Review: Practical Packet Analysis
Posted by Administrator   
Book Reviews Everybody, from seasoned network administrators to people that just use the Internet to check the TV listings, will experience network problems at some point. Despite their varied technical knowledge, there is one tool that everybody can use: Wireshark. What's the quickest way to learn this fantastic tool? Read Practical Packet Analysis, by Chris Sanders, which provides all the basic information anybody needs to start troubleshooting their network.

Date: June 06, 2007

Vitals:

Title Practical Packet Analysis
Authors Chris Sanders
Pages 192
ISBN 1-59327-149-2
Publisher No Starch Press
Edition 1st edition (May 2007)
Purchase http://www.nostarch.com/packet.htm

Audience:

Practical Packet Analysis does a fairly god job of assuming a reader has no understanding about network communications and attempts to fill in the knowledge gap. At the same time, seasoned computer users will find the introduction chapters short and to the chase, giving the more intermediate to advanced level readers a quick refresher on network fundamentals.

This book is about 'Packet Analysis' in the context of network troubleshooting. While anyone that intends to use Wireshark will probably benefit from this book, people looking for a howto on conduction of non-orthodox network activity should probably look elsewhere; the author only mentions such activities in passing or in the context of diagnosing a network.

Summary:

The book was written by Chris Sanders, who is the perfect person to write a book on the practical uses of a tool like Wireshark. As the network administrator of the Graves County Schools in Kentucky, he manages more the 1,800 workstations and 20 servers. Additionally he is a staff writer for WindowsNetworking.com and WindowsDevCenter,com and the author of the very popular article series Packet School 101.

With the first two chapters, the book starts out with an explanation of the fundamentals of network communications and gives a general idea of what packet analysis is and what it can be used for. It then goes on to explain the various ways to physically connect to a network for packet analysis. Sanders does a good job of breaking down these somewhat complicated topics and presents the reader with the information they need to effectively read and use the rest of the book.

The author then spends 3 chapters explaining Wireshark; first how to install and set it up, and then how to use it. Sanders explains simple topics like how to capture packets, create capture and display filters, and save your filters and captured packets. He then goes on to talk about more advanced features such as name resolution, protocol dissection, and following TCP streams. After these chapters, a reader should have a fairly good grasp of how to use Wireshark,

After all the introduction and basic information about networks and Wireshark has been dealt with, the fun really starts. The remaining chapters cover everything that a reader will need to start investigating their own network problems. The author starts out by showing readers common trace files of the more popular protocols, i.e.the protocols the reader will most likely work with. This chapter is crucial to doing any real packet analysis. Sanders explains what each protocol's captured packets look like and how they use the information in them to accomplish their tasks. He then spends the remaining chapters presenting the reader with real life examples. The examples start out simple, such as discovering hidden programs that are accessing the network and figuring out where the network configuration errors are. After which he explains more advanced topics such as covertly listening to another workstations communications and diagnosing wireless network issues.

Opinion:

This book was very informative and held up to the key word in it's title 'Practical'. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real life examples of what to do with WireShark. Most readers will not have a problem following along with the examples, even if they are shaky on some of the advanced network theory.

The author did a great job of covering a wide range of typical network problems. When faced with an unknown problem, readers should be able to easily flip through the examples till they find one that is similar to their problem and then diverge as necessary to solve their issue.

Review by: Daniel Boland

Comments
Written by Nobody on 2007-08-14 04:31:29
If English is your native language, you should be embarrased Such trivial errors as misuse of 'there' in place of 'their' and 'right' in place of 'write' make you look foolish, and tarnish what little reputation you might have. 
 
Of course if English is not your native language, you may ignore my comments.
grammar naziWritten by someguy on 2007-09-01 04:16:07
I'll take his bad grammar over you being a prick.
GrammarWritten by Ms. Ziff on 2007-11-19 17:20:29
It is important for all of us to use well written English. For Mr. Boland it is even more important since he is a journalist.
of course it's importantWritten by reader on 2008-06-26 11:56:18
...but not being a prick is even more important.
oh, and...Written by a reader on 2008-06-26 11:59:00
...I appreciated the review! The content of the review tells me that this is the kind of book I'm looking for. Thanks!!!

Only registered users can write comments.
Please login or register.

Powered by AkoComment!