Title: Practical Packet Analysis
Author(s): Chris Sanders
ISBN10: 1593271492
ISBN13: 978-1593271497
Publisher: No Starch Press
Cost: $39.95
Format: Soft Cover, 192 pages
Published: May 2007
Once again I am impressed with a No Starch Press book. Practical Packet Analysis is a wonderful, simple to use and well laid out guide to getting useful information out of captured packets. Wireshark is the tool used to capture and analyze the data. What this book does is open up the world of the packet, showing what information can be gleaned from them and how to apply this to solve problems you’ll encounter in the real world. This is a great book for someone just diving into network administration or someone who’s going to be responsible for basic network troubleshooting.
While not a huge book, PPA covers a lot of information. It is composed of 11 chapters, an index, a forward and afterward.
Chapter 1, Packet Analysis and Network Basics is just that – an introduction to the basics (including the dreaded 7 layer OSI cake).
Chapter 2 – Tapping into the Wire discusses where a packet capture program or device should sit to maximize benefits.
Chapter 3 – Introducing Wireshark and Chapter 4 – Working with Captured Packets covers the basics of Wireshark, a packet capture and analysis suite which is free to download and use.
Chapter 5 – Advanced Wireshark Features covers just that – from diving into network protocols to input/output graphing.
Chapter 6 – Common Protocols is an introduction to such things as ARP, DHCP, TCP/IP, and the various ways they talk to network nodes.
Chapter 7 through 10 cover basic packet analysis as used to troubleshoot common problems. From dropped connections, slow networks, hijacked browsers, unreachable ports, determining when the issues actually isn’t a network issue (and may in fact occur somewhere between the chair and the keyboard) and plenty of other scenarios.
Chapter 11 – Further Reading is the shortest chapter in the book, just a few pages long, but has a ton of interesting links that can further understanding of networks, packet analysis and diagnosing problems.
Along with the book itself, No Starch has resources available online (which are detailed in the book as well) at http://www.nostarch.com/packet.htm in the form of captured packets. These packets form the examples in the book and it’s helpful to be able to download and view them as you’re learning to work with them.
As an open source enthusiast who’s used Wireshark before, I’m glad that Sanders has chosen it as his tool. It’s quite robust, relatively easy to use and best of all it’s free. With this book and Wireshark you’re well on your way to troubleshooting networking problems as a hobby or professionally.
Sanders writes with a clear, laid-back style that’s easy to follow. The book is designed to introduce networking concepts to the reader first using diagrams and pictures where possible and then move seamlessly into capturing, viewing and analyzing real network traffic. It’s not a hard read (I finished it in one night) and read once allows for easy access to network analysis. Sitting down with PPA for an hour on my home network allowed me to find all sorts of interesting bits of information simply by following the examples. After investing about 4 hours total using examples and techniques in PPA I was able to diagnose an existing malware infection on my XP machine and watch the effects of turning on and off ports via my firewall.
Don’t mistake PPA as a be all, end all guide to monitoring your networks and solving every problem down the line. Do know that it’s a great introduction to the world of networks, protocols and the individual packets that make up all of the network traffic we come across. If you’re interesting in dipping your toes into packet analysis and putting yourself in a position where you can learn a bunch and keep on learning on your own once you’ve built up your foundation, then this is a great book for you.
Technorati Tags: ppa, practical packet analysis, no starch press, packets, network troubleshooting, wireshark
Leave a Reply