Friday, April 9, 2010

Wireshark Network Analysis

For the last week I've been reading Laura Chappell's new book, Wireshark Network Analysis. I pre-ordered the book and was looking forward to it eagerly.

Overall, it's a superb book. First and foremost, I appreciate the fact that the writing has some personality to it. I've really enjoyed the author's footnotes, anecdotes, and humor.

Second, I like the fact that it's exhaustively thorough with both features and examples. There are relatively few cases where the Chappell simply describes a feature without offering an example of how it might be used in practice. Where she does so, the example is obvious enough to be unnecessary.

Particularly good are the examples of practical Wireshark tips and tricks in the protocol-specific sections. As an advanced Wireshark user with a thorough background in the internals of common network protocol operations, I was worried that this would be just another set of explanations of how various protocols work. Those explanations are there, but they are interspersed with many great tips and tricks about how to analyze the protocols more quickly and efficiently with Wireshark. I kept thinking, "why didn't I ever think of using that trick before?"

There is a lot here for both beginning and advanced Wireshark users.

I don't have a lot of criticisms to make: I thought the security sections were interesting, but a little dated. Exotic network and transport layer attacks just aren't all that common anymore; it would have been cool to have seen some analysis of a modern application-layer attack in action.

The other thing I would have liked is a discussion of the Lua scripting-language extensions to Wireshark. There is very little out there on the Internet about this so far, and most of what exists is oriented toward expert-level programmers. I was a bit disappointed to not even find Lua in the index. Still, the book is already huge, and adding a section on scripting might have made it unreasonably long. Maybe a volume 2?

Summary: if you use Wireshark, just buy it. This is an amazingly practical, hands-on book that will make you faster and more productive when analyzing network captures.

Blogging disclaimer: I paid full retail price for the book (and managed to somehow miss all the promo coupons) and am not being compensated in any way for this review.

1 comment:

Laura Chappell said...

Thanks for reviewing the book (and giving me ideas of areas to enhance and areas to replace in the future).

On the topic of Lua... just some behind-the-scenes info. The cutting room floor is littered with pages/topics that couldn't fit it in the book - sigh - seems there is a limit to binding size . We also had to stay in the boundaries of the upcoming certification test content. Some of those "extra chapters" areas will be offered on the wiresharkbook.com website for everyone's access. Others may make it in separate books (albeit smaller). I'd better not say any more on that topic yet...

Thanks for your thoughts! And don't forget the videos/downloads over at the book site. I'm always working up more content and case studies to share!

Laura Chappell