It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.

Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:

• Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more

• Build customized capture and display filters

• Tap into live network communication

• Graph traffic patterns to visualize the data flowing across your network

• Use advanced Wireshark features to understand confusing packets

• Build statistics and reports to help you better explain technical network information to non-technical users

Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 11 Ratings

worth a look - 2009-03-04
Reviewer Rating:
As there aren't too many books out there on use of wireshark I found this book to be quite useful for people wanting to get their hands onto trying. I was looking for some books that would be good as a learning tool that I can throw to new members on my team and this book was roundly accepted, particularily the real world examples. By no means should this book be the only one on your shelf as there are many concepts that need to be delved into to really get a firm understanding. The book begins with a basic intro to general router concepts and hardware, it then goes into the functions of Wireshark. I found that this information could of been found on the Wireshark userguide or help file. It was basically a re-hash here so that space could of been better used providing more info about routers in general instead as a lot of the real world problems come from misconfigured routers or machines.

Overall after reading the book the reader should get a fair understanding of TCP/IP concepts and communication on a network and is a good jump off point onto more advanced books.

A must for Wireshark users - 2008-12-31
Reviewer Rating:
Lately I have been reading reviews after I buy books just to see how they stack up, and this is no exception. I bought the book after checking it out at the book store and saw that there was good stuff in it. If you use Wireshark, or if you are learning it, you should have this book on your shelf period.
Chris Sanders not only does a great job of introducing you to the mindset of packet analysis, he shows a side of it that most of the people I interact with don't consider...the day to day administrator's needs for a way to diagnose network problems.

If you live the world of network monitoring and information security then this books works for you as well. The concepts are what is important and they are presented very well.

As to those who say there are too many things like the mis-representation of the three-way handshake I say Thanks for pointing it out to the novice among us. For the novice, now you know, so...buy the book anyway. If I put a technical book back every time I saw a mistake that the proofer missed, I'd have empty shelves.

Thanks Chris for taking a tough subject and making it much easier to digest.

The title states the obvious - 2009-08-18
Reviewer Rating:
While this book will give you a passable introduction to the technical aspects of packet analysis and WireShark, the goal is to introduce the reader to some practical uses of WireShark. It answers questions that the accidental, occasional or beginning user asks themselves. I do not fault the author for a few inaccuracies as almost every technical/boring tome has them if you stay awake long enough to come across them. Since this book is so short, it made an easy target for the trained professional reviewer to rip it to shreds. Oh well.

If you want serious, practical training in the use of WireShark, find out about the consummate expert in teaching this subject. Her name is Laura Chappell. Search the web for more info. She goes light years beyond any publication in print with on demand and live video seminars and training for the serious student. Chappell has numerous titles (10 or more) specific to this subject listed on Amazon.com.

Foot Wetter - 2009-05-20
Reviewer Rating:
This book would be great for a beginner or computer tech that is becoming a network tech. This book gets the idea of Wireshark and its possible uses across very well and is an easy two-day read. Some stuff left out but not bad considering that the book is under 170 pages. This book will introduce you to Wireshark, and inspire you to dig deeper to read more about packet analysis and TCP/IP.

Limited recommendation - 2008-09-19
Reviewer Rating:
I am the kind of person who gets almost all of his information from books. This is because when I communicate, or attempt to communicate, to human beings, I get easily alientated by the weaknesses in their language. What are these weaknesses? How about poor syntax, pomp, condescension and infalted sense of self-worth, to name a few?

But I got this book primarily to explore wireless. I am interested in wireless sniffing and have been experimenting heaviy with Linux and the Aircrack-ng suite for the past several months.

I did enjoy the exposition of the author of the OSI model in the beginning of the book. He does write clearly although he doesn't really provide many examples. I learn best thru the inductive method and so I really depend on examples with which to experiment. So I jumped ahead to the wireless chapter, which wasn't a great disappointment. It did explain the inner workings of Wireshark and the 802.11 header to me in relatively concise terms. Also, how to apply filters. But the true meaning of the packets and how to arrange them to give insights into the network structure, were not there. And that was the primarily reason I got the book.

So, all in all, about average. Best for a beginner who is just starting out with Linux.