Practical Packet Analysis, 2nd Edition
Using Wireshark to Solve Real-World Network Problems
by Chris Sanders

July 2011, 280 pp.
ISBN: 978-1-59327-266-1
Contents | Reviews | Updates

It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network?

With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You'll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you're on your way to packet analysis proficiency.

Learn how to:

  • Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
  • Build customized capture and display filters
  • Monitor your network in real-time and tap live network communications
  • Graph traffic patterns to visualize the data flowing across your network
  • Use advanced Wireshark features to understand confusing captures
  • Build statistics and reports to help you better explain technical network information to non-techies

Practical Packet Analysis is a must for any network technician, administrator, or engineer. Stop guessing and start troubleshooting the problems on your network.

About the Author

Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.

Table of Contents

Chapter 1: Packet Analysis and Network Basics
Chapter 2: Tapping into the Wire
Chapter 3: Introduction to Wireshark
Chapter 4: Working with Captured Packets
Chapter 5: Advanced Wireshark Features
Chapter 6: Common Lower-Layer Protocols
Chapter 7: Common Upper-Layer Protocols
Chapter 8: Basic Case Scenarios
Chapter 9: Fighting a Slow Network
Chapter 10: Packet Analysis for Security
Chapter 11: Wireless Packet Analysis
Appendix A: Further Reading

View the detailed Table of Contents (PDF)

View the Index (PDF)

(top)

Reviews

"A must-have for anyone who uses Wireshark packet level protocol analysis as part of their network engineering toolkit."
—Joe Bardwell, President, Connect802 Corporation

"It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers."
—The Ethical Hacker Network (Read More)

"The book organization invites me to keep it at hand for troubleshooting. The next time I investigate a slow network, I'll turn to Practical Packet Analysis, 2nd Edition, chapter 9. And that's perhaps the best praise I can offer on any technical book."
—Michael W. Lucas, Author of Network Flow Analysis (Read More)

"Practical Packet Analysis, Second Edition stands out as a book that's a very useful learning resource, and one that makes the learning process a lot of fun."
—Peter N.M. Hansteen, That Grumpy BSD Guy (Read More)

"An excellent introduction to the art of network sniffing and the use of Wireshark."
—InfoSec Reviews (Read More)

"This book is an excellent tool for any system administrator to gain useful troubleshooting skills."
—DragonFly BSD Digest (Read More)

"The book is written in a very readable style and is certainly informative in a very practical way."
—New Signature (Read More)

"Provides an excellent jump-start for novices, especially those who aren't too familiar with Wireshark."
—PacketLife.net (Read More)

"An excellent resource for anyone involved or interested in network management and administration."
—TCM Reviews (Read More)

"I would recommend this book to beginners for the purposes of getting up to speed with Wireshark quickly."
—PacketsPerSecond (Read More)

"Sanders does a wonderful job of explaining the intricacies of Wireshark's packet filters as well as revealing the power of its statistics and analysis windows, where solutions often lie."
—Ric Getter, MacDirectory (Read More)

"Where this book really scores is in the step-by-step analysis of typical networking problems and how you need to interpret the captured packets."
—Network Security Newsletter

"I'd recommend this book to junior network analysts, software developers and newly minted MCSE/CISSP/etc.—folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems."
—Gunter Ollmann, Technical Info (Read More)

"Practical Packet Analysis is a must have for both the person just starting out in network troubleshooting as well as the seasoned professional who would like to refine their skillset."
—Digital Overdrive (Read More)

"I would recommend it to anyone interested in dealing with networking issues, from students of various computing disciplines to seasoned network administrators and their staff, to project managers."
—Janusz Zalewski, Computing Reviews

"This book is highly recommended."
—Kramses Blog (Read More)

"If you are not looking to jump in at the deepend, but learn something new about Wireshark, and how common protocols work then this book is for you."
—The Unofficial MARS Blog (Read More)

"A great book for the IT administrator who wants to quickly get started using Wireshark."
—Sean Walberg, ertw.com (Read More)

"For those who need an introduction to isolating and capturing packets, reading them, and solving common problems by analyzing them, this is the most readable book of its kind I have come across."
—Michael Ernest, JavaRanch (Read More)

(top)