Friday, October 07, 2011

Book Review: Practical Packet Analysis, 2nd Ed

Book Review: Practical Packet Analysis, 2nd Edition
Author: Chris Sanders
Published By: no starch press
ISBN: 978-1-59327-266-1

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

"It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it."

I was asked to review this book a while ago, and only recently having few long business trips, did i get the time to read it.

Packet Analysis, and getting down to the real under the bonnet workings of how devices communicate, has always been of interest to me. And i suppose everyone knows one of the best free tools for doing this is Wireshark.

Chris Sanders has updated this second edition with new content, and starts right at the beginners level of what packet analysis is, how to capture traffic in various scenarios and how to use Wireshark to then analyize that data. The book is almost a beginners course to Wireshark in itself.

Its no way as detailed as a book from Bejtlich or Chappell, but if you are a beginner and want to learn how to use wireshark, and how to create filters, merge captures, follow TCP streams, and bring up statistics on conversations happening in the network, then you will get something from the book.
In addition to going over the Wireshark interface, Sanders also takes the user through the basics of many protocols, and produces captures to back up the theory of each, which can all be downloaded  from the no starch website.

There are also small sections on packet analysis for security and wireless, to get you started on your quest for knowledge in these areas.

Overall, i enjoyed the book, and if you are not looking to jump in at the deepend, but learn something new about Wireshark, and how common protocols work then this book is for you.

No comments: