Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide [Paperback]

Laura Chappell (Author), Gerald Combs (Foreword)

Book Description

ISBN-10: 1893939995 | ISBN-13: 978-1893939998 | Publication Date: March 15, 2010

Wireshark is rated #2 in the Top 100 Network Security Tools by sectools.org. Wireshark is the world's most popular network analyzer tool. This book is the ultimate resource on Wireshark which is a MUST HAVE tool used by network IT professionals to troubleshoot, secure and optimize networks. Readers learn to capture wired and wireless traffic, focus on the cause of slow web browsing, identify why applications don't run properly across the network, locate the cause of poor VoIP call quality, determine why WLANs are plagued with problems and more. The author, Laura Chappell is the founder of Wireshark University and Chappell University and has been analyzing networks for over 20 years - the book is written in a clear manner with hundreds of screenshots for the visual learner. The foreword was written by Gerald Combs, creator of Wireshark. Wireshark Network Analysis covers the test objectives for the Wireshark Certified Network Analyst Exam and includes test questions and answers for all topics covered. Filled with 45 real-life case studies, Wireshark Network Analysis takes you inside small, medium and large corporations to see how they solved network problems in a more efficient, accurate way using Wireshark. Book supplements are available online at www.wiresharkbook.com.

Editorial Reviews

From the Author

After writing this book, we went to work on the Wireshark Certified Network Analyst program (which launched August 11, 2010) shortly followed by the Exam Prep Guide (also available on Amazon). Thanks to all the contributors and advisers on this Study Guide, the certification Exam and the Exam Prep Guide!

From the Back Cover

Network Analysis is the process of listening to and analyzing network traffic. Network analysis offers an insight into network communications to identify performance problems, locate security breaches, analyze application behavior, and perform capacity planning.

Wireshark(r), formerly Ethereal, is the world's most popular network analyzer and offers an open source solution for IT professionals.

TIPS: Learn insider tips to spot performance issues fast - no more finger pointing!

CASE STUDIES: From "Death by Database" to "Troubleshooting Time Syncing," 45 case studies offer insight into real world performance and security situations solved with Wireshark.

CERTIFICATION PREP: Each chapter includes exam objectives, review questions and answers to prepare you for the Wireshark Certified Network Analyst(tm) Exam.

[image1] Learn how to create graphs that expose the cause of poor performance such as packet loss, high latency, low packet sizes, slow clients, overloaded receivers and more!

[image2] Use coloring rules and the Expert Info Composite to highlight suspect traffic and avoid the "needle in a haystack" feeling when analyzing traffic.

[image3] Learn insider tips and techniques to troubleshoot and secure a network more efficiently and accurately.

About the Author:
Laura Chappell is the founder of Wireshark University(tm) and Chappell University(tm). Ms. Chappell is also the author of the Wireshark University instructor-led training courses and the Wireshark Certified Network Analyst(tm) Exam. As a highly successful and sought after network analyst and speaker, her goal is to make network analysis an understood "first responder" tool to save time, money and aggravation. Ms. Chappell offers hundreds of online and onsite courses every year through Chappell University. For more information, email info@chappellu.com.

File in Computing Section with Networking/Security/Certification.

ISBN 978-1-893939-99-8

Product Details

• Paperback: 800 pages
• Publisher: Laura Chappell University (March 15, 2010)
• Language: English
• ISBN-10: 1893939995
• ISBN-13: 978-1893939998
• Product Dimensions: 9.5 x 7.5 x 1.7 inches
• Shipping Weight: 3 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (22 customer reviews)
• Amazon Best Sellers Rank: #21,184 in Books (See Top 100 in Books)
  • #28 in Books > Computers & Technology > Networking > Network Security
  • #61 in Books > Computers & Technology > Certification

More About the Author

Many folks know me as a slightly hyperactive presenter and "Glenda, the Good Witch." After taking a break from writing for a while, I'm now back in the swing of things - with drafts of writing projects cluttering up by office space. We'll see if they get edited down to a business-card worth of writing - depends on the "Margarita count."

Here's the basic bio:

Laura Chappell is a highly-energetic speaker and author of numerous industry titles on network communications, analysis and security. Laura has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers.

Ms. Chappell is a member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989. Her blend of humor, personal experiences, energy and clarity have earned her a top spot as an industry speaker at Microsoft, Novell, Hewlett-Packard, High Technology Crime Investigation Association and US Court conferences.

In 2007, Ms. Chappell founded Wireshark University, an educational firm devoted to teaching the art of wiretapping/communications interception, network forensics, digital deception and decoys, traceback and reconnaissance.

Laura's network analysis, troubleshooting and security training is available online through the All Access Pass at chappellU.com and through customized online/onsite analysis and training.

Clients: Ms. Chappell's clients include the US Navy, US Arsenal, US Appeals Court, Hong Kong Police Department, Lockheed Martin, Cisco Systems, IBM Corporation, Microsoft Corporation, Sutherland Asbill & Brennan, LLP, United Bank of Switzerland, Federal Home Loan Bank of San Francisco, McAfee Corporation, Symantec Corporation, Northern Indiana Power Company, CapitalOne Financial Services, City of Canberra (Australia), Macau Police Department, Australian High Tech Crime Centre, Fidelity National Information Services, the City of San Francisco and several unnamed Federal agencies.

Customer Reviews

Most Helpful Customer Reviews

35 of 37 people found the following review helpful:

5.0 out of 5 stars Excellent book with material beyond Wireshark, April 9, 2010

By 

M. Christodonte II "Author of Cyber Within" - See all my reviews
(REAL NAME)   

This review is from: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (Paperback)

I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of "personality." When I read, "Wait...more data is coming in...and more...and...SCREECH!" I wasn't too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only "meat and potatoes," without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read -- full of solid content.

Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark -- examining the settings, filters, and other configurations -- I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic -- my personal favorite).

Page 563 resonated with me, as I'm a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots and shows how to analyze traffic and packet statistics.

There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor -- many of them contained several grammar mistakes. Although, it does appear that the case studies were all submitted by third parties and probably used as-is. Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today.

16 of 18 people found the following review helpful:

5.0 out of 5 stars Best introductory book on Wireshark available today, August 5, 2010

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (Paperback)

Wireshark Network Analysis (WNA) is a very practical, thorough, comprehensive introduction to Wireshark, written in an engaging style and produced in a professional manner. WNA provides a variety of methods for teaching network analysis with Wireshark, including description, screen shots, user-supplied case studies, review questions (with answers), "practice what you've learned" sections, and dozens of network traces (available online). Readers who approach the book as more of a class in printed (text) and electronic (trace file) forms will likely understand the higher-than-normal price tag. Anyone trying to learn how to use Wireshark, including basic protocol analysis, will greatly benefit by reading WNA.

WNA will not bore you. Author Laura Chappell offers one of the more lively writing styles you're likely to find in technical books, reminiscent of Michael W. Lucas. The book is expertly organized, starting with multiple chapters explaining Wireshark, followed by sections on common protocols and concluding with other uses and applications. WNA provides plenty of coverage on configuration, customization, and profiles which I have not seen addressed elsewhere.

I've been using Wireshark (previously Ethereal) for at least 10 years, and I still found a few cool tips by reading WNA. These included right click -> Apply As Column, right click -> Filter Field Reference, right click -> Colorize Conversation, Display Filter auto-completion, Display Filter Macros, Mark Packet with ctrl-M, and Ignore Packet with ctrl-X. I also learned that applying a display filter to Tshark (via -R) does NOT change the packets saved to disk -- only those counted or displayed on screen. I liked the chapters on WLAN and VoIP analysis, 26 and 27 respectively.

I only have a few caveats for WNA. First, the book doesn't talk about how to extend Wireshark. It doesn't explain how protocol dissectors work, or how to use the Lua programming language with Wireshark. The chapter on network forensics (ch 30) doesn't saw much about the subject. I would have liked examples of using Rawshark in chapter 33.

I also appreciate that WNA offers an online errata so readers can identify any typos. For example, I expect to see an issue I found with Figure 200 on p 378 to appear soon; basically some of the TCP sequence numbers need to be adjusted. Also on p 452, "Referrer" should be the misspelled but accurate Referer.

I have recommended all my junior analysts read WNA. They will learn a ton about Wireshark, and will also be able to follow Laura's explanations of many common network protocols. We may even pursue the certification tied to the book. Great work Laura!

9 of 9 people found the following review helpful:

5.0 out of 5 stars Hands down the best network analysis book to date., June 13, 2010

By 

Dan (Calgary, AB Canada) - See all my reviews
(REAL NAME)   

This review is from: Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide (Paperback)

I saw this book in the Tech Ed 2010 book store the day before Laura's session and thought $99 - you've got to be kidding! After seeing her present in her first session, my opinion changed completely and I rushed (along with many other attendees at the session) directly to the bookstore down the hall to grab a copy.

Needless to say the book sold out immediately and I was lucky to have obtained one.

I have been in the Networking industry for close to 20 years, and Laura has the unique ability to make this material understandable and accessible for anyone that has basic network knowledge. Coupled with her sense of humor, it enables one to tackle this esoteric topic and even enjoy it along the way.

This book has enabled me to "fill in the gaps" in my network analysis skill set and I look forward to referring to it for a long time to come.

Great job Laura, I look forward to seeing more material from you in the future!