Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd Ed. – #bookreview

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems – 2nd Edition
By Chris Sanders
(No Starch  Press, $49.95, paperback)

“A million different things can go wrong with a computer network on any given day – from a simple spyware infection to a complex router configuration error – and it’s impossible to solve every problem immediately,” notes the author of this well-written and nicely structured guidebook, Practical Packet Analysis.

“To better understand and solve network problems, we go to the packet level. Here, nothing is hidden from us — nothing is obscured by misleading menu structures, eye-catching graphics, or untrustworthy employees,” Chris Sanders writes.

His how-to manual for Wireshark is aimed not only at expert packet analysts but also newcomers to the process of using “packet sniffing” to solve common network problems such as malware infections, loss of connectivity, slow performance, printers running amok, and other issues.

This new second edition “contains almost all new content, with completely new capture files and scenarios,” the author states.  Mastering the scenarios is particularly important, he adds, because the concepts they cover can apply to many real-world packet analysis situations.

The popular packet sniffing software known as Wireshark has its roots in Ethereal, which gives it a “rich history,” he points out. “Gerald Combs, a computer science graduate of the University of Missouri at Kansas City, originally developed it out of necessity. The very first version of Combs’ application, called Ethereal, was released in 1998 under the GNU Public License (GPL).”

Several years later, however, Combs was unable to obtain Ethereal’s trademark, so  he spun off another product, Wireshark, which has “grown dramatically in popularity, and its development team now boasts over 500 contributors.”

The introduction and first two chapters of Practical Packet Analysis help the reader get up to speed on the basics of packet analysis. Routers, switches and hubs, the three main devices on a modern network, “each handle traffic differently, [so] you must be very aware of the physical setup of the network you are analyzing,” Chris Sanders cautions.

Indeed, he adds, “it is sometimes more difficult to place a packet sniffer on a network’s cabling system than it is to actually analyze the packets.” Fortunately, he presents some clear illustrations of where and how to position packet sniffers and how to use capabilities such as Address Resolution Protocol (ARP) cache poisoning (or “ARP spoofing”) to intercept traffic and get help from the popular security software package Cain & Abel.

An important goal in packet analysis, he contends, is the ability “to see every packet sent across the wire so that we don’t risk missing some crucial piece of information.”

Practical Packet Analysis is 255 pages long and has the following structure:

    • Introduction
    • Chapter 1: Packet Analysis and Network Basics
    • Chapter 2: Tapping into the Wire
    • Chapter 3: Introduction to Wireshark
    • Chapter 4: Working with Captured Packets
    • Chapter 5: Advanced Wireshark Features
    • Chapter 6: Common Lower-Layer Protocols
    • Chapter 7: Common Upper-Layer Protocols
    • Chapter 8: Basic Real-World Scenarios
    • Chapter 9: Fighting a Slow Network
    • Chapter 10: Packet Analysis for Security
    • Chapter 11: Wireless Packet Analysis
    • Appendix: Further Reading
    • Index (15 pages)

The appendix provides a brief introduction to a number of other packet analysis tools and resources.

The book’s index is expanded by 50% over the 1st edition and is nicely detailed by topic.

Along with packet analysis basics, some of the other major topics covered in the text are: (1) building customized capture and display filters; (2) monitoring and tapping into live network communications; (3) generating and using traffic pattern graphs to visualize network data flow; (4) creating reports and statistics that help non-technical users better understand a network’s technical information; and (5) using Wireshark’s advanced features to analyze confusing packet captures.

According to the author’s statements in the Introduction and on the back cover: “All of the author’s royalties from this book will be donated to the Rural Technology Fund (http://ruraltechfund.org).” The fund provides scholarships to “students living in rural communities who have a passion for computer technology and intend to pursue further education in that field.”

The author notes that Wireshark can be downloaded for free and used “for any purpose, whether personal or commercial.” The software “supports all major modern operating systems, including Windows, Mac OS X, and Linux-based platforms.”

Wireshark’s system requirements are: (1) a 400 MHz (or faster) processor; (2) at least 128 MB RAM; (3) at least 75 MB of available disk storage space; (4) a network interface card (NIC) that supports “promiscuous mode”; and (4) WinPcap capture driver. Promiscuous mode allows a network card to “listen for all network traffic on its particular network segment.”

The book’s author is a computer security consultant, author, and researcher. He writes regularly for WindowSecurity.com and his blog, ChrisSanders.org.

If you need or want to know what happens at the packet level in a computer network and how to identify and fix network problems, definitely consider getting this compact, thorough and well-illustrated how-to guide.

Si Dunn

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s