Archive for the ‘Book Review’ Category

Practical Packet Analysis, 2nd Edition. Copyright © 2011 by Chris Sanders. No Starch Press, Inc (255 pages).

Author Chris Sanders is a computer security consultant, currently working for the US Government. He is CISSP certified, & blogs at

The author admits “nothing beats real-world experience”, but argues “the closest you can come to that experience in a book is through practical examples of packet analysis with real-world scenarios”.


Chapters 1 to 3 (of 12) take the reader over the very basics of data communication & data networks. A chapter is devoted to how & where to take live packet traces, followed by one on installing & using Wireshark.

The majority of the book is “devoted entirely to practical cases that you could easily encounter in day-to-day network management.”

The book’s mid-section consists of examples of how to use Wireshark to analyse common protocol behaviours including ARP, IP, TCP & UDP, ICMP, DHCP, DNS & HTTP.

Chapter 8, entitled “Real World Scenarios” is superflous. It describes the use of Wireshark analysis to examine Twitter & Facebook login authentication, & analyses traffic generated by accessing

The final 3 chapters return to the general theme of practical i.e. “real-world” trace analysis. TCP error-recovery & flow control is demonstrated. Troubleshooting high transaction latency is demonstrated. Security breaches such OS fingerprinting & SYN scanning & some examples of hacker exploits such as ARP Cache Poisoning are demonstrated.

The book closes with a chapter on Wireless packet tracing, including a brief overview of 802.11 packet structures & 802.11-specific filters.

This chapter is also useful in demonstrating WEP & WPA authentication processes.

As an experienced user, I found the final section, “Further Reading” most useful. It lists & describes various packet analysis tools & other related online resources.

All capture files used in the demonstrations are available at

All author proceeds from the book go to the Rural Technology Fund


The book is effectively a short-cut to acquiring expertise in Wireshark use. For an already-experienced user, the final chapter is probably of most use. Other material such as that on the Berkely Packet Filter syntax (which I’ve found under-documented by tcpdump man pages) & the brief description of protocol dissectors & how to get access to dissector source code, were highlights.

I would recommend a future enhancement to include more on Display Filters. The useful Analyze->Prepare a Filter or Analyze->Apply as Filter functionality deserves more attention.

The author does not specify which version of Wireshark with which he was working when producing the book, hence I can only assume this functionality was not supported at the time.

In summary I would recommend this book to beginners for the purposes of getting up to speed with Wireshark quickly.

Available from:

Enterprise Network Testing. Testing Throughout the Network Lifecycle to Maximize Availability and Performance by Andy Sholomon (CCIE 15179) & Tom Kunath (CCIE 1679); Cisco Press 1st Edition April 2011.

Authors Andy Sholomon & Tom Kunath work as a Network Consulting Engineer & Solutions Architect respectively at Cisco. Sholomon plans & performs network testing for Enterprise customers while Kunath designs & tests in a consulting role.

They note in the introduction that “network testing has become mandatory in many organizations and is a critical step toward meeting the expectations of near-zero downtime”. They correctly highlight the demand for the book: “There is currently a void in publications that address test methodologies as they relate to the enterprise network lifecycle”, and proceed to identify the book’s goals.


The book is structured according to its three main goals; the first of which is to establish the (often underestimated) importance of systems testing within the enterprise network architecture strategy, along with differentiating the types of testing which support decisions made during the network lifecycle. Interestingly, a business blueprint for developing a test organization & lab facility is outlined.

The second goal of the book is to provide a series of use cases studies, from “Proof of Concept” to “Network Ready for Use”. These build on the largely theoretical subject matter discussed above.

Thirdly, detailed test plans, including Data Center 3.0 Architecture, IPv6, & MPLS/VPN Scalability testing are defined, which can be customised & applied by the reader. More specifically, the goal of Part III is to help the reader “understand which design aspects should be analyzed for different technologies and places in the network, and how to structure a successful test plan”.

The first goal is achieved by approaching the subject of Enterprise Network Testing from 3 angles; firstly (in Chapter 1), by defining the business rationale for any investment in network testing. This chapter provides the reader with a framework to answer their senior executive’s likely queries, one (humorous) example of which is “We tested our WAN two years ago! Why do we need to test it again?”

Chapter 2 covers the second angle: defining requirements for testing throughout the network lifecycle. This Chapter contains a definition of the Cisco Lifecycle Services Approach methodology consisting of 6 phases – PPDIOO (Plan, Prepare, Design, Implement, Operate and Optimize).

Chapters 3 to 5 cover the third angle by including more practical subject matter on test execution.

The first section of the book, as described above is very comprehensive. No one equipment vendor or test solution is specified; the various options are identified (Spirent, Ixia, OPNET, Shunra) although there is no mention of Ostinato.

The need to invest in identifying an accurate traffic model or load, under which all tests should be conducted, needs more emphasis. This baseline traffic is mentioned, but warrants much greater emphasis.

Finally, there is no attention given to results presentation which, in my experience, is almost always not considered as a separate important task. Customers always appreciate well-presented concise test results summaries.

The second goal of the book is achieved with impressive detail. The “Proof of Concept” use case defines a Data Centre, Compute, Storage, LAN, WAN & Virtualisation architecture, & even includes a bill of materials. It was good to see trusty Iometer ( mentioned as the storage test tool. With the architecture & infrastructure defined, this use case elaborates on Test Strategy & details a total of 36 test cases.

The remaining 5 use cases are structured similarly; to a greater or lesser extent the architecture/infrastructure is defined, followed by overall test strategy, & finally the scope & coverage is defined by the list of test cases including a brief description of each.

The 3rd & final part specifies 7 distinct Test Plans. This part is actually more than 50% of the book’s composition. Test cases are specified in even more detail; down to IOS configs & screenshots, and test traffic stream definitions.

The attention to detail reflects the obvious experience of the authors on a practical level.

It is notable that despite the level of details, the test cases lack requirements definitions. As a result the tests’ pass criteria are not well-defined. For example, Chapter 17 “WAN and Application Optimization” includes a Link Failure/Recovery test. Step 6 states “Check to see how long it takes all the traffic to reconverge”.

How can a pass/fail decision be made?


The authors show their deep experience in Network Testing by specifying Use & Test Cases to an impressive level of detail.

The Use & Test Cases are very relevant to most Enterprise Networks & are likely to save the reader time & cost; they are varied enough so that any could be easily adapted to form a basis for other more specific test cases.

To exclude traceability back to requirements specifications is surprising & more emphasis should be put on this.

Finally, an enhancement would be to include a section or chapter on how to manage test results data in order to add value to the internal or external customer.

Available from:

Review: Virtualization: A Manager’s Guide by Dan Kusnetzky; O’Reilly Media, 1st edition June 2011.

Author Daniel Kusnetsky is a founder of, and responsible for, research, publications, and operations at the Kusnetzky Group; an IT consulting, solutions & research provider. It is important to be aware that as Mr. Kusnetsky says, this book ‘is intended to introduce managers or subject matter experts outside of IT to the concepts behind virtualization technology, the different categories of virtualization, and how they are used. It is not meant as a “how to” guide for IT analysts’.


The book begins by explaining what Virtualisation is, and defines an abstract Virtualisation Reference Model consisting of the following hierarchy of layers; from Access Virtualisation down to Application, Process, Networking & Storage, all of which are impacted by Security & Management Virtualisation. The author then defines the Goals of Virtualisation.

The bulk of the book subsequently elaborates on each of these layers of abstraction.

The author describes each layer by methodically asking (and answering) the same questions; i.e. what it is, what does it do, and when it should be used. The industry players, per abstraction layer, are named. Finally, a few deployment examples are given, per abstraction layer.

Chapter 9 is a stand-alone article, the objective of which is to decompose the common industry jargon into the (by now familiar) appropriate abstracted virtualisation layer or layers. For example, “Big Data” typically deploys Storage virtualization (distributed file systems), Virtualised Processing (including memory virtualization) & Management for virtual environments.

Chapter 10, the final chapter, consists of 2 of the book’s 58 pages of subject-matter text, and is entitled “Virtualization Is a Double-Edged Sword”. However, it does not elaborate on the costs & risks of migrating to a virtualised environment beyond an obvious “Using the wrong tool or using the right tool improperly can result in poor performance, higher costs for the organization, and the organization not being able to meet its objectives of virtualisation”


The author is obviously independent & vendor-agnostic. This gives the book credibility and is reassuring to the reader.

Most of the technologies are accompanied by use-cases or examples, which I expect, clarify the intended readership’s common mis-conceptions.

A possible enhancement to the book would be to extend the final chapter to elaborate on when *not* to consider a migration to – or deployment of – a virtualised environment. When would it just not be worth it?

In summary the book addresses its purpose as highlighted above. It is certainly a refreshing read in a technology sector whose literature is so obviously vendor-sponsored. It is pitched about right for it’s intended readership.

Thankfully, the C-word & “SaaS” are referred-to only a couple of times, and are limited to the introductory chapter.

Available from

  • Archive

  • Categories

  • Twitter Updates

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • I review for the O'Reilly Blogger Review Program

%d bloggers like this: