Customer Reviews

Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide

5 star:		(15)
4 star:		(6)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of "personality." When I read, "Wait...more data is coming in...and more...and...SCREECH!" I wasn't too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only "meat and potatoes," without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read -- full of solid content.

Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark -- examining the settings, filters, and other configurations -- I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic -- my personal favorite).

Page 563 resonated with me, as I'm a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots and shows how to analyze traffic and packet statistics.

There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor -- many of them contained several grammar mistakes. Although, it does appear that the case studies were all submitted by third parties and probably used as-is. Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today.

Wireshark Network Analysis (WNA) is a very practical, thorough, comprehensive introduction to Wireshark, written in an engaging style and produced in a professional manner. WNA provides a variety of methods for teaching network analysis with Wireshark, including description, screen shots, user-supplied case studies, review questions (with answers), "practice what you've learned" sections, and dozens of network traces (available online). Readers who approach the book as more of a class in printed (text) and electronic (trace file) forms will likely understand the higher-than-normal price tag. Anyone trying to learn how to use Wireshark, including basic protocol analysis, will greatly benefit by reading WNA.

WNA will not bore you. Author Laura Chappell offers one of the more lively writing styles you're likely to find in technical books, reminiscent of Michael W. Lucas. The book is expertly organized, starting with multiple chapters explaining Wireshark, followed by sections on common protocols and concluding with other uses and applications. WNA provides plenty of coverage on configuration, customization, and profiles which I have not seen addressed elsewhere.

I've been using Wireshark (previously Ethereal) for at least 10 years, and I still found a few cool tips by reading WNA. These included right click -> Apply As Column, right click -> Filter Field Reference, right click -> Colorize Conversation, Display Filter auto-completion, Display Filter Macros, Mark Packet with ctrl-M, and Ignore Packet with ctrl-X. I also learned that applying a display filter to Tshark (via -R) does NOT change the packets saved to disk -- only those counted or displayed on screen. I liked the chapters on WLAN and VoIP analysis, 26 and 27 respectively.

I only have a few caveats for WNA. First, the book doesn't talk about how to extend Wireshark. It doesn't explain how protocol dissectors work, or how to use the Lua programming language with Wireshark. The chapter on network forensics (ch 30) doesn't saw much about the subject. I would have liked examples of using Rawshark in chapter 33.

I also appreciate that WNA offers an online errata so readers can identify any typos. For example, I expect to see an issue I found with Figure 200 on p 378 to appear soon; basically some of the TCP sequence numbers need to be adjusted. Also on p 452, "Referrer" should be the misspelled but accurate Referer.

I have recommended all my junior analysts read WNA. They will learn a ton about Wireshark, and will also be able to follow Laura's explanations of many common network protocols. We may even pursue the certification tied to the book. Great work Laura!

I saw this book in the Tech Ed 2010 book store the day before Laura's session and thought $99 - you've got to be kidding! After seeing her present in her first session, my opinion changed completely and I rushed (along with many other attendees at the session) directly to the bookstore down the hall to grab a copy.

Needless to say the book sold out immediately and I was lucky to have obtained one.

I have been in the Networking industry for close to 20 years, and Laura has the unique ability to make this material understandable and accessible for anyone that has basic network knowledge. Coupled with her sense of humor, it enables one to tackle this esoteric topic and even enjoy it along the way.

This book has enabled me to "fill in the gaps" in my network analysis skill set and I look forward to referring to it for a long time to come.

Great job Laura, I look forward to seeing more material from you in the future!

Frankly, this is one of the biggest disappoints I've purchased in a while.

First, let me say, I have not finished the book yet, so I'll update this later if anything changes...In fact I am writing this review as a warning to anyone thinking of buying this book. Unless you are an absolute beginner, I promise , you will be thoroughly disappointed , especially considering the price tag!!!

My Complaints:
1) The chapters that describe networking are downright careless with the use of the term "packet". As any network engineer worth their weight in salt knows, frame->packet->segment (i.e layer 2 MAC fram, Layer 3 source & dest IP packet, and Layer 4 source & dest Port). This author carelessly jumbles all this up in various places generically calling it a packet. okay, you say, well this is not a intro networking book and the author discloses that and provides good references....well in my opinion, this author should either remove the first few chapters or rewrite them correctly.

2) All of the case studies I have read so far(btw: I heard they were "really good", and are the primary reason I bought the book) are poorly explained...The author explains the symptom, then says they used wireshark to fix the problem. Huh? Well that's just great, what the heck did you do, I want screenshots, and step-by-step details. Otherwise it's just some worthless story.

3)chapters 2-4+ repeatedly reference free online material...like user guide stuff. These chapters talk about stuff like menus and user interface stuff... why is it even in the book if it's free online....Some might think it is necessary, but to me it is just filler.

Currently, I'm on chapter 14...
Sorry, at this point I cannot recommend any good alternatives...I'll keep looking.

Honestly, I've learned more about wireshark looking at free online videos and reading the online documentation.
That's it for now, I'll be back

As a Network Forensic Analyst I spend all day sniffing packets, isolating and correcting network issues. I grabbed this book immediately because even though I've used other sniffers, and am sniffer certified, I use wireshark all the time. This book has been an EXCELLENT resource! It's divided up by protocol making it very easy to follow with Great Case Studies which provide insight into problems you might also be having. Because of how it's written, it's great for beginning sniffers, (as long as you have a good handle on the TCP/IP OSI model), and for experts as a resource to look up methods and technical info.
Bonus, if you read the notes at the bottom of the pages, and sometimes in the main text, you will find subtle humor which has made me laugh a few times. This is a fresh approach to an otherwise tedious task in writing a technical type manual. I've also attended Lauras webinars, which are also enlightening as Laura is a really enthusiastic and fun teacher.

Laura, GREAT JOB!!!

John

A through knowledge of TCP/IP and a packet-level understanding of network traffic is essential for any Network Administrator or Engineer. If you take your time go and work along with the material in this book, you should be able to troubleshoot difficult and hard to diagnose network issues. No matter what the device is, a firewall, load balancer, server or router, it all comes down to packets on the wire. My only issue is that for $99. I would have expected a hardback or at least color, otherwise this would have easily been 5 stars.

What a refreshing approach to network analysis. I have been to one of Laura's two day seminars and reading this book is like having Laura right here in the room. Great book indeed. This will guide a novice with a basic understanding to being proficient at understanding packet communication. I recommend to anyone in the network administration field.

If you deal with any type of IP networking you should know how to use Wireshark. If you have to support a network, sooner or later you will need to do troubleshooting outside of what logs and application error messages can provide. The only way to do that is by capturing traffic and doing analysis.

I found the book very informative and helpful in understanding Wireshark as well as explaining how various network protocols work. This is absolute must have resource for anyone that has to look at packet level detail.

My only critique is that the practice labs dont have an answer guide. So if you are unsure of the right answer, you have nothing to help verify. I've ordered the WCNA practice exam book and I'm hoping that does supply the answers to questions and labs.

This book is just what I was looking for. Every IT major will be glad he or she bought this. Yes there is a lot to go over - but that is exactly what you want. Worth every penny. Even though it was around the Holidays when I ordered it Amazon came though with excellent delivery too!

This is a great book, very well written with enough examples and notes to offer a thorough understanding of Wireshark and network analysis.

Highly recommended.