Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems Paperback – Jul 9 2011
|New from||Used from|
Frequently Bought Together
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
About the Author
Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
What do I think about this book? It is good for people who are familiar with computer science but didn't work with networks so far. Why? It simply requires some level of knowledge related to networking and to data is processing. On the other hand it is based on well known, easy accessible, GUI based application. This way, you can follow it quite easily, even though you are not perfectly familiar with all the network based concepts. I'd suggest this book as a starter for people who are thinking about working with packet analysis.Read more ›
Whether you are just starting out, or are more advanced, if you need to understand what is on your network, this book should be on your bookshelf. Chris Sanders has found a way to start from the first principles necessary to perform and understand packet analysis, while at the same time providing a book which is useful to the more advanced. The writing style is very easy to read and very logically organized. Figures are used on nearly every page and real life scenarios are woven throughout the text, reinforcing the material wonderfully.
The book is divided into 11 chapters divided roughly into a beginner, intermediate, and advanced sections.
The first four chapters are aimed at the beginner who is not very familiar with Wireshark.
The first chapter provides the basics of networking and packet analysis.
The second chapter delves into the basics of sniffing and sniffer placement.
Chapter three goes into a brief history of Wireshark, installing Wireshark and how to capture and read Wireshark packet captures.
In chapter four the basics of working with the Wireshark features are covered, including saving, exporting and merging capture files as well as capture options and filtering captures.
Chapters five to eight cover more advanced material.
In chapter five some of the additional Wireshark features are covered, including how to use the protocol dissectors, following TCP streams, and graphing.
Chapter six looks into some of the common lower layer protocols and how they look in Wireshark.
Chapter seven repeats the same exercise with some higher level protocols like HTTP, DNS, and DHCP.Read more ›
Most Helpful Customer Reviews on Amazon.com (beta)
This book is written for people who have little to no experience with packet analysis. It is also a good read for those who might have been out of the packet analysis game for a little while and need a quick read to brush up the skill-set. The book is well written and Sanders does an excellent job explaining things in a manner that is well understood. He eases the reader into explanations by going from layman to more technical jargon. The examples in the book match the title, they are practical and likely to be experienced in the real world. I would highly recommend this book to those who have little to no experience with packet analysis and are looking for a solid book to help them understand what many of the other books tend to explain in a lofty manner.
There are odd faults (for example, there's a diagram showing a Cisco router, except it's not). There are also some colloquialisms (such as when the author says "Why have chicken when you can have steak?"). And I was disappointed that IPv6 wasn't really covered at all.
If you're experienced with packet analysis and want to learn Wireshark, this book is good for you. If you're a beginner at packet analysis this book is also good.
Wireshark is a free, open-source tool that allows you to capture and analyze network traffic. With the communication captured, you can then easily tell it to filter on certain protocols, making reading the packet info much easier than it is in LoadRunner.
This book starts at ground level, assuming no user experience with packet analysis and/or packet sniffers. It can basically be divided into four sections.
The first covers packet analysis and network basics, and gives a nice overview of the OSI model.
The second covers Wireshark's basic and advance features.
The next covers common protocols like ARP, TCP and HTTP,
and in the last section, the author ties it all together with real world examples using familiar sites like, Facebook and ESPN, while explaining how to troubleshoot common network issues.
I like the hands-on approach the writer uses throughout the book. He clearly explains everything in a clear, concise manner. I also appreciated the fact that the author uses packet capture files in each example that can be downloaded and opened in Wireshark in order to follow along. I was able to follow all of the examples without any confusion -- which is kind of a big deal, since packet analysis at this level is a new subject for me. Well done!
The author also compares WIreshark (the selected sniffing tool) to some of the others, and clearly explains why he made the choice to use Wireshark. Time is spent familiarizing the reader with using Wireshark, covering installation and usage. The author also discusses how to write filters for capturing and displaying, which is essential to properly use the tool to wade through all the clutter. Finally, the packets that are typically found on a network are discussed and analyzed. The author points out many useful things that can be discovered by zeroing in on things like client/server latency (at different points throughout the TCP handshake) DNS abnormalities, and strange packets.
Also Security implications and intrusion detection are discussed, which I found to be extremely informative for the typical network administrator. FInally some real world scenarios are presented, at which point we examine real life packets to determine the cause of the network problems. This exercise was very helpful to tie in the previous knowledge with a practical hands on approach. Also much appreciated were the example packets. The author provides capture files that can be downloaded from his web site that allow you to follow along easily without requiring you to sniff the packets yourself. Screenshots are provided for those who don't have access to a computer with Wireshark installed, so it is easy to follow along regardless of your situation.
A very logical and easy to follow flow, mixed with excellent writing style make this a must read for any administrator. It is not a massive esoteric tome like a lot of the other books in its class, which makes it an excellent choice. Highly recommended!
Networking has always been something I've known just a little about, but I've never been anywhere close to an expert. While I knew about setting up a basic Windows network, that was about it. I took SANS Network Forensics (FOR 558) last year, which uses Wireshark some and learned a lot. Looking back, I can see how much better off I would have been had I read Practical Packet Analysis before the class. So much of what was discussed in class is covered in PPA in clear, concise explanations that would have made it easier for me when I took the forensics course.
This really is one of the best tech books I've ever read. I don't say that lightly, as I've read many good IT and computer forensics books. It is well written and easy to follow. The author has .pcap files available for download from the publisher website so the reader can follow along with the examples in the book. To me, this made learning the material that much easier, allowing me to see first hand what was being taught.
Another thing I like about this and other books from the publisher, No Starch Press, are the graphics. Screenshots of computer screens are often very difficult to make out in other publishers books, but I've noticed in all of my No Starch books they are easy to see.
Practical Packet Analysis is a must-read for anyone wanting to learn how to sniff and analyze packets. Highly recommended!