Sell yours for a Gift Card
We'll buy it for $12.55
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide Paperback – March 15, 2010

ISBN-13: 978-1893939998 ISBN-10: 1893939995

6 New from $166.26 14 Used from $47.56
Amazon Price New from Used from
"Please retry"
$166.26 $47.56
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Shop the new
New! Introducing the, a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 800 pages
  • Publisher: Laura Chappell University (March 15, 2010)
  • Language: English
  • ISBN-10: 1893939995
  • ISBN-13: 978-1893939998
  • Product Dimensions: 7.4 x 1.6 x 9.7 inches
  • Shipping Weight: 1.6 pounds
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (31 customer reviews)
  • Amazon Best Sellers Rank: #781,604 in Books (See Top 100 in Books)

Editorial Reviews

From the Author

After writing this book, we went to work on the Wireshark Certified Network Analyst program (which launched August 11, 2010) shortly followed by the Exam Prep Guide (also available on Amazon). Thanks to all the contributors and advisers on this Study Guide, the certification Exam and the Exam Prep Guide!

From the Back Cover

Network Analysis is the process of listening to and analyzing network traffic. Network analysis offers an insight into network communications to identify performance problems, locate security breaches, analyze application behavior, and perform capacity planning.

Wireshark(r), formerly Ethereal, is the world's most popular network analyzer and offers an open source solution for IT professionals.

TIPS: Learn insider tips to spot performance issues fast - no more finger pointing!

CASE STUDIES: From "Death by Database" to "Troubleshooting Time Syncing," 45 case studies offer insight into real world performance and security situations solved with Wireshark.

CERTIFICATION PREP: Each chapter includes exam objectives, review questions and answers to prepare you for the Wireshark Certified Network Analyst(tm) Exam.

[image1] Learn how to create graphs that expose the cause of poor performance such as packet loss, high latency, low packet sizes, slow clients, overloaded receivers and more!

[image2] Use coloring rules and the Expert Info Composite to highlight suspect traffic and avoid the "needle in a haystack" feeling when analyzing traffic.

[image3] Learn insider tips and techniques to troubleshoot and secure a network more efficiently and accurately.

About the Author:
Laura Chappell is the founder of Wireshark University(tm) and Chappell University(tm). Ms. Chappell is also the author of the Wireshark University instructor-led training courses and the Wireshark Certified Network Analyst(tm) Exam. As a highly successful and sought after network analyst and speaker, her goal is to make network analysis an understood "first responder" tool to save time, money and aggravation. Ms. Chappell offers hundreds of online and onsite courses every year through Chappell University. For more information, email

File in Computing Section with Networking/Security/Certification.

ISBN 978-1-893939-99-8

Customer Reviews

I was a little nervous when I started reading this book.
M. Christodonte II
This is a great book, very well written with enough examples and notes to offer a thorough understanding of Wireshark and network analysis.
Once I received the book, I saw that my excitement was warranted.
J. Murri

Most Helpful Customer Reviews

41 of 43 people found the following review helpful By M. Christodonte II on April 9, 2010
Format: Paperback
I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of "personality." When I read, "Wait...more data is coming in...and more...and...SCREECH!" I wasn't too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only "meat and potatoes," without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read -- full of solid content.

Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark -- examining the settings, filters, and other configurations -- I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic -- my personal favorite).

Page 563 resonated with me, as I'm a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots and shows how to analyze traffic and packet statistics.

There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor -- many of them contained several grammar mistakes. Although, it does appear that the case studies were all submitted by third parties and probably used as-is.
Read more ›
3 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
21 of 23 people found the following review helpful By Richard Bejtlich on August 5, 2010
Format: Paperback
Wireshark Network Analysis (WNA) is a very practical, thorough, comprehensive introduction to Wireshark, written in an engaging style and produced in a professional manner. WNA provides a variety of methods for teaching network analysis with Wireshark, including description, screen shots, user-supplied case studies, review questions (with answers), "practice what you've learned" sections, and dozens of network traces (available online). Readers who approach the book as more of a class in printed (text) and electronic (trace file) forms will likely understand the higher-than-normal price tag. Anyone trying to learn how to use Wireshark, including basic protocol analysis, will greatly benefit by reading WNA.

WNA will not bore you. Author Laura Chappell offers one of the more lively writing styles you're likely to find in technical books, reminiscent of Michael W. Lucas. The book is expertly organized, starting with multiple chapters explaining Wireshark, followed by sections on common protocols and concluding with other uses and applications. WNA provides plenty of coverage on configuration, customization, and profiles which I have not seen addressed elsewhere.

I've been using Wireshark (previously Ethereal) for at least 10 years, and I still found a few cool tips by reading WNA. These included right click -> Apply As Column, right click -> Filter Field Reference, right click -> Colorize Conversation, Display Filter auto-completion, Display Filter Macros, Mark Packet with ctrl-M, and Ignore Packet with ctrl-X. I also learned that applying a display filter to Tshark (via -R) does NOT change the packets saved to disk -- only those counted or displayed on screen. I liked the chapters on WLAN and VoIP analysis, 26 and 27 respectively.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
17 of 18 people found the following review helpful By Mike G. on October 27, 2011
Format: Paperback Verified Purchase
Frankly, this is one of the biggest disappoints I've purchased in a while.

First, let me say, I have not finished the book yet, so I'll update this later if anything changes...In fact I am writing this review as a warning to anyone thinking of buying this book. Unless you are an absolute beginner, I promise , you will be thoroughly disappointed , especially considering the price tag!!!

My Complaints:
1) The chapters that describe networking are downright careless with the use of the term "packet". As any network engineer worth their weight in salt knows, frame->packet->segment (i.e layer 2 MAC fram, Layer 3 source & dest IP packet, and Layer 4 source & dest Port). This author carelessly jumbles all this up in various places generically calling it a packet. okay, you say, well this is not a intro networking book and the author discloses that and provides good references....well in my opinion, this author should either remove the first few chapters or rewrite them correctly.

2) All of the case studies I have read so far(btw: I heard they were "really good", and are the primary reason I bought the book) are poorly explained...The author explains the symptom, then says they used wireshark to fix the problem. Huh? Well that's just great, what the heck did you do, I want screenshots, and step-by-step details. Otherwise it's just some worthless story.

3)chapters 2-4+ repeatedly reference free online user guide stuff. These chapters talk about stuff like menus and user interface stuff... why is it even in the book if it's free online....Some might think it is necessary, but to me it is just filler.

Currently, I'm on chapter 14...
Sorry, at this point I cannot recommend any good alternatives...I'll keep looking.

Honestly, I've learned more about wireshark looking at free online videos and reading the online documentation.
That's it for now, I'll be back
5 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

More About the Author

Many folks know me as a slightly hyperactive presenter and "Glenda, the Good Witch." After taking a break from writing for a while, I'm now back in the swing of things - with drafts of writing projects cluttering up by office space. We'll see if they get edited down to a business-card worth of writing - depends on the "Margarita count."

Here's the basic bio:

Laura Chappell is a highly-energetic speaker and author of numerous industry titles on network communications, analysis and security. Laura has presented to thousands of State, Federal and international law enforcement officers, judicial members, engineers, network administrators, technicians and developers.

Ms. Chappell is a member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989. Her blend of humor, personal experiences, energy and clarity have earned her a top spot as an industry speaker at Microsoft, Novell, Hewlett-Packard, High Technology Crime Investigation Association and US Court conferences.

In 2007, Ms. Chappell founded Wireshark University, an educational firm devoted to teaching the art of wiretapping/communications interception, network forensics, digital deception and decoys, traceback and reconnaissance.

Laura's network analysis, troubleshooting and security training is available online through the All Access Pass at and through customized online/onsite analysis and training.

Clients: Ms. Chappell's clients include the US Navy, US Arsenal, US Appeals Court, Hong Kong Police Department, Lockheed Martin, Cisco Systems, IBM Corporation, Microsoft Corporation, Sutherland Asbill & Brennan, LLP, United Bank of Switzerland, Federal Home Loan Bank of San Francisco, McAfee Corporation, Symantec Corporation, Northern Indiana Power Company, CapitalOne Financial Services, City of Canberra (Australia), Macau Police Department, Australian High Tech Crime Centre, Fidelity National Information Services, the City of San Francisco and several unnamed Federal agencies.