Practical Packet Analysis
No Starch Press; Second Edition (July 6, 2011)
Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.
The book is divided into four general sections. The first section (chapters 1 and 2) describe network sniffing, how it can be done and why it should be done. These two chapters provide a basis for engineers to capture packets to do analysis, which is often overlooked in the real-world. After all, if you don’t have visibility into a network, it becomes more difficult to troubleshoot and provide security. The second section (chapter 3 – 5) discuss Wireshark in detail. This content is as valuable as it is humorous. Sanders does an excellent job keeping the text lively, when it’s really just about 1’s and 0’s inside headers. The third section (chapter 6 – 7) is my favorite. Discussing wire tapping is exciting, showing wire captures explains plenty, but understanding the protocols themselves is the can’t-live-without piece that ties everything together. The fourth and final section (chapter 8-11) is where Sanders really earns his keep. This is the part where the practical applications and problems are described, detailed and discussed…from troubleshooting to security to wireless. Fantastic stuff.
If it isn’t apparent already, I really enjoyed this book. I’ve been using Wireshark since the Ethereal days and am no stranger to packet analysis – as we network janitors know, it’s sometimes the best way to discover and solve problems. I was stuck, however, how much I didn’t know about Wireshark. On multiple occasions, I caught myself saying, “Really? I didn’t know you could do that!” Any book that talks about how a protocol works, ties it to real life troubleshooting and security scenarios and then seals the deal with using a tool is a winner in my book (pun intended).