Posted on Tuesday, 19th June 2007 by sean
I was excited to receive Practical Packet Analysis in the mail. A book on the topic of packet analysis is one of those “gee, I wish I had thought of that!” type of things.
PPA is all about using Ethereal/Wireshark to solve network problems. While not explicitly written as such, the book is done on two parts. The first is using the Wireshark software, the second brings up scenarios where Wireshark is used to solve the problem.
Packet sniffing is like real estate, it’s all about location. I was happy to see that several mentions were made about the most appropriate place to put your tracer, talk of SPAN/Remote monitoring ports, switches vs hubs, and all that. In the scenario sections, each scenario starts with a decision of where to sniff. It’s excellent for the beginner.
The advanced user will be disappointed. There is very little here that you won’t already know. Despite the chapter on “Advanced Wireshark Features”, it’s just talking about conversations, protocol statistics, TCP streams, and I/O graphs.
The book is only 164 pages long, meaning it covers a fraction of what Wireshark can do. With another 100 pages it could have shown how to use some of the statistics, actually show how I/O graphs can help you profile an application, and how to troubleshoot VoIP. Yes, that’s right, a book on network problem solving written in 2007 and there’s no VoIP. If I can describe how to use Wireshark to Solve VoIP problems in under 2500 words, it could have fit in the book.
To its credit, there is a chapter on wireless troubleshooting. It’s OK for 15 pages, but like the rest of the advanced chapters, left me wanting more.
The capture file for each example is downloadable from the author’s site. Despite being contrived examples, they are quite effective. Besides just showing screen shots, the book makes each a learning experience, gathering a description of the problem, locating the sniffer, and walking through the process of capturing the packets and analyzing them.
For the person getting started with packet tracing (and if you don’t know it, you should) this is a good start. You’ll learn how to find a spot to sniff, how to use capture and display filters effectively, and learn some of the basic protocols and how to spot problems.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Posted in Reviews | Comments (0)
