Book Review: Practical Packet Analysis, 2nd Edition

July 23, 2011 in Book Review

Practical Packet Analysis, 2nd Edition. Copyright © 2011 by Chris Sanders. No Starch Press, Inc (255 pages).

Author Chris Sanders is a computer security consultant, currently working for the US Government. He is CISSP certified, & blogs at http://www.chrissanders.org/

The author admits “nothing beats real-world experience”, but argues “the closest you can come to that experience in a book is through practical examples of packet analysis with real-world scenarios”.

Summary

Chapters 1 to 3 (of 12) take the reader over the very basics of data communication & data networks. A chapter is devoted to how & where to take live packet traces, followed by one on installing & using Wireshark.

The majority of the book is “devoted entirely to practical cases that you could easily encounter in day-to-day network management.”

The book’s mid-section consists of examples of how to use Wireshark to analyse common protocol behaviours including ARP, IP, TCP & UDP, ICMP, DHCP, DNS & HTTP.

Chapter 8, entitled “Real World Scenarios” is superflous. It describes the use of Wireshark analysis to examine Twitter & Facebook login authentication, & analyses traffic generated by accessing ESPN.com.

The final 3 chapters return to the general theme of practical i.e. “real-world” trace analysis. TCP error-recovery & flow control is demonstrated. Troubleshooting high transaction latency is demonstrated. Security breaches such OS fingerprinting & SYN scanning & some examples of hacker exploits such as ARP Cache Poisoning are demonstrated.

The book closes with a chapter on Wireless packet tracing, including a brief overview of 802.11 packet structures & 802.11-specific filters.

This chapter is also useful in demonstrating WEP & WPA authentication processes.

As an experienced user, I found the final section, “Further Reading” most useful. It lists & describes various packet analysis tools & other related online resources.

All capture files used in the demonstrations are available at
http://www.nostarch.com/packet2.htm

All author proceeds from the book go to the Rural Technology Fund
http://www.ruraltechfund.org

Conclusion

The book is effectively a short-cut to acquiring expertise in Wireshark use. For an already-experienced user, the final chapter is probably of most use. Other material such as that on the Berkely Packet Filter syntax (which I’ve found under-documented by tcpdump man pages) & the brief description of protocol dissectors & how to get access to dissector source code, were highlights.

I would recommend a future enhancement to include more on Display Filters. The useful Analyze->Prepare a Filter or Analyze->Apply as Filter functionality deserves more attention.

The author does not specify which version of Wireshark with which he was working when producing the book, hence I can only assume this functionality was not supported at the time.

In summary I would recommend this book to beginners for the purposes of getting up to speed with Wireshark quickly.

Available from:
http://oreilly.com/catalog/9781593272661/

About these ads

Leave a Comment

    « Book Review: Enterprise Network Testing, Cisco Press 1st Edition April 2011.
    Commentary on Test Report: “How we tested Cisco’s Catalyst switch” »

    Leave a Reply

    Fill in your details below or click an icon to log in:

    Gravatar
    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Cancel

    Connecting to %s

  • Archive

  • Categories

  • Twitter Updates

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • I review for the O'Reilly Blogger Review Program
%d bloggers like this: