Security book reviews from inside the infosec industry.

Practical Packet Analysis Review (2nd Edition)



Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems is a fairly deep book well suited for those looking to roll up their sleeves and get their hands dirty with in-depth network analysis. While it's not quite a missing manual for wireshark, it's certainly useful for anyone looking to get more intimate with everyone's favourite packet sniffer.

Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems 2nd Edition

Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems like many of the other books I've reviewed has a ridiculously long title, but isn't as long a book as I expected, clocking at around the 240 pages mark. The book starts pretty much at ground level, assuming no experience with the OSI model, packet analysis or packet sniffers. Examples are provided with packet captures that can be downloaded from the site for ease of work, which I found a nice touch.

The first few chapters focus on the basics and if you're like me you'll probably want to skip your way through them. There were a few things in there that were worth a refresh, and to be fair it's a while since I've spent some time going through network theory so it gave me a good opportunity to dust out the cobwebs. Wireshark isn't installed until Chapter 3, and spending almost a whole chapter on installing what is one of the easiest to install pieces of network analysis software I've ever seen is pushing it a little in my view. Chapter 4 goes through some basic functionality leading up to filters, but it's probably Chapter 5 that most old hands would start with, where we start looking at protocol dissectors, conversations and statistics. This is then followed by two chapters covering protocols going up the stack from ARP to HTTP. While these start off with theoretical descriptions there are screenshots of wireshark parsing the protocols with relevant sections pointed out, which I imagine would be pretty useful to someone new to packet analysis.

There's then some real world examples which are a little outdated (It's hard to get HTTP out of Twitter and Facebook these days) and a little on troubleshooting. The book finally wraps up with some bits on security and wireless traffic analysis, which has some good theory, although I hope the WEP analysis was put in for completeness rather than padding's sake. I would've liked to see something about WPA Enterprise troubleshooting as I think that's probably more useful for someone reading this chapter.

Overall the book was pretty well written. The author tends to take the approach of providing some background, demonstrating the task at hand and walking the reader through exactly what needs to be done, and for a tool book it works very well. There are things that those familiar with Wireshark or it's predecessor Ethereal will learn if they take the time, but people with lots of network experience and time handling tools like tcpdump or scapy aren't really the target audience for this book.

If you're new to packet analysis or only slightly familiar with TCP/IP networking and are looking to learn more then this is probably worth a buy. Those with serious network skills will probably want to have a peek at someone else's copy but maybe borrow rather than buy in a pinch.

Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems 2nd edition review score: 4/5.

Practical Packet Analysis - Using Wireshark to Solve Real-World Network Problems 2nd edition* is available from Amazon. (What's the *?)

If you like what you've read, please feel free to tip me in bitcoin at 17zNBi3CDhuoaqHJmfyCMNzQcjttiD7e7W

Creative Commons License
Security Book Reviews is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.