|Title||Practical Packet Analysis|
|Publisher||No Starch Press|
|Edition||1st edition (May 2007)|
Audience:Practical Packet Analysis does a fairly god job of assuming a reader has no understanding about network communications and attempts to fill in the knowledge gap. At the same time, seasoned computer users will find the introduction chapters short and to the chase, giving the more intermediate to advanced level readers a quick refresher on network fundamentals.
This book is about 'Packet Analysis' in the context of network troubleshooting. While anyone that intends to use Wireshark will probably benefit from this book, people looking for a howto on conduction of non-orthodox network activity should probably look elsewhere; the author only mentions such activities in passing or in the context of diagnosing a network.
Summary:The book was written by Chris Sanders, who is the perfect person to write a book on the practical uses of a tool like Wireshark. As the network administrator of the Graves County Schools in Kentucky, he manages more the 1,800 workstations and 20 servers. Additionally he is a staff writer for WindowsNetworking.com and WindowsDevCenter,com and the author of the very popular article series Packet School 101.
With the first two chapters, the book starts out with an explanation of the fundamentals of network communications and gives a general idea of what packet analysis is and what it can be used for. It then goes on to explain the various ways to physically connect to a network for packet analysis. Sanders does a good job of breaking down these somewhat complicated topics and presents the reader with the information they need to effectively read and use the rest of the book.
The author then spends 3 chapters explaining Wireshark; first how to install and set it up, and then how to use it. Sanders explains simple topics like how to capture packets, create capture and display filters, and save your filters and captured packets. He then goes on to talk about more advanced features such as name resolution, protocol dissection, and following TCP streams. After these chapters, a reader should have a fairly good grasp of how to use Wireshark,
After all the introduction and basic information about networks and Wireshark has been dealt with, the fun really starts. The remaining chapters cover everything that a reader will need to start investigating their own network problems. The author starts out by showing readers common trace files of the more popular protocols, i.e.the protocols the reader will most likely work with. This chapter is crucial to doing any real packet analysis. Sanders explains what each protocol's captured packets look like and how they use the information in them to accomplish their tasks. He then spends the remaining chapters presenting the reader with real life examples. The examples start out simple, such as discovering hidden programs that are accessing the network and figuring out where the network configuration errors are. After which he explains more advanced topics such as covertly listening to another workstations communications and diagnosing wireless network issues.
Opinion:This book was very informative and held up to the key word in it's title 'Practical'. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with WireShark. Most readers will not have a problem following along with the examples, even if they are shaky on some of the advanced network theory.
The author did a great job of covering a wide range of typical network problems. When faced with an unknown problem, readers should be able to easily flip through the examples till they find one that is similar to their problem and then diverge as necessary to solve their issue.
Review by: Daniel Boland