Book Review: Wireshark Network Analysis
April 9, 2010 by Marcos Christodonte II
Courtesy: Packet-Level.com
I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of “personality.” When I read, “Wait…more data is coming in…and more…and…SCREECH!” I wasn’t too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only “meat and potatoes,” without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read — full of solid content.
Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark — examining the settings, filters, and other configurations — I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic — my personal favorite).
Page 563 resonated with me, as I’m a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots, showing how to analyze traffic and packet statistics.
There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor — many of them contained several grammar mistakes. Although, it does appear that those were submitted by third parties and probably used as-is. Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today.
Hi Marcos,
Thanks for reviewing the book. I’m interested to hear what people think. Putting in “personality” was a very tricky issue here. I polled people to get their opinion and got an even split down the center. Given that it is a Study Guide, however, I opted to start light (for the newbies) and then dump the majority of the humor.
Please let me know what grammatical errors you catch (if you have time). The book was re-read 20+ times and we’re still finding things we’d like to change.
On the topic of baselining, I’ve considered making t-shirts that state “Don’t talk to me until you’ve baselined!” (oh… wait… there’s that humor again… scratch that sentence – grin)
I’m glad you enjoyed the book and see many positive comments you made that were a direct result of the work of the reviewers/advisors/case study submitters on this book. I was very fortunate to have had loads of great feedback in the writing process.
Laura Chappell
Hi Laura,
Great work on the book! I know all too well about missing a few minor errors — I missed several in my book, and there’s probably still a few that escaped me. It seems that when you know what you want to say, it’s easy to read over the small mistakes. I’ll email you some additional comments offline.
No worries on the “personality,” I’m full of it myself (did I just say that I’m full of it…?). Anyways, I like to read technical books that are light on humor — yours was spot-on after I realized that Chapter 1 was an ice-breaker. Oh, and that sounds like a great idea for a shirt!
Best,
Marcos
Happy to hear GOOD feedback on the book. Mine should be here Tuesday or Wednesday of next week. Can’t wait to get it!!!