Customer Reviews

Computer Networking: Internet Protocols in Action

5 star:		(8)
4 star:		(1)
3 star:		(1)
2 star:		(1)
1 star:		(0)

 

 

I eagerly anticipated reading Jeanna Matthews' 'Computer Networking: Internet Protocols in Action' (CN:IPIA). I am always looking for good networking books to recommend to people asking how to enter the digital security field. I am pleased to report that CN:IPIA is an excellent, hands-on, packet-oriented introduction to networking, suitable for all entry-level analysts. Even those with several years of experience may learn a trick or two, as I did.

The book is very logically organized. Section 1 is an introduction to using Ethereal to collect and inspect packets. I was unaware of Ethereal's ability to color packets based on user-specified 'color rules'. Section 1 also describes the various Ethereal panes and what they mean.

Section 2 starts the hands-on packet analysis work. The CD accompanying the book offers 30 MB of packet traces collected by the author. She uses these traces to expertly illustrate a variety of networking concepts. Section 2 introduces the top of the protocol stack by looking at application protocols. I learned about HTTP Last-Modified, If-Modified-Since, Cache-Control, and ETag headers.

Section 3 discusses transport layer protocols like TCP and UDP. I really liked the author's exposition on TCP Selective Acknowledgement (SACK), and I was glad to see she fully understood and explained TCP sequence numbers. I also finally grapsed the idea behind TCP time sequence graphs by reading this part.

Section 4 covered network layer protocols. After fairly standard material on DHCP, ping, and traceroute, I was surprised and pleased to read about routing protocols. Both interior protocols (RIP and OSPF) and an exterior protocol (BGP) made appearances. Better yet, analysts can examine traffic traces to understand how these protocols work.

Section 5 talked about link-level protocols (wired and wireless), and section 6 concludes the book with a few examples of security-related network events.

My few problems with CN:IPIA are overshadowed by the excellent material elsewhere. On p. 79 the author writes that a mail server involved in exchanging a message is the system which makes a DNS query. In fact, the trace shows it's the mail client, a laptop, making the query. Since the mail server in the example is also the sample network's DNS server, any query it makes would be answered by itself -- and wouldn't appear on the wire. On p. 109, in the second paragraph, the last two references to 'packet 7' should be 'packet 6'. I also think readers should have seen an example of active FTP to complement the book's discussion of passive FTP.

If you're looking to gain a packet-oriented understanding of networking, you must buy this book. It's a fast read, but I have not seen a better hands-on introduction to network traffic. Those wishing to learn packet analysis should start their journey with CN:IPIA, and spend plenty of time inspecting the traces on the book's CD.

This is a great concept. We all read about networking protocols but here you get to see them in action and without a whole laboratory full of equipment. This book is based on a series of experiments that you can do yourself using a network protocol analyzer. Aaaaah, there's a buzzword, network protocol analyzer. This book is written around using Ethereal, a software network protocol analyzer that is included on the CD that comes with the book (but you may want to download the latest version - it's open source software and free).

So in this book you don't just read about network protocols, you analyze them yourself using this software package. You get to actually see what the various packages like your internet browser are actually sending and receiving. This is a great way to remove the mystery of what networks are actually doing.

At the end of the book there is some discussion and illustrations of ways networks get attacked. There's quite a bit of discussion and demonstration of what the Blaster worm does, including the network traces of its action.

Great Concept, Great Implementation.

As Associate Professor with several years of experience teaching Computer Networking to undergraduate and graduate students, i think practical exercises are crucial for students to really understand this field.

Jeanna Matthews does a very good job introducing featured aspects of computer networks. The book follows a tipical top-down approach, which has proven to be the most reasonable option for practical networking (specially at the introductory level). Each chapter begins with a brief theoretic introduction (in the style of 'basic concepts about TCP', and then presents the rest of the practical topics in a 'learn by example practice' way.

Another great point is the CD included with all the network traffic traces you need to follow each example. The book also includes a brief introduction to Ethereal (now renamed as Wireshark).

Super-recommended to students and self-learning people that really want to understand TCP/IP in practice from the ground up. It is also useful as a guide for a lab-based computer networking course (introductory level), along with 'TCP/IP essentials' by Panwar (if you want to cover more advanced topics).

This is a small and very helpful book into learning the internet protocols...literally IN ACTION. There are some grammatical errors here and there, but obviously if you are smart enough you can still understand what she means. It is pretty harsh to base a review solely on some grammatical errors and then not say anything else about this book. This book is right-to-the-point with no overwhelming context on an author trying to proclaim how well they can sophisticate vocabulary. For a book that is less than 300 pages and ~$35 bucks, I didn't expect advanced features. If you google some of the context in the book, you can see how many universities and those alike use this to teach their classes. I think she did a great job for reaching those who need an entry level/beginners learning resource.

Having this book has really helped me to catch on quick! As one of the reviewers had stated, you should check out her website and see what the students are doing...it's actually really neat!

Like Richard Bejtlich I agree this book is excellent. I got this book based on his review.

I bought also "Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems". Both as reference books. The book "Network Analysis and Troubleshooting" by J. Scott Haugdahl is one on my wishlist.

Indeed this book is thorough and yet easy to read. It can be used as an intro but also for reference. The explanation of ethereal (wireshark) is very welcome in this perspective and lacks the errors we can find in the other book "practical packet analysis", I mentioned before (see also my review on that). Maybe in the next version we can find information on AirPcap, excellent in sniffing and supporting WiFi network t-shooting. Network Monitor 3.1 from Microsoft is a freely available solution in this perspective that also can be used and supports native WiFi cards and sniffing packets. So far a great book and certainly worth buying!


Rob Faber [CISSP, CEH, MCSE]
The Netherlands

[...]

I came into Information Security from a physical security background. I have done SANS GSEC which gave me the basics but I am really starting to get the hang of packet analysis thanks to this book. Jeanna Matthews is a wonderful teacher. I recommend you google for her website and see what her students are up to.

The Ethereal packet analysis tool on the CD is a bit out of date. These days you need to install Wireshark for your operating system which is an open source fork. Wikipedia or google Wireshark to find out how.

Have a look at the teacher site too.

Otherwise the book is brilliant.

This book is an OK introduction to networking, but has enough typos and contextual ambiguities to warrant a new edition. It walks a tightrope between giving a general overview and avoiding distracting details, a task rendered difficult by use of a protocol analyzer software which by definition exposes the reader to protocol details... this is sometimes not a bad thing as it makes you think and reflect (as do the typos and other mistakes :-) both within and beyond the scope of what the writer is saying about a particular topic.

The choice of top-down exposition of the Internet Protocol Stack layers has its problems, as this results in 'forward references' to lower-level material not yet explained, esp. due again to the use of the protocol analyzer which tantalizes us with details of the current and lower-level layers. A bottom-up approach might have been better.

The price is too high for the content given.

I'm about half way through the book. It comes with a packet analyzer and pre-captured packets on a CD (make sure the CD is included!). The book walks you through analyzing the packets with the program and explains what you are looking at along the way. I feel I learned a lot. Maybe since I'm a newbie I don't know what should have been there if, in fact, the book is lacking. However, I would definitely recommend this to others looking for an intro book that guides you through the basics and then some.

Studying computer networks without this book would be like studying to be a motor mechanic without any practical experience in taking an engine to pieces.The CD accompanying this book contains a large number of actual traces captured during a variety of tcp/ip processes and the ethereal program included allows you to closely examine the headers and data in each packet.This is a very practically oriented book and one which I can thoroughly recommend.

I'm using this book for a class and the material is highly detailed, but concepts are introduced in bite-sized chunks to make it manageable. It isn't a quick read if you have never opened Wireshark, but once you're done with the book, Wireshark will be your friend, just like it's every network administrator's friend. This book is great for being able to spot the difference between a properly working network, one with a hardware problem, and one which is under attack. Spotting device misconfiguration issues is going to take device-specific expertise though as experience is the best teacher there.

I greatly appreciated the opportunity to explore routing protocols without having to set up my own test lab. I'm sure it wasn't easy to coordinate the packet traces with the text. While I am sure that there are mistakes in "book vs sample trace" examples, I believe that they constitute less than 1% of the examples.

Where the publisher needs to get with the program is that this book is getting pretty old at this point. Easy fruit that needs cleaned up includes expanding areas where protocols have advanced, especially with 802.11 (wifi) standards WPA2 and 802.11n. It's the curse of writing books like this, but if they are unwilling to provide updates, they need to quit charging US$40+ for the book.

Other topics I would like to see, since I don't usually get to examine them, include: broader coverage of other routing protocols, VLANs, trunking, port bonding, fragmentation, tunnelling, IPsec, QoS, NAT, and of course IPv6.

More tools can be used besides Wireshark for examining some of the extended topics, but I really liked using Wireshark for studying network communication. Having all of the equipment is a major distraction from looking at the raw packets and this approach is far easier since the prerequisities to successful studying are both cheaper and more straightforward.