A few months ago, the good folks at No Starch Press sent me a review copy of Chris Sanders' book Practical Packet Analysis, Using Wireshark to Solve Real-world Problems, 2nd Edition.
I really wanted to love the book, but wasn't quite able to get there. A couple of small technical errors bothered me (probably more than they should have) and I was a little confused at who the target audience was (for example, if the book is targeted at newbies, it doesn't make sense to me to introduce filters before explaining the structure of IP packets including the IP, TCP, and UDP headers; if aimed at experienced networking folks, why bother with explaining the OSI model again). Even so, I did like the book. Starting with chapter 8 is where I think the book really becomes worthwhile. I especially like the idea of using "real-world scenarios" (even if sometimes a bit contrived) to teach the features of a tool. This is often one of the best ways to teach new techniques or concepts. I learned some new tricks for both wireshark and tshark which itself would have made it worth the price to me. I'm not going to give it stars or anything, but I do recommend this book to folks that aren't wireshark experts (and even those who have plenty of wireshark experience may pick up a new trick or two).
Tuesday, February 07, 2012
Practical Packet Analysis
Jim Clausing reviews Practical Packet Analysis, 2nd ed, (Tue, Feb 7th):