Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Practical packet analysis : using Wireshark to solve real-world network problems (3rd ed.)
Sanders C., No Starch Press, San Francisco, CA, 2017. 368 pp. Type: Book (978-1-593278-02-1)
Date Reviewed: Dec 5 2017

The study of the operation of network protocols, as well as the improvement of a network’s functionality and security, are the main aspects that network packet analysis considers. Known as both a software protocol analysis and a packet sniffer application, Wireshark allows network troubleshooting, analysis, and software and protocol development, and is also a useful tool for networking education.

Without relying on much previous knowledge, this book successfully provides basic information on packet analysis in a network and is based on the practice of the Wireshark tool. It provides facilities not only for the online examination of data traffic in a network, but also for capturing and saving traffic to a file, and then capturing frames to be analyzed later. For each captured package, the program displays detailed information. Wireshark includes its own language for defining filtering phrases and allows rebuilding communication sessions based on captured packets. All these features are richly exemplified in this book, which is an educational and reference text, useful for beginners and intermediate networking specialists. Also, this book will be essential reading for those professionals/practitioners engaged in the networking field.

The book is organized into 13 chapters plus two appendices. The first part of the book comprises three chapters that deal with the concepts of packet analysis and software protocol analysis. Practical examples illustrate these concepts throughout the rest of the book. Chapter 1, “Packet Analysis and Network Basics,” presents an introduction to network communication, packet analysis, and packet sniffers. In chapter 2, “Tapping into the Wire,” some techniques for placing a packet sniffer in a network are presented. It introduces commonly used techniques in networking environments and shows how these apply in practice. Chapter 3, “Introduction to Wireshark,” presents the very basics of Wireshark--installation, basic operations, configuration files, and configuration profiles. Chapter 4, “Working with Captured Packets,” introduces how to interact with captured packets; working with capture files, working with packets, setting time display formats, setting capture options, and using filters are explained in detail. More detailed sections on name resolution, protocol dissection, graphing features, and following packet streams are surveyed in chapter 5, “Advanced Wireshark Features.” Chapter 6, “Packet Analysis on the Command Line,” explains how to install and use TShark and tcpdump for packet analysis.

The following three chapters provide an overview of the most important and common protocols of the OSI network and transport layers and transmission control protocol/Internet protocol (TCP/IP) application layer. Chapter 7, “Network Layer Protocols,” covers address resolution protocol (ARP), Internet protocol version 4 (IPv4), Internet protocol version 6 (IPv6), Internet control message protocol (ICMP), and ICMP version 6 (ICMPv6). Chapter 8, “Transport Layer Protocols,” discusses TCP and user datagram protocol (UDP), while chapter 9, “Common Upper-Layer Protocols,” covers dynamic host configuration protocol (DHCP), domain name system (DNS), hypertext transfer protocol (HTTP), and simple mail transfer protocol (SMTP). These chapters include suggestive network Wireshark captures, which are analyzed for each protocol.

Chapter 10, “Basic Real-World Scenarios,” presents three methodology-based steps for real-word scenarios: giving the problem, an analysis, and a solution. Basic scenarios illustrate the application of this methodology. Chapter 11, “Fighting a Slow Network,” describes how to troubleshoot slow network issues on a network. Chapter 12, “Packet Analysis for Security,” presents how Wireshark helps to perform a security analysis by covering the following topics: reconnaissance attacks, traffic manipulation, malware and exploit kit, and ransomware. In chapter 13, “Wireless Packet Analysis,” physical considerations about wireless communications and 802.11 packet structure are introduced; sniffing wirelessly in Windows, sniffing wirelessly in Linux, wireless-specific filters, and wireless security scenarios based on wireless equivalent privacy (WEP) and Wi-Fi protected access (WPA) authentications are explained in detail.

I would recommend this book to beginner- and intermediate-level users who are minimally familiar with Wireshark and want to learn how it works in the real world. However, this book will improve readers’ knowledge of networking packet analysis, which can be invaluable for those who are looking for a career in information technology (IT) and network administration. All readers who take the time to study and practice Practical packet analysis will quickly become specialists in the networking field.

More reviews about this item: Amazon, Goodreads

Reviewer:  Eugen Petac Review #: CR145695 (1802-0030)
Bookmark and Share
 
Network Monitoring (C.2.3 ... )
 
 
Data Communications (C.2.0 ... )
 
 
General (C.2.0 )
 
 
Performance of Systems (C.4 )
 
Would you recommend this review?
yes
no
Other reviews under "Network Monitoring": Date
Network monitoring explained: design and application
Chiu D., Sudama R., Ellis Horwood, Upper Saddle River, NJ, 1992. Type: Book (9780136147107)
Jun 1 1993
The art of testing network systems
Robert W. J., John Wiley & Sons, Inc., New York, NY, 1996. Type: Book (9780471132233)
Aug 1 1997
RMON
Perkins D., Prentice Hall PTR, Upper Saddle River, NJ, 1999. Type: Book (9780130961631)
Oct 1 1999
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy