Book review: Practical Packet Analysis – Using Wireshark to solve real-world network problems

Networks​ are a dark art and to truly understand them you must practise by analysing packets. Like Harry and friends in Dumbledore’s Army found that book learning, classroom learning isn’t sufficient alone. This book, doesn’t get bogged down in the minutiae but uses walked through examples to teach directly. In fact, nearly two-thirds of the book is the examples and while SANS “Intrusion Detection In-Depth” (which I attended in 2011) provides more details the examples mean that this book is ‘practical’.

The first third of the book, race through the groundwork of what is Packet Analysis, the OSI model, types of Traffic, and what is a, and types of, Network Taps at a rapid pace. Moving quickly onto what is and why Wireshark. Then we have a Wireshark tutorial that is terse but covers all the main areas you will need. With online help and documentation being more update it is always a hard thing to balance but in this case I think the author has put just the right amount of ‘How to …’ to get the reader up and running with Wireshark without regurgitating a manual. Then we have a quick diversion into Packet Analysis on the Command Line using TShark and tcpdump.

The next few chapters, concentrate on Protocol looking at Network, Transport and some Common upper layer Protocols like:

  • ARP
  • IPv4
  • IPv6
  • ICMP
  • TCP
  • UDP
  • DHCP
  • DNS
  • HTTP
  • SMTP

All with worked through packet captures (available here).

The rest of the book is analysis of some Basic and Advanced Scenarios including:

  • Missing Web Content
  • Inconsistent Printer
  • Slow Network
  • Finding Malware

The book finishes with a discussion of sniffing Wireless Traffic.

This is the 3rd edition of the book and I wish I had known of its predecessors because it is rare that I have to slice and dice packets nowadays and having this will get me upto speed without the fumbling in the dark. The book is clear written and is both an easy read and valuable resource when you have to do Packet Analyse.