PRACTICAL PACKET ANALYSIS by Chris Sanders


Summary: quite good introduction into the topic

Practical packet analysis is related, in fact, to a single product – Wireshark. Chris mentions other tools as well (in an Appendix), but he mostly focuses on this, particular tool. Wireshark allows you to analyze what’s going on within the wires of your network. Listening to the wire is not that easy as you may think in the first place. First of all, it’s good to know the terminology. Chris provides you with the exact knowledge you need. You will learn just enough to get started and will be told what are the differences between switches, routers, hubs, taps are. You will also know what ARP and OSI mean as well as many other abbreviations. What I specially liked within theory related section was some sort of analysis when to focus on particular device for sniffing and how to utilize it to it’s extent. One remark here. For people totally fresh in network terminology I’d suggest something additional and better (easier) explained. I think, at some places book might be hard to follow. Especially when Chris discusses topics like packet components, uses computer related arithmetic, and provides not that much detailed explanation of some topics. In fact, I’d suggest this book to intermediate readers who already know something about computers and networks.

What do I think about this book? It is good for people who are familiar with computer science but didn’t work with networks so far. Why? It simply requires some level of knowledge related to networking and to data is processing. On the other hand it is based on well known, easy accessible, GUI based application. This way, you can follow it quite easily, even though you are not perfectly familiar with all the network based concepts. I’d suggest this book as a starter for people who are thinking about working with packet analysis.

I particularly liked what Chris says at the beginning of 4th chapter: “As you perform packet analysis, you will find that a good portion of the analysis you do will happen after your capture.” This is certainly true. And this sentence tells very important thing. Good network analysis is not only based on listening to the wire. In fact, it is based on a deduction. It’s like detective’s work.

Product page:

O’Reilly: http://oreilly.com/catalog/9781593272661
Amazon (in Books): Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Amazon (Kindle): Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

August 14th, 2011 in ****, General