Ethereal is the premier Open Source protocol analyzer for Windows and Unix, and was recently voted the #2 most popular open source security tool of any kind. This is the first book available on Ethereal, which like most open source tools is extremely popular yet almost completely undocumented. 100,000 new copies of Ethereal are downloaded and installed every month.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 25 Ratings

Excellent book on Ethereal with one caveat - 2005-08-22
Reviewer Rating:
Provides an exhaustive view of Ethereal and how to use it. The only complaint I have, and perhaps unfairly so, is that it doesn't give enough context for the use of the product--although I recognize the book doesn't claim to be a primer on packet sniffing, a bit more information on the meaning of what it is you are seeing in each packet, would be helpful. Regardless, I recommend this book highly. If I could give it 4.7 stars, I would.

Essential tool for all IT staff - 2005-05-20
Reviewer Rating:
I love protocol analysis. It's slightly arcane, just difficult enough to be interesting and incredibly useful for troubleshooting, planning, security and just plain learning more about networks. The great barrier has been cost - few shops have the inclination, much less the financing to afford this most essential of network professional tools. Enter open source software and Ethereal - a serious, cross platform protocol analyzer with enough features to get the job done. Of course, the trouble is knowledge - how do you use the darn thing? High-priced protocol analyzers have extensive support from the vendor and series of classes to learn both analysis in general as well as the specifics of that product. As an open source product, Ethereal presupposed at least some knowledge of protocol analysis to use effectively. This book, written with the Ethereal development team is worth solid gold to any network pro.

Let me start out by saying that any protocol analyzer manual will have slow spots, even for geeks that love looking up obscure flags in hex. For the sadly normals out there, please, please, please feel free to skip around chapters 1-4 where important concepts are introduced. While the writing is quite good the material in places is dry by nature. Don't waste your attention span on things like the complete list of protocols supported on page 45. Skip over those parts, flag them for reference when needed, and concentrate on the more immediately useful parts that are interleaved throughout. Just be sure to pour through chapter 5, which is the all-important filtering chapter. Then skip to Chapter 8, which introduces some real-world packet captures. Don't worry, you get to play with real captures, included on the disk. These files have already been slimmed to just the conversations in question so you don't have to figure out how to pick out 20 packets from 10,000. These are of real interest, and include vulnerability scanning, Trojans and several worms like Code Red. If these don't hit your hot button you're in the wrong field, baby!

I do have a half-nit to pick about the book, and while it's small it does need to be said. The authors clearly wished to be very complete, writing what appears to be the definitive (and only!) book on Ethereal as well as providing adequate instruction on use. Multiple purposes unless handled very carefully lead to uneven, disjointed writing and that is clearly a flaw shared by this book. It would be hard to write as a cohesive unit containing both reference material and tutorials, theory, practice and a short course on general analysis. Worse it absolutely must cover over a half-dozen operating systems and at least mention related software - reading and writing capture files for other analyzers is essential, and fortunately covered well. That the book doesn't fall completely apart is a testament to the writers and editor but another approach might have resulted in a better read. Still, this is THE definitive work on Ethereal and unlikely to be surpassed anytime soon. Like Ethereal itself this book is well worth the price and effort to master.

Ethereal: The Missing Manual - 2006-04-20
Reviewer Rating:
One of the complaints I've heard about this book is that it doesn't provide you with information on what different fields within a packet mean. Though the title is a little misleading, this isn't the book for that (try "The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference" by Charles Kozierok).

This book is more like a very good user manual for version 0.10.0 (current version as of 4/20/06 is 0.10.14, so there are a few more features than this book covers.) What seems to be a new version of the book with a new title is due out in June of 2006, so some of you might want to wait until it gets released if you want the most up to date version.

I've been just a casual user of Ethereal for a couple years so I thought I'd learn a lot from this book. Surprisingly though, only chapters 5 "Filters" and 8 "Real World Packet Captures" were helpful to me. Everything else was either stuff I could easily figure out on my own, or things I don't use.

Except for chapter 8 with the real-world examples and possibly chapter 9, "Developing Ethereal", this book is just a user manual and should be bought only with this in mind. It would be fun if they made another book that focuses on packet analyzation using Ethereal as the tool. I'll wait.

Evaluated as a user manual only, I'll give it 4 stars. Because it's merely a user manual, it should be less expensive. Then it would earn 5 stars.

This book and CDROM are "must have" network troubleshooting tools. - 2006-06-30
Reviewer Rating:
If you are a network administrator, responsible for a network of any size, this book and the software it describes are "must have" tools in your toolkit. There are many ways a LAN can malfunction, and network malfunctions are especially likely after changes have been made to a LAN. Troubleshooting your LAN is likely to involve examining samples of the message traffic flowing through the LAN. Ethereal (recently renamed "Wireshark") is a low cost, but very effective, tool for this purpose. The book includes a CDROM which significantly enhances the value of the book because it includes all of the example "filters" found in the book, making them easier to use, in addition to providing copies of Ethereal for several operating systems.

If you do not already have this book and know how to use Ethereal, you should buy this book soon. Start by reading the book, but you really should learn to use Ethereal "hands on", on your LAN as soon as possible. You need to know what "normal" conditions look like on your LAN. When your LAN is down, you probably will not have time for much reading. This book provides far too much information to digest and understand at one time, especially while your LAN is down. This is a book to read when you have some "slow" time because your network is OK.

I gave this book 4 stars only because I think a new edition should be released soon. The current edition is now several years old, and with the name of the software recently changed to Wireshark, the book should be updated with the new name for this classic LAN troubleshooting tool.

The best way to get the most out of Ethereal! - 2006-02-07
Reviewer Rating:
I have been doing protocol analysis for over three years now. My two tools of choice are typically either TCPDump and/or Ethereal. Even though I have used Ethereal extensively, this book was still able to teach me a few tricks - particularly with the reporting and graphing features (which is always nice eye-candy for the higher-ups). This book will not teach you about TCP/IP or the nuances of the protocols - for that, try the first 100 pages of "Inside Network Perimeter Security" or better yet, "TCP/IP Illustrated, Volume 1" by Stevens. And because of this, some of the value of the book is lost. Understanding how to root out or parse data that is unique to one protocol to find the right packet would only add to the value of this book, and thus the tool. Overall, the book serves it's intended purpose very well.

I give this book 4 pings out of 5:
!!!.!

Browse Similar Topics

Top Level Categories:
Networking
Security

Sub-Categories:
Networking > Intrusion Detection
Security > Networking
Security > Operating Systems
Operating Systems > Windows