Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide [Paperback]

Laura Chappell (Author), Gerald Combs (Foreword)

Book Description

Publication Date: March 15, 2010 | ISBN-10: 1893939995 | ISBN-13: 978-1893939998

NOTE: Second Edition available in paperback and Kindle format (ISBN: 9781893939943).

Wireshark is rated #1 in the Top 100 Network Security Tools by sectools.org. Wireshark is the world's most popular network analyzer tool. This book is the ultimate resource on Wireshark which is a MUST HAVE tool used by network IT professionals to troubleshoot, secure and optimize networks. Readers learn to capture wired and wireless traffic, focus on the cause of slow web browsing, identify why applications don't run properly across the network, locate the cause of poor VoIP call quality, determine why WLANs are plagued with problems and more. The author, Laura Chappell is the founder of Wireshark University and Chappell University and has been analyzing networks for over 20 years - the book is written in a clear manner with hundreds of screenshots for the visual learner. The foreword was written by Gerald Combs, creator of Wireshark. Wireshark Network Analysis covers the test objectives for the Wireshark Certified Network Analyst Exam and includes test questions and answers for all topics covered. Filled with 45 real-life case studies, Wireshark Network Analysis takes you inside small, medium and large corporations to see how they solved network problems in a more efficient, accurate way using Wireshark. Book supplements are available online at wiresharkbook.com.

Editorial Reviews

From the Author

After writing this book, we went to work on the Wireshark Certified Network Analyst program (which launched August 11, 2010) shortly followed by the Exam Prep Guide (also available on Amazon). Thanks to all the contributors and advisers on this Study Guide, the certification Exam and the Exam Prep Guide!

From the Back Cover

Network Analysis is the process of listening to and analyzing network traffic. Network analysis offers an insight into network communications to identify performance problems, locate security breaches, analyze application behavior, and perform capacity planning.

Wireshark(r), formerly Ethereal, is the world's most popular network analyzer and offers an open source solution for IT professionals.

TIPS: Learn insider tips to spot performance issues fast - no more finger pointing!

CASE STUDIES: From "Death by Database" to "Troubleshooting Time Syncing," 45 case studies offer insight into real world performance and security situations solved with Wireshark.

CERTIFICATION PREP: Each chapter includes exam objectives, review questions and answers to prepare you for the Wireshark Certified Network Analyst(tm) Exam.

[image1] Learn how to create graphs that expose the cause of poor performance such as packet loss, high latency, low packet sizes, slow clients, overloaded receivers and more!

[image2] Use coloring rules and the Expert Info Composite to highlight suspect traffic and avoid the "needle in a haystack" feeling when analyzing traffic.

[image3] Learn insider tips and techniques to troubleshoot and secure a network more efficiently and accurately.

About the Author:
Laura Chappell is the founder of Wireshark University(tm) and Chappell University(tm). Ms. Chappell is also the author of the Wireshark University instructor-led training courses and the Wireshark Certified Network Analyst(tm) Exam. As a highly successful and sought after network analyst and speaker, her goal is to make network analysis an understood "first responder" tool to save time, money and aggravation. Ms. Chappell offers hundreds of online and onsite courses every year through Chappell University. For more information, email info@chappellu.com.

File in Computing Section with Networking/Security/Certification.

ISBN 978-1-893939-99-8

Product Details

• Paperback: 800 pages
• Publisher: Laura Chappell University (March 15, 2010)
• Language: English
• ISBN-10: 1893939995
• ISBN-13: 978-1893939998
• Product Dimensions: 7.4 x 1.6 x 9.7 inches
• Shipping Weight: 1.6 pounds
• Average Customer Review: 4.5 out of 5 stars  See all reviews (28 customer reviews)
• Amazon Best Sellers Rank: #438,381 in Books (See Top 100 in Books)

More About the Author

Many folks know me as a slightly hyperactive presenter and "Glenda, the Good Witch." After taking a break from writing for a while, I'm now back in the swing of things - with drafts of writing projects cluttering up by office space. We'll see if they get edited down to a business-card worth of writing - depends on the "Margarita count."

Here's the basic bio:

Laura Chappell is a highly-energetic speaker and author of numerous industry titles on network communications, analysis and security. Laura has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers.

Ms. Chappell is a member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989. Her blend of humor, personal experiences, energy and clarity have earned her a top spot as an industry speaker at Microsoft, Novell, Hewlett-Packard, High Technology Crime Investigation Association and US Court conferences.

In 2007, Ms. Chappell founded Wireshark University, an educational firm devoted to teaching the art of wiretapping/communications interception, network forensics, digital deception and decoys, traceback and reconnaissance.

Laura's network analysis, troubleshooting and security training is available online through the All Access Pass at chappellU.com and through customized online/onsite analysis and training.

Clients: Ms. Chappell's clients include the US Navy, US Arsenal, US Appeals Court, Hong Kong Police Department, Lockheed Martin, Cisco Systems, IBM Corporation, Microsoft Corporation, Sutherland Asbill & Brennan, LLP, United Bank of Switzerland, Federal Home Loan Bank of San Francisco, McAfee Corporation, Symantec Corporation, Northern Indiana Power Company, CapitalOne Financial Services, City of Canberra (Australia), Macau Police Department, Australian High Tech Crime Centre, Fidelity National Information Services, the City of San Francisco and several unnamed Federal agencies.

Most Helpful Customer Reviews

41 of 43 people found the following review helpful

5.0 out of 5 stars Excellent book with material beyond Wireshark April 9, 2010

By M. Christodonte II

Format:Paperback

I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of "personality." When I read, "Wait...more data is coming in...and more...and...SCREECH!" I wasn't too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only "meat and potatoes," without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read -- full of solid content.

Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark -- examining the settings, filters, and other configurations -- I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic -- my personal favorite).

Page 563 resonated with me, as I'm a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots and shows how to analyze traffic and packet statistics.

There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor -- many of them contained several grammar mistakes. Although, it does appear that the case studies were all submitted by third parties and probably used as-is.... Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today. Read more ›

21 of 23 people found the following review helpful

5.0 out of 5 stars Best introductory book on Wireshark available today August 5, 2010

By Richard Bejtlich

Format:Paperback

Wireshark Network Analysis (WNA) is a very practical, thorough, comprehensive introduction to Wireshark, written in an engaging style and produced in a professional manner. WNA provides a variety of methods for teaching network analysis with Wireshark, including description, screen shots, user-supplied case studies, review questions (with answers), "practice what you've learned" sections, and dozens of network traces (available online). Readers who approach the book as more of a class in printed (text) and electronic (trace file) forms will likely understand the higher-than-normal price tag. Anyone trying to learn how to use Wireshark, including basic protocol analysis, will greatly benefit by reading WNA.

WNA will not bore you. Author Laura Chappell offers one of the more lively writing styles you're likely to find in technical books, reminiscent of Michael W. Lucas. The book is expertly organized, starting with multiple chapters explaining Wireshark, followed by sections on common protocols and concluding with other uses and applications. WNA provides plenty of coverage on configuration, customization, and profiles which I have not seen addressed elsewhere.

I've been using Wireshark (previously Ethereal) for at least 10 years, and I still found a few cool tips by reading WNA. These included right click -> Apply As Column, right click -> Filter Field Reference, right click -> Colorize Conversation, Display Filter auto-completion, Display Filter Macros, Mark Packet with ctrl-M, and Ignore Packet with ctrl-X. I also learned that applying a display filter to Tshark (via -R) does NOT change the packets saved to disk -- only those counted or displayed on screen. I liked the chapters on WLAN and VoIP analysis, 26 and 27 respectively....

I only have a few caveats for WNA. First, the book doesn't talk about how to extend Wireshark. It doesn't explain how protocol dissectors work, or how to use the Lua programming language with Wireshark. The chapter on network forensics (ch 30) doesn't saw much about the subject. I would have liked examples of using Rawshark in chapter 33.

I also appreciate that WNA offers an online errata so readers can identify any typos. For example, I expect to see an issue I found with Figure 200 on p 378 to appear soon; basically some of the TCP sequence numbers need to be adjusted. Also on p 452, "Referrer" should be the misspelled but accurate Referer.

I have recommended all my junior analysts read WNA. They will learn a ton about Wireshark, and will also be able to follow Laura's explanations of many common network protocols. We may even pursue the certification tied to the book. Great work Laura! Read more ›

16 of 17 people found the following review helpful

1.0 out of 5 stars Really disappointed October 27, 2011

By Mike G.

Format:Paperback|Amazon Verified Purchase

Frankly, this is one of the biggest disappoints I've purchased in a while.

First, let me say, I have not finished the book yet, so I'll update this later if anything changes...In fact I am writing this review as a warning to anyone thinking of buying this book. Unless you are an absolute beginner, I promise , you will be thoroughly disappointed , especially considering the price tag!!!

My Complaints:
1) The chapters that describe networking are downright careless with the use of the term "packet". As any network engineer worth their weight in salt knows, frame->packet->segment (i.e layer 2 MAC fram, Layer 3 source & dest IP packet, and Layer 4 source & dest Port). This author carelessly jumbles all this up in various places generically calling it a packet. okay, you say, well this is not a intro networking book and the author discloses that and provides good references....well in my opinion, this author should either remove the first few chapters or rewrite them correctly.

2) All of the case studies I have read so far(btw: I heard they were "really good", and are the primary reason I bought the book) are poorly explained...The author explains the symptom, then says they used wireshark to fix the problem. Huh? Well that's just great, what the heck did you do, I want screenshots, and step-by-step details. Otherwise it's just some worthless story.

3)chapters 2-4+ repeatedly reference free online material...like user guide stuff. These chapters talk about stuff like menus and user interface stuff... why is it even in the book if it's free online....Some might think it is necessary, but to me it is just filler.

Currently, I'm on chapter 14...
Sorry, at this point I cannot recommend any good alternatives...I'll keep looking....

Honestly, I've learned more about wireshark looking at free online videos and reading the online documentation.
That's it for now, I'll be back Read more ›