Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems
by Chris Sanders

May 2007, 172 pp.
ISBN: 978-1-59327-149-7
Contents | Reviews | Updates

New edition now available!

View a sample chapter, Chapter 6: Common Protocols

Download the sample capture files here: .zip [*]

It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.

Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:

  • Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more
  • Build customized capture and display filters
  • Tap into live network communication
  • Graph traffic patterns to visualize the data flowing across your network
  • Use advanced Wireshark features to understand confusing packets
  • Build statistics and reports to help you better explain technical network information to non-technical users

Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

Technical review by Gerald Combs, creator of Wireshark

About the Author

Chris Sanders is the network administrator for the Graves County Schools in Kentucky, where he manages more than 1,800 workstations, 20 servers, and a user base of nearly 5,000. His website,, offers tutorials, guides, and technical commentary, including the very popular Packet School 101. He is also a staff writer for and He uses Wireshark for packet analysis almost daily.

* Because of their contents, the capture files in this zip file may set off false positives in your anti-virus program. To confirm that you have the files that Chris is using in his book, make sure that the zip file you downloaded has the following MD5 sum: 8d8ccf467ac54b0ff3c091c50bf5ff6d

A complete listing of the MD5 sums of individual files is available here

Table of Contents

Chapter 1: Packet Analysis and Network Basics
Chapter 2: Tapping into the Wire
Chapter 3: Introduction to Wireshark
Chapter 4: Working with Captured Packets
Chapter 5: Advanced Wireshark Features
Chapter 6: Common Protocols
Chapter 7: Basic Scenarios
Chapter 8: Fighting a Slow Network
Chapter 9: Security-based Analysis
Chapter 10: Sniffing into Thin Air
Chapter 11: Further Reading



"Perfect for the beginner to intermediate. I enjoyed it."
Daemon News

"Practical Packet Analysis is an essential book if you are responsible for network administration on any level. Sanders provides something for both the student and the guru alike. The book covers both Linux and Windows and recognizes the heterogeneous nature of networking. Chris Sanders deserves kudos for writing a book that is both a textbook and a reference for network managers."
Linux Pro Magazine (Read More)

Practical Packet Analysis "is easy to read, easy to follow and the graphics are very readable. The scenarios are very detailed and reality based. All in all, if you need to get the basics of packet analysis down pat, this is a very good place to start."
State of More)

"If you're interesting in dipping your toes into packet analysis and putting yourself in a position where you can learn a bunch and keep on learning on your own once you've built up your foundation, then [Practical Packet Analysis] is a great book for you."

"Knowing what information is traveling across your network is what keeps you out of trouble. Are there unknown hosts chatting away with each other? Is my machine talking to strangers? You need a packet sniffer to really find the answers to these questions. Wireshark is one of the best tools to do this job and [Practical Packet Analysis] is one of the best ways to learn about that tool. Chris Sanders, the author of this handy book, brings you the information cleanly and clearly. His style is to walk you through exactly what to do. This method works well and the book is quite readable."
Free Software Magazine(Read More)

Practical Packet Analysis "covers the basics in everyday language that a relatively competent IT person (who's not a network geek) can understand....For those who dabble a bit in packet analysis as part of their job, this book will take you past the bare essentials to a more complete understanding of just what you can do. And for newbies like me, it opens a whole new world that was somewhat incomprehensible before..."
Duffbert's Random Musings (Read More)

Practical Packet Analysis "does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what reader can do with WireShark."
LinuxSecurity (Read More)