This is a very good book for the beginning or novice network analyst and an excellent reference for the more advanced analyst. If you use or are hoping to use Wireshark this book will be a useful addition to your bookshelf.
on August 14, 2011
Practical packet analysis is related, in fact, to a single product ' Wireshark. Chris mentions other tools as well (in an Appendix), but he mostly focuses on this, particular tool. Wireshark allows you to analyze what's going on within the wires of your network. Listening to the wire is not that easy as you may think in the first place. First of all, it's good to know the terminology. Chris provides you with the exact knowledge you need. You will learn just enough to get started and will be told what are the differences between switches, routers, hubs, taps are. You will also know what ARP and OSI mean as well as many other abbreviations. What I specially liked within theory related section was some sort of analysis when to focus on particular device for sniffing and how to utilize it to it's extent. One remark here. For people totally fresh in network terminology I'd suggest something additional and better (easier) explained. I think, at some places book might be hard to follow. Especially when Chris discusses topics like packet components, uses computer related arithmetic, and provides not that much detailed explanation of some topics. In fact, I'd suggest this book to intermediate readers who already know something about computers and networks.
What do I think about this book? It is good for people who are familiar with computer science but didn't work with networks so far. Why? It simply requires some level of knowledge related to networking and to data is processing. On the other hand it is based on well known, easy accessible, GUI based application. This way, you can follow it quite easily, even though you are not perfectly familiar with all the network based concepts. I'd suggest this book as a starter for people who are thinking about working with packet analysis.
I particularly liked what Chris says at the beginning of 4th chapter: 'As you perform packet analysis, you will find that a good portion of the analysis you do will happen after your capture.' This is certainly true. And this sentence tells very important thing. Good network analysis is not only based on listening to the wire. In fact, it is based on a deduction. It's like detective's work.