Practical Packet Analysis

Tuesday, September 18, 2012

Jayson Wylie


Some people do not want to spend $100 on Laura Chappell’s “Wireshark Certification Guide”, which may be overwhelming for beginners.

“Practical Packet Analysis” is a less expensive and great way to start learning the tools to understand what is going on under the hood of networks.

This book does not focus on security centric topics rather than one that shows how to analyze and identify specific protocol packets and the traffic of interest to look for as well as covering features of Wireshark.

The book details topics and features to help analyze traffic issues and identify potential problematic points to improve performance and verify the valid flow of common network communications that can help differentiate the good from the bad.

It is a good place to start understanding the functions and usage of the Wireshark captures, how to manage large ones and being able to filter out the traffic of interest using display or capture filters.

It can take some time to be proficient at creating filters but there are built-in ones that can be altered and saved for specific use. Looking into Berkley Packet Filtering syntax can also help with filters.

Helpful hints on features of the tool like showing traffic hierarchy and ratio of protocols seen.  This allows a quick view of types of traffic occurring and can show problematic issues like an abundance of ARP or HSRP traffic to address for improved performance.

The book describes how to the tool to follow TCP/UDP streams, within a capture, so that you can see conversations.

Clear text data contained in something like SNMP or POP3 brute force attempts captured from an IPS can be used to identify specific strings or usernames to help identify exposure are revealed viewing traffic streams.

The book contains feature reviews and customization tips for how to use Wireshark effectively at a beginner level as well as covering topics that can be used to better understand common traffic flow and I recommend this book to anyone who is interested to begin using Wireshark with some proficiency if none is had.

Possibly Related Articles:
Information Security
Tools Penetration Testing Book Review WireShark Intrusion Detection Network Security Monitoring Analysis Deep Packet Inspection Filters
Post Rating I Like this!
whatsapp status I've been using Wireshark for quite a time.But still reading this book opened some interesting way that I've never looked before.Thanks a lot
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.