Introduction

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

INTRODUCTION

This third edition of Practical Packet Analysis was written and edited over the course of a year and a half, from late 2015 to early 2017, approximately 6 years after the second edition’s release and 10 years since publication of the original. This book contains a significant amount of new content, with completely new capture files and scenarios and an entirely new chapter covering packet analysis from the command line with TShark and tcpdump. If you liked the first two editions, then you’ll like this one. It’s written in the same tone and breaks down explanations in a simple, understandable manner. If you were hesitant to try out the last two editions because they didn’t include the latest information on networking or Wireshark updates, you’ll want to read this one because of the expanded content on new network protocols and updated information on Wireshark 2.x.

Why This Book?

You may find yourself wondering why you should buy this book as opposed to any other book about packet analysis. The answer lies in the title: Practical Packet Analysis. Let’s face it—nothing beats real-world experience, and the closest you can come to that experience in a book is through practical examples with real-world scenarios.

The first half of this book gives you the knowledge you’ll need to understand packet analysis and Wireshark. The second half of the book is devoted entirely to practical cases that you could easily encounter in day-to-day network management.

Whether you’re a network technician, a network administrator, a chief information officer, a desktop technician, or even a network security analyst, you will benefit greatly from understanding and using the packet analysis techniques described in this book.

Concepts and Approach

I’m generally a really laid-back guy, so when I teach a concept, I try to do so in a really laid-back way. This holds true for the language used in this book. It’s easy to get lost in technical jargon, but I’ve tried my best to keep things as casual as possible. I’ve defined all the terms and concepts clearly and without any added fluff. After all, I’m from the great state of Kentucky, so I try to keep the big words to a minimum. (But you’ll have to forgive me for some of the backwoods country verbiage you’ll find throughout the text.)

The first several chapters are integral to understanding the rest of the book, so make it a point to master the concepts in these pages first. The second half of the book is purely practical. You may not see these exact scenarios in your workplace, but you will be able to apply the concepts they teach in the situations you do encounter.

Here is a quick breakdown of this book’s contents:

Chapter 1: Packet Analysis and Network Basics

What is packet analysis? How does it work? How do you do it? This chapter covers the basics of network communication and packet analysis.

Chapter 2: Tapping into the Wire

This chapter covers the different techniques for placing a packet sniffer on your network.

Chapter 3: Introduction to Wireshark

Here, we’ll look at the basics of Wireshark—where to get it, how to use it, what it does, why it’s great, and all that good stuff. This edition includes a new discussion about customizing Wireshark with configuration profiles.

Chapter 4: Working with Captured Packets

After you have Wireshark up and running, you’ll want to know how to interact with captured packets. This is where you’ll learn the basics, including new, more detailed sections on following packet streams and name resolution.

Chapter 5: Advanced Wireshark Features

Once you’ve learned to crawl, it’s time to take off running. This chapter delves into the advanced Wireshark features, taking you under the hood to show you some of the less apparent operations. This includes new, more detailed sections on following packet streams and name resolution.

Chapter 6: Packet Analysis on the Command Line

Wireshark is great, but sometimes you need to leave the comfort of a graphical interface and interact with a packet on the command line. This new chapter shows you how to use TShark and tcpdump, the two best command line packet analysis tools for the job.

Chapter 7: Network Layer Protocols

This chapter shows you what common network layer communication looks like at the packet level by examining ARP, IPv4, IPv6, and ICMP. To troubleshoot these protocols in real-life scenarios, you first need to understand how they work.

Chapter 8: Transport Layer Protocols

Moving up the stack, this chapter discusses the two most common transport protocols, TCP and UDP. The majority of packets you look at will use one of these two protocols, so understanding what they look like at the packet level and how they differ is important.

Chapter 9: Common Upper-Layer Protocols

Continuing with protocol coverage, this chapter shows you what four of the most common upper-layer network communication protocols—HTTP, DNS, DHCP, and SMTP—look like at the packet level.

Chapter 10: Basic Real-World Scenarios

This chapter contains breakdowns of some common traffic and the first set of real-world scenarios. Each scenario is presented in an easy-to-follow format, giving the problem, an analysis, and a solution. These basic scenarios deal with only a few computers and involve a limited amount of analysis—just enough to get your feet wet.

Chapter 11: Fighting a Slow Network

The most common problems network technicians hear about generally involve slow network performance. This chapter is devoted to solving these types of problems.

Chapter 12: Packet Analysis for Security

Network security is the biggest hot-button topic in the information technology area. Chapter 12 shows you some scenarios related to solving security-related issues with packet analysis techniques.

Chapter 13: Wireless Packet Analysis

This chapter is a primer on wireless packet analysis. It discusses the differences between wireless analysis and wired analysis, and it includes some examples of wireless network traffic.

Appendix A: Further Reading

The first appendix of this book suggests some other reference tools and websites that you might find useful as you continue to use the packet analysis techniques you’ve learned.

Appendix B: Navigating Packets

If you want to dig a little deeper into interpreting individual packets, the second appendix provides an overview of how packet information is stored in binary and how to convert binary into hexadecimal notation. Then it shows you how to dissect packets that are presented in hexadecimal notation with packet diagrams. This is handy if you’re going to spend a lot of time analyzing custom protocols or using command line analysis tools.

How to Use This Book

I have intended this book to be used in two ways:

• As an educational text. You’ll read chapter by chapter, paying particular attention to the real-world scenarios in the later chapters, to gain an understanding of packet analysis.

• As a reference. There are some features of Wireshark that you won’t use very often, so you may forget how they work. Practical Packet Analysis is a great book to have on your bookshelf when you need a quick refresher on how to use a specific feature. When doing packet analysis for your job, you may want to reference the unique charts, diagrams, and methodologies I’ve provided.

About the Sample Capture Files

All of the capture files used in this book are available from the book’s No Starch Press page, https://www.nostarch.com/packetanalysis3/. To maximize the potential of this book, download these files and use them as you follow along with the examples.

The Rural Technology Fund

I couldn’t write an introduction without mentioning the best thing to come from Practical Packet Analysis. Shortly after the release of the first edition of this book, I founded a 501(c)(3) nonprofit organization—the Rural Technology Fund (RTF).

Rural students, even those with excellent grades, often have fewer opportunities for exposure to technology than their city or suburban counterparts. Established in 2008, the RTF is the culmination of one of my biggest dreams. It seeks to reduce the digital divide between rural communities and their urban and suburban counterparts. The RTF does this through targeted scholarship programs, community involvement, donations of educational technology resources to classrooms, and general promotion and advocacy of technology in rural and high-poverty areas.

In 2016, the RTF was able to put technology education resources into the hands of more than 10,000 students in rural and high-poverty areas in the United States. I’m pleased to announce that all of the author’s proceeds from this book go directly to the RTF to support these goals. If you want to learn more about the Rural Technology Fund or how you can contribute, visit our website at http://www.ruraltechfund.org/ or follow us on Twitter @RuralTechFund.

Contacting Me

I’m always thrilled to get feedback from people who read my writing. If you would like to contact me for any reason, you can send all questions, comments, threats, and marriage proposals directly to me at [email protected]. I also blog regularly at http://www.chrissanders.org/ and can be followed on Twitter at @chrissanders88.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Introduction

Create new playlist

Sign In

Sign Up