Linux Security
    Linux Security
    Linux Security

    Review: Practical Packet Analysis

    Posted By
    Everybody, from seasoned network administrators to people that just use the Internet to check the TV listings, will experience network problems at some point. Despite their varied technical knowledge, there is one tool that everybody can use: Wireshark. What's the quickest way to learn this fantastic tool? Read Practical Packet Analysis, by Chris Sanders, which provides all the basic information anybody needs to start troubleshooting their network.

    Date: June 06, 2007


    Title Practical Packet Analysis
    Authors Chris Sanders
    Pages 192
    ISBN 1-59327-149-2
    Publisher No Starch Press
    Edition 1st edition (May 2007)


    Practical Packet Analysis does a fairly god job of assuming a reader has no understanding about network communications and attempts to fill in the knowledge gap. At the same time, seasoned computer users will find the introduction chapters short and to the chase, giving the more intermediate to advanced level readers a quick refresher on network fundamentals.

    This book is about 'Packet Analysis' in the context of network troubleshooting. While anyone that intends to use Wireshark will probably benefit from this book, people looking for a howto on conduction of non-orthodox network activity should probably look elsewhere; the author only mentions such activities in passing or in the context of diagnosing a network.


    The book was written by Chris Sanders, who is the perfect person to write a book on the practical uses of a tool like Wireshark. As the network administrator of the Graves County Schools in Kentucky, he manages more the 1,800 workstations and 20 servers. Additionally he is a staff writer for and WindowsDevCenter,com and the author of the very popular article series Packet School 101.

    With the first two chapters, the book starts out with an explanation of the fundamentals of network communications and gives a general idea of what packet analysis is and what it can be used for. It then goes on to explain the various ways to physically connect to a network for packet analysis. Sanders does a good job of breaking down these somewhat complicated topics and presents the reader with the information they need to effectively read and use the rest of the book.

    The author then spends 3 chapters explaining Wireshark; first how to install and set it up, and then how to use it. Sanders explains simple topics like how to capture packets, create capture and display filters, and save your filters and captured packets. He then goes on to talk about more advanced features such as name resolution, protocol dissection, and following TCP streams. After these chapters, a reader should have a fairly good grasp of how to use Wireshark,

    After all the introduction and basic information about networks and Wireshark has been dealt with, the fun really starts. The remaining chapters cover everything that a reader will need to start investigating their own network problems. The author starts out by showing readers common trace files of the more popular protocols, i.e.the protocols the reader will most likely work with. This chapter is crucial to doing any real packet analysis. Sanders explains what each protocol's captured packets look like and how they use the information in them to accomplish their tasks. He then spends the remaining chapters presenting the reader with real life examples. The examples start out simple, such as discovering hidden programs that are accessing the network and figuring out where the network configuration errors are. After which he explains more advanced topics such as covertly listening to another workstations communications and diagnosing wireless network issues.


    This book was very informative and held up to the key word in it's title 'Practical'. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with WireShark. Most readers will not have a problem following along with the examples, even if they are shaky on some of the advanced network theory.

    The author did a great job of covering a wide range of typical network problems. When faced with an unknown problem, readers should be able to easily flip through the examples till they find one that is similar to their problem and then diverge as necessary to solve their issue.

    Review by: Daniel Boland


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.