Practical Packet Analysis, 3rd Edition

Practical Packet Analysis, 3rd Edition

Using Wireshark to Solve Real-World Network Problems
by Chris Sanders
April 2017, 368 pp.
ISBN-13: 
9781593278021

It’s easy to capture packets with Wireshark, the world’s most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what’s happening on your network?

Updated to cover Wireshark 2.x, the third edition of Practical Packet Analysis will teach you to make sense of your packet captures so that you can better troubleshoot network problems. You’ll find added coverage of IPv6 and SMTP, a new chapter on the powerful command line packet analyzers tcpdump and TShark, and an appendix on how to read and reference packet values using a packet map.

Practical Packet Analysis will show you how to:

  • Monitor your network in real time and tap live network communications
  • Build customized capture and display filters
  • Use packet analysis to troubleshoot and resolve common network problems, like loss of connectivity, DNS issues, and slow speeds
  • Explore modern exploits and malware at the packet level
  • Extract files sent across a network from packet captures
  • Graph traffic patterns to visualize the data flowing across your network
  • Use advanced Wireshark features to understand confusing captures
  • Build statistics and reports to help you better explain technical network information to non-techies

No matter what your level of experience is, Practical Packet Analysis will show you how to use Wireshark to make sense of any network and get things done.

Author Bio 

Chris Sanders is a computer security consultant, researcher, and educator. He is the author of Applied Network Security Monitoring and blogs regularly at ChrisSanders.org. Chris uses packet analysis daily to catch bad guys and find evil.

Table of contents 

Introduction

Chapter 1: Packet Analysis and Network Basics
Chapter 2: Tapping into the Wire
Chapter 3: Introduction to Wireshark
Chapter 4: Working with Captured Packets
Chapter 5: Advanced Wireshark Features
Chapter 6: Packet Analysis on the Command Line
Chapter 7: Network Layer Protocols
Chapter 8: Transport Layer Protocols
Chapter 9: Common Upper-Layer Protocols
Chapter 10: Basic Real-World Scenarios
Chapter 11: Fighting a Slow Network
Chapter 12: Packet Analysis for Security
Chapter 13: Wireless Packet Analysis

Appendix A: Further Reading
Appendix B: Navigating Packets

View the detailed Table of Contents (PDF)
View the Index (PDF)

Reviews 

Read Chris Sanders’ blog post about the third edition release of Practical Packet Analysis!

"If you are looking for a comprehensive guide on Wireshark, I highly recommend this book. It goes into great detail about reading pcap files and even has example files that you can download and examine yourself. Its technically written like a textbook but with much more laidback and easy to understand feel."
—Cyber Intellect

“The book is clearly written and is both an easy read and a valuable resource for when you have to do packet analysis.”
Paul Baccas

Praise for Practical Packet Analysis:

“A wealth of information. Smart, yet very readable, and honestly made me excited to read about packet analysis.”
—Lauren Malhoit, TechRepublic

“Well written, insightful, thorough, and practical, this book will be valuable to anyone wanting to understand and analyze network traffic. Even if you're starting from scratch, you're likely to love this book.”
Computer World

“I'd recommend this book to junior network analysts, software developers, and the newly minted CSE/CISSP/etc.—folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems.”
—Gunter Ollmann, Chief Technical Officer of IOActive, Technical Info

“The next time I investigate a slow network, I'll turn to Practical Packet Analysis. That's perhaps the best praise I can offer on any technical book.”
Michael W. Lucas, author of Absolute FreeBSD and Network Flow Analysis

“An essential book if you are responsible for network administration on any level.”
—James Pyles, Linux Pro Magazine

“I recommend this book to folks that aren’t Wireshark experts. (Even those who have plenty of Wireshark experience may pick up a new trick or two.)”
—Jim Clausing, SANS Internet Storm Center Diary

"An excellent jump-start for novices."
—Jeremy Stretch, PacketLife.net

“This book really scores in the step-by-step analysis of typical networking problems and how you need to interpret the captured packets.”
—Network Security Newsletter

“It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers.”
—J. Oquendo, The Ethical Hacker Network

“Stands out as a book that's a very useful learning resource, and one that makes the learning process a lot of fun.”
—Peter N.M. Hansteen, author of The Book of PF

“Very informative. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with Wireshark.”
—Daniel Boland, Linuxsecurity.com

“Are there unknown hosts chatting away with each other? Is my machine talking to strangers? You need a packet sniffer to really find the answers to these questions. Wireshark is one of the best tools to do this job and this book is one of the best ways to learn about that tool.”
—Brian Turner, Free Software Magazine

“Perfect for the beginner to intermediate.”
—Daemon News

“A critically important addition to personal, professional, community, and academic library Computer Science collections.”
—Midwest Book Review

"If you want to understand Wireshark, it is the best book on the market, and it’s from the greatest publisher of technical books, No Starch Press. The book really digs into the details of Wireshark and teaches a lot of tips and tricks to make your life easier when performing packet analysis on large chunks of data. I highly recommend picking this book up either to read or just to keep as a handy reference guide. I have multiple copies of it on my shelf, and frequently recommend it to my students."
—Tyler Reguly, Tripwire

"A great read."
—Keith Hoodlet, @securingdev

Extra Stuff 

Hashes for ppa3ecaptures.zip
MD5: C532A797958649D821BC2EDBC3A2DDD9
SHA1: 7887C73BDB0F9BA1AF7FADBE01F1F0AAF2F2D5C6
SHA256: 6EC7B9B0D1E88AE957D9B40FE9FD992316DD0619191FBA11582FC567D556C87E

Updates 

View the latest errata.