This week I had the opportunity to read Chris Sanders’ newly released book “Practical Packet Analysis” (second edition) – published by No Starch Press. While I’m not a frequent reader of technical computing books (they’re always a little too bulky for flights and carryon), I was looking for a book I could recommend and pass on to junior security consultants and threat analysts (as well as a few engineers).
Practical Packet Analysis proved to be a good read and I even managed to pick up a few tips on recent features within Wireshark that I’d not previously had a chance to experiment with; but am now looking forward to applying to real-world traffic.
While the book isn’t deeply technical (it’s not meant to be), it performs a very nice walk through of the practical aspects of performing network analysis and investigating packet captures. All too often in the past I’ve encountered network analysis books that either skim through the real-world problems an analyst or engineer will encounter, and rapidly descends in to the weeds of some obscure and contrived examples. Chris manages to navigate these waters is a clear and informative way. The practical analysis examples provide a breadth of understanding of not only the nuances and features of Wireshark, but also the common problems encountered by analysts tasked with troubleshooting their own networks. The sort of things they need to know asap if they’re going to be productive in a minimal amount of time
A chapter I particularly appreciated for its inclusion centered on how and where you should tap a network in order to perform analysis. You wouldn’t believe how many times that chapter alone could have prevented much wasted effort – if only folks had had access to it (and read it).
On the whole, I’d recommend this book to junior network analysts, software developers and newly minted MCSE/CISSP/etc. – folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems. My copy of the book has already been passed on to a third pair of hands for reading and brushing up on the practical application of Wireshark. Great work Chris!