by Chris Sanders
July 2011, 280 pp.
It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network?
With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You'll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you're on your way to packet analysis proficiency.
Learn how to:
Practical Packet Analysis is a must for any network technician, administrator, or engineer. Stop guessing and start troubleshooting the problems on your network.
About the Author
Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.
Table of Contents
Chapter 1: Packet Analysis and Network Basics
View the detailed Table of Contents (PDF)
View the Index (PDF)(top)
"The book is put together in a smart, yet very readable fashion and honestly made me excited to read about packet analysis. Wireshark is a great tool and something every network administrator or engineer should know about."
"I'd recommend this book to junior network analysts, software developers, and the newly minted CSE/CISSP/etc.—folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems."
"The next time I investigate a slow network, I'll turn to Practical Packet Analysis, chapter 9. And that's perhaps the best praise I can offer on any technical book."
"An essential book if you are responsible for network administration on any level."
"I really enjoyed this book. Any book that talks about how a protocol works, ties it to real life troubleshooting and security scenarios, and then seals the deal with using a tool is a winner in my book."
"I recommend this book to folks that aren’t Wireshark experts. (Even those who have plenty of Wireshark experience may pick up a new trick or two.)"
"An excellent jump-start for novices."
"Where this book really scores is in the step-by-step analysis of typical networking problems and how you need to interpret the captured packets."
"It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers."
"Stands out as a book that's a very useful learning resource, and one that makes the learning process a lot of fun."
"A great way to start learning the tools to understand what is going on under the hood of networks."
"Very informative. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with Wireshark."
"Are there unknown hosts chatting away with each other? Is my machine talking to strangers? You need a packet sniffer to really find the answers to these questions. Wireshark is one of the best tools to do this job and this book is one of the best ways to learn about that tool."
"Perfect for the beginner to intermediate."