Customer Reviews


9 Reviews
5 star:
 (2)
4 star:
 (3)
3 star:
 (1)
2 star:
 (2)
1 star:
 (1)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


38 of 39 people found the following review helpful
4.0 out of 5 stars An updated version of Ethereal Packet Sniffing
For the most part this book is an updated version of Ethereal Packet Sniffing. The title has been changed to more accurately reflect that it's about using Wireshark and not so much about analyzing traffic (although that's covered some), and also to denote that the project changed the name of the software recently. That said, it's an improvement over Ethereal Packet...
Published on December 6, 2006 by jose_monkey_org

versus
2 of 2 people found the following review helpful
3.0 out of 5 stars At least they didnt say complete reference or definitive guide in the title
A good fourth of this book is spent telling you what a sniffer is... the rest of the book is pretty much just as useful, I think I found maybe a dozen snippets of useful information, wireshark is an excellent tool, especially for its ease in wireless settings, but this book is next to worthless, you can get most of what is in here from reading about nmap at [...], that is...
Published on October 13, 2008 by D. Seholm


Most Helpful First | Newest First

38 of 39 people found the following review helpful
4.0 out of 5 stars An updated version of Ethereal Packet Sniffing, December 6, 2006
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
For the most part this book is an updated version of Ethereal Packet Sniffing. The title has been changed to more accurately reflect that it's about using Wireshark and not so much about analyzing traffic (although that's covered some), and also to denote that the project changed the name of the software recently. That said, it's an improvement over Ethereal Packet Sniffing with some new material and some reorganization.

Chapter 1 is an intro to network analysis, specifically with packet sniffing. It's very cursory, and they could do a better job of teaching this subject, but honestly that's a whole book unto itself and years of practice. The chapter is reasonably comprehensive and accurate.

Chapter 2 introduces Wireshark and how to begin using it. This chapter is very short given what it says it will cover, but most of that is brought up in the following chapters. There's a brief bit about Wireshark security, but again it's too cursory (2 paragraphs for a program that ha sa constant stream of security issues). Also, the authors keep calling it Etehreal in places and Wireshark in others. This inconsistency doesn't instill a great amount of trust in me that everything was reviewed well.

Chapter 3 covers getting and installing Wireshark for Windows, Linux, OS X, and how to build it from source. It also covers packet capture drivers (ie on Windows). A very straightforward, direct chapter.

Using Wireshark is the next chapter, and this is where we start the meat of the book. It's about 80 pages long and covers the UI and the command line options. The screen captures are better than the previous version of the book (and they often times use just a portion of the screen), but they could still be improved for legibility and for usefulness. This chapter covers the uncommon graphing and stats sections, and also following streams.

Filters are covered in Chapter 5, and the PCAP and Wireshark filter languages are covered. These are rich languages that allow for complex selectivity, and the chapter is clear and pretty comprehensive.

A new topic is introduced in Chapter 6, specifically wireless sniffing. This is a good addition to the book, and even topics such as decoding EAP and WEP are covered. This is a good, concise overview of the topic of sniffing wireless networks.

Real world packet captures are covered in Chapter 7, which is sadly too short (it could easily be a whole book). Several representative traces are included on the CD ROM that are good to study and review in this chapter. They include Linux worms and Windows malware, and also some coverage of active response packets is given.

Just like the corresponding chapter in Ethereal Packet Sniffing, Chapter 8 covers developing plugins for Wireshark, specifically new protocol decodes. Because Wireshark has a framework to extend, it supports dozens of application and network layer protocols. You can add your favorite new protocol with ease if you follow this chapter. Who knows, you may even get it included. This is a real gem of the book.

Finally, Chapter 9 covers many of the auxiliary programs that are included with Wireshark. These programs let you manage packet traces and marge them or cut them down to size. These are useful even outside of Wireshark if you work with packet traces at all.

This book is a good update to the Ethereal Packet Sniffing book and material. Sadly, in many places the editors didn't do a good job of auditing the book, so there are some mistakes and sometimes even references to the now obsolete name of Ethereal. However, the additions and improvements over the older version make this book worthwhile for anyone who needs to learn how to fully utilize this powerful sniffer.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


29 of 29 people found the following review helpful
4.0 out of 5 stars Not that much of an update from the first edition, March 9, 2007
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Despite the new title, Wireshark & Ethereal Protocol Analyzer Toolkit (WEPAT) is a second edition of Ethereal Packet Sniffing (EPS). I reviewed that book almost three years ago, in May 2004. WEPAT has replaced all of the earlier screen captures with Wireshark replacements. Unfortunately, WEPAT is largely a repeat of EPS, really only featuring a new wireless chapter. If you own EPS, you don't need to upgrade. If you don't own EPS but want to learn how to use Wireshark, I recommend buying WEPAT.

One new feature of WEPAT that helped me in production work was the coverage of Tshark statistics in ch 9. I used the advice for displaying top destinations to help me better understand traffic distribution in an unfamiliar network. I also liked the new wireless section, Ch 6, especially the coverage of protocols. The tip that packet details could be launched in a new window via View -> Show Packet in New Window was also cool. I liked the regex summary in Ch 5. I thought it was a great idea to explain why "not tcp.port == 80" is the right way to avoid all traffic where port 80 TCP is the source or destination port.

Three aspects of WEPAT bugged me. First, WEPAT includes updates to nearly all chapters. In adding material, however, the authors ended up repeating certain topics all over the place. Detecting remote hosts operating NICs in promiscuous mode (a nearly hopeless endeavor in reality) appears in Ch 1, Ch 2, and AGAIN in Ch 4. Ch 2 repeats many of the same concepts from Ch 1, like protection against sniffers and other sniffing tools. Small tools packaged with Wireshark like Tshark, Editcap, Mergecap, and Text2pcap are covered in Ch 2 and Ch 9. There is no need for all this redundancy.

The second disappointment in WEPAT is the inclusion of really old material. SubSeven, last updated four years ago, is called "one of the most common Windows backdoor trojans" (p 377). NetBus (last active in 1999), BackOrifice (2000), T0rn (2000), and Rst.b (2002) are other outdated programs mentioned in WEPAT. Ch 7 uses SQL Slammer (2003), Code Red (2001) and Ramen (2001) as examples of malware for analysis. To add insult to injury, the Wireshark screen captures for displaying relevant traffic are all far too small and fuzzy to be helpful.

Third, I didn't learn that much reading WEPAT. I am not a Wireshark ninja, but I didn't see much in WEPAT that differed from EPS. For example, I would really have liked more emphasis placed on using Wireshark display filters to control capture at the command line using the -R switch. That is a really powerful technique that was mentioned only in passing on p 177. On a minor note, Ch 4 was way too long; at 90 pages, it seems reasonable to not try to cover everything in a single chapter.

Overall, you need to read WEPAT if you're a Wireshark newbie to intermediary user and you don't have a copy of EPS. If you have EPS, you've already got all the relevant information you need in WEPAT. In fact, the wireless sniffing coverage in 802.11 Wireless Networks: The Definitive Guide, 2nd Ed by Matthew Gast is better. Add that to EPS and then wait to see wait to see what a third edition Syngress Wireshark book looks like.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
3.0 out of 5 stars At least they didnt say complete reference or definitive guide in the title, October 13, 2008
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
A good fourth of this book is spent telling you what a sniffer is... the rest of the book is pretty much just as useful, I think I found maybe a dozen snippets of useful information, wireshark is an excellent tool, especially for its ease in wireless settings, but this book is next to worthless, you can get most of what is in here from reading about nmap at [...], that is another sniffer, a much more powerful sniffer at that, but it does lack some wireshark functionality, and is unreliable for wireless captures. I gave this book 3 stars only because of its wireless chapter, I had quite a few questions about wireless sniffing and this books one chapter on it managed to answer a good many of them. On the plus side, this is a very easy to read book, and goes by very quick, mostly because it is just fluff and nonsense that anyone who even knows what a sniffer is would already know.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
1.0 out of 5 stars Very disappointing, March 24, 2010
By 
Verified Purchase(What's this?)
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Very disappointing book on Wireshark or packet sniffing !! Lots of important concepts were not included,missing or lightly shared (specially troubleshooting , Wireshark Graph analysis , Packet statistics , Wireshark tuning , Expert view VoiP analysis etc ) . Laura Chappell's VDO should be the best on this topic at this moment. I can't recommend this book to anyone. The documentation on the Wireshark web is much much better.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
2.0 out of 5 stars about 20 pages of real world packet tracing, December 29, 2010
Verified Purchase(What's this?)
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
I'm dissapointed with this book. They spend to much time on the basics of networking and not enough on real world tracing (20 pages). Then it goes right into Developing Wireshark (70 pages). I admit, i have not read the wireless portion of the book yet. I was really looking forward to being able jump right in to packet tracing.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Looks promising, January 1, 2014
Verified Purchase(What's this?)
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Lots of material to read, the book is think. I think once I read it I will have a better handle on the TCP/IP analysis in the Wireshark software.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Great introduction to wireshark, February 25, 2012
By 
Verified Purchase(What's this?)
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Wireshark is Number 1 network analyzer in the market. It was forked off ethereal. It is amazingly simple, and very powerful free tool. You can learn all of TCP/IP networking by observing the packets using wireshark. This book gives an excellent tutorial to this powerful tool in a simple way.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 2 people found the following review helpful
2.0 out of 5 stars Won't Teach you how to use Wireshark., February 8, 2010
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Lots of pages, but it won't teach you how to actually use Wireshark. Lots of "tid-bits," but it doesn't teach you how to use Wireshark. It's almost like her predecessor, but with more pages. There should be a law for this kind of thing. If you want to learn how to use Wireshark, this book won't teach you.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Five Stars, January 8, 2015
Verified Purchase(What's this?)
This review is from: Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Paperback)
Excellent book. My students learned something new.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

Details

Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)
Used & New from: $8.93
Add to wishlist See buying options
Search these reviews only
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.