Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Review: Practical Packet Analysis Print E-mail
User Rating:      How can I rate this item?
Posted by Administrator   
Book Reviews Everybody, from seasoned network administrators to people that just use the Internet to check the TV listings, will experience network problems at some point. Despite their varied technical knowledge, there is one tool that everybody can use: Wireshark. What's the quickest way to learn this fantastic tool? Read Practical Packet Analysis, by Chris Sanders, which provides all the basic information anybody needs to start troubleshooting their network.

Date: June 06, 2007


Title Practical Packet Analysis
Authors Chris Sanders
Pages 192
ISBN 1-59327-149-2
Publisher No Starch Press
Edition 1st edition (May 2007)


Practical Packet Analysis does a fairly god job of assuming a reader has no understanding about network communications and attempts to fill in the knowledge gap. At the same time, seasoned computer users will find the introduction chapters short and to the chase, giving the more intermediate to advanced level readers a quick refresher on network fundamentals.

This book is about 'Packet Analysis' in the context of network troubleshooting. While anyone that intends to use Wireshark will probably benefit from this book, people looking for a howto on conduction of non-orthodox network activity should probably look elsewhere; the author only mentions such activities in passing or in the context of diagnosing a network.


The book was written by Chris Sanders, who is the perfect person to write a book on the practical uses of a tool like Wireshark. As the network administrator of the Graves County Schools in Kentucky, he manages more the 1,800 workstations and 20 servers. Additionally he is a staff writer for and WindowsDevCenter,com and the author of the very popular article series Packet School 101.

With the first two chapters, the book starts out with an explanation of the fundamentals of network communications and gives a general idea of what packet analysis is and what it can be used for. It then goes on to explain the various ways to physically connect to a network for packet analysis. Sanders does a good job of breaking down these somewhat complicated topics and presents the reader with the information they need to effectively read and use the rest of the book.

The author then spends 3 chapters explaining Wireshark; first how to install and set it up, and then how to use it. Sanders explains simple topics like how to capture packets, create capture and display filters, and save your filters and captured packets. He then goes on to talk about more advanced features such as name resolution, protocol dissection, and following TCP streams. After these chapters, a reader should have a fairly good grasp of how to use Wireshark,

After all the introduction and basic information about networks and Wireshark has been dealt with, the fun really starts. The remaining chapters cover everything that a reader will need to start investigating their own network problems. The author starts out by showing readers common trace files of the more popular protocols, i.e.the protocols the reader will most likely work with. This chapter is crucial to doing any real packet analysis. Sanders explains what each protocol's captured packets look like and how they use the information in them to accomplish their tasks. He then spends the remaining chapters presenting the reader with real life examples. The examples start out simple, such as discovering hidden programs that are accessing the network and figuring out where the network configuration errors are. After which he explains more advanced topics such as covertly listening to another workstations communications and diagnosing wireless network issues.


This book was very informative and held up to the key word in it's title 'Practical'. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with WireShark. Most readers will not have a problem following along with the examples, even if they are shaky on some of the advanced network theory.

The author did a great job of covering a wide range of typical network problems. When faced with an unknown problem, readers should be able to easily flip through the examples till they find one that is similar to their problem and then diverge as necessary to solve their issue.

Review by: Daniel Boland

Written by Nobody on 2007-08-14 04:31:29
If English is your native language, you should be embarrased Such trivial errors as misuse of 'there' in place of 'their' and 'right' in place of 'write' make you look foolish, and tarnish what little reputation you might have. 
Of course if English is not your native language, you may ignore my comments.
grammar naziWritten by someguy on 2007-09-01 04:16:07
I'll take his bad grammar over you being a prick.
GrammarWritten by Ms. Ziff on 2007-11-19 17:20:29
It is important for all of us to use well written English. For Mr. Boland it is even more important since he is a journalist.
of course it's importantWritten by reader on 2008-06-26 11:56:18
...but not being a prick is even more important.
oh, and...Written by a reader on 2008-06-26 11:59:00
...I appreciated the review! The content of the review tells me that this is the kind of book I'm looking for. Thanks!!!

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.