Regular marked price: $39.95Discount Price: $26.37
Cost Savings: $13.58 (34%)Price fluctuation possible.
How soon does it ship: Normal ship time within one day
Shipping? Absolutely FREE if you qualify for Super Saver Shipping.
Type of bind: Paperback
Dewey Decimal Number: 004.66
EAN num: 9781593271497
Format: Illustrated
ISBN number: 1593271492
Label: No Starch Press
Manufacturer: No Starch Press
Quantity: 1
Page Count: 192
Printing Date: May 23, 2007
Publishing house: No Starch Press
Sale Popularity Level: 166246
Studio: No Starch Press
Other books you might be interested in perusing:
Editor's Notes and Comments:
Product Description:
It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.
Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to: - Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more
- Build customized capture and display filters
- Tap into live network communication
- Graph traffic patterns to visualize the data flowing across your network
- Use advanced Wireshark features to understand confusing packets
- Build statistics and reports to help you better explain technical network information to non-technical users
Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.
User popularity level:
Rated by buyers 
-
I am the kind of person who gets almost all of his information from books. This is because when I communicate, or endeavor to communicate, to human beings, I get easily alientated by the weaknesses in their language. What are these weaknesses? How about poor syntax, pomp, condescension and infalted sense of self-worth, to name a few?
But I got this book primarily to explore wireless. I am interested in wireless sniffing and have been experimenting heaviy with Linux and the Aircrack-ng suite for the past several months.
I did enjoy the exposition of the author of the OSI model in the beginning of the book. He does write clearly although he doesn't really provide many examples. I learn best thru the inductive method and so I really depend on examples with which to experiment. So I jumped ahead to the wireless chapter, which wasn't a great disappointment. It did explain the inner workings of Wireshark and the 802.11 header to me in relatively concise terms. Also, how to apply filters. But the true meaning of the packets and how to arrange them to give insights into the network structure, were not there. And that was the primarily reason I got the book.
So, all in all, about average. Best for a beginner who is just starting out with Linux.
Rated by buyers 
-
This is one of the best books, of hundreds, that I have ever put my hands on. I work as technical instructor for a Cisco Learning Parnter and I have been in IT for 15 years, teaching for the last 4. I encourage students of entry level networking classes to read this as well as students of my advanced firewall, intrusion detection and hacking classes. While I have read other books in the past that cover packet analysis or ethereal on it's own, this book is different because it can be easily digested on one weekend. The points are clear and concise and the books stays interesting.
Rated by buyers 
-
The conversational style of the book and the basic idea are very sound. Some of the information is well presented. So we'll start with 5 stars and see where we end up.
There are some typos and errors in the book (the Syn-Ack-Ack mentioned in two reviews is simply a typo in the diagram, the text on the same page correctly has it as Syn-Syn/Ack-Ack). Unfortunately, there are more serious errors than this, so there goes one star.
This is clearly a beginner's book, so some basic configuration explanations are needed to get Wireshark (and Cain and Able) set up properly. When the novice is presented with multiple network interfaces they can capture from, how do they decide which is the one to use? The author provides no help here, so the novice can do nothing but try each one in turn and see which one works. In my case, since I was using a notebook with a wireless connection, none of them worked in either program. Turning off promiscuous mode in Wireshark did the trick, but the author should have explained the need for that in the text. This book is about using these tools, so not explaining the basics is worth a star.
I downloaded the sample traces. The very first one I tried: wrongdissector.dmp wasn't in the archive. An oversight perhaps? Let's try the subsequent one in the text: suspectemployeechat.dmp. The content of this trace doesn't match the text all: the two individuals are chatting on a similar topic, perhaps, the contents of their conversation is complete different. There is no way to reconcile it with the text. Now we've moved from oversight to rubbish. Say goodbye to another star.
Final score: two stars out of five. If the publisher and/or their agents reads these reviews (they appear to have written some of them), please issue an errata and fix the download.
Rated by buyers 
-
I bought also "Computer Networks: Internet Protocols in Action
by Jeanna Matthews". Both as reference books. See also my review on that.
Let's start by saying it's very annoying if you have to read other material or have some doubt about your own knowledge concerning specific topics and then afterwards it proved to be your understanding and assumptions WHERE RIGHT and the book presented something wrong like the three way TCP way handshake is not SYN - ACK - SYN, Richard Bejtlich mentioned. These are crucial aspects of protocol understanding, the main reason you would buy a book like this. Nevertheless some faults can be made and maybe in the subsequent version of the book this is reviewed and solved.
Rob Faber [CISSP, CEH, MCSE]
Security Consultant
The Netherlands
Rated by buyers -
To use "American Idol" lingo, you've already read reviews by Randy Jackson and Paula Abdul. It's time for the truth from Simon Cowell -- Practical Packet Analysis (PPA) is a disaster. I am not biased against books for beginners; see my five star review of Computer Networking by Jeanna Matthews. I am not biased against author Chris Sanders; he seems like a nice guy who is trying to write a helpful book. I am not a misguided newbie; I've written three books involving traffic analysis. I did not skim the book; I read all of it on a flight from San Jose to Washington Dulles. I do not dislike publisher No Starch; I just wrote a five star review for Designing BSD Rootkits by Joseph Kong.
PPA is written for beginners, or at least it should be intended for beginners givens its subject matter. It appears the author is also a beginner, or worse, someone who has not learned fundamental networking concepts. This situation results in a book that will mislead readers who are not equipped to recognize the numerous technical and conceptual problems in the text. This review will highlight several to make my point. These are not all of the problems in the book.
p 21: This is painfully wrong on multiple levels: "When one computer needs to send data to another, it sends an ARP request to the switch it is connected to. The switch then sends an ARP broadcast packet to all of the computers connected to it... The switch now has a route established to that destination computer... This newly obtained information is stored in the switch's ARP cache so that the switch does not have to send a new ARP broadcast every time it needs to send data to a computer." This misconception is aggravated on p 62 in the discusion of ARP.
p 65, Figure 6-5: The TCP three way handshake is not SYN - ACK - SYN.
p 78, Figure 7-3: The TCP three way handshake is not SYN - ACK - ACK.
p 79: Packet 5 is not "the packet that was lost and is now being retransmitted." Packet 2 is.
p 80: There is no "ICMP type 0, code 1 packet."
p 85: This boggles the mind: "Immediately after that ARP packet, we see a bunch of NetBIOS traffic... If that other IP address wasn't a sign that something is wrong, then all of this NetBIOS traffic definitely is. NetBIOS is an older protocol that is typically only used as a backup when TCP/IP isn't working. The appearance of NetBIOS traffic here means that since Beth's computer was unable to successfully connect to the Internet with TCP/IP, it reverted back to NetBIOS as an alternate means of communication -- but that also failed. (Anytime you see NetBIOS on your network, it is often a good sign that something is not quite right.)"
p 85: This "troubleshooting" example highlights the different default gateways for Barry and Beth as being the "biggest anomaly" causing Beth's computer to not work. The author ignores the fact that Barry and Beth have computers with the same MAC addresses.
p 89: Traces recorded at a client and server are compared. The author says "The two capture files look amazingly similar; in fact, the only difference between the two files is that the source and destination addresses on the SYN packets have been switched around." Good grief.
p 106: Another "troubleshooting" scenario wonders if a "slow network" problem is related to the fact that tracerouting out from a host fails to produce a response from the router. However, the traceroute continues past the router, so connectivity exists (missed by the author). He says "we know our problem lies with our network's internal router because we were never able to receive an ICMP response from it. Routers are very complicated devices, so we aren't going to delve into the semantics of exactly what is wrong with the router."
pp 107-8: Yet another "troubleshooting" issue wonders why seemingly "double packets" are seen while sniffing on a host. The author wonders if "misconfigured port mirroring" could be the problem, ignoring his statement that the trace was collected on the host in question. He doesn't notice that each "double packet" has a unique MAC address pairing, i.e., packet 1 involves 00:d0:59:aa:af:80 > 00:01:96:3c:3f:54 and packet 2 involves 00:01:96:3c:3f:a8 > 00:20:78:e1:5a:80. Assuming 00:d0:59:aa:af:80 is the only MAC address for the troubled host, there is no way this machine could see traffic "bouncing back" -- the destination MAC address for the dupe packet is 00:20:78:e1:5a:80.
p 110: Another "troubleshooting" example fails to recognize that packets 1-18 and 29 are part of one unique TCP session, and 19-28 are an entirely different session. Packet 29's RST ACK is not an "acknowledgement" of the RST in packet 28; besides not being an actual protocol mechanism, those packets are from different sessions anyway!
p 112: "More ominously, most of the traffic is being sent with ... Read More
Find other books like this one:
