Gerald Comb, Creator of Wireshark (Excerpt from Foreword)

"When you first lifted this book, feeling your back strain under its enormous weight, your first thoughts probably were "How am I going to get through this? Is there really that much to Wireshark? Where's the pain reliever? How many of these protocols are there? Is protocol analysis that important?"

To answer your questions in order…

You'll get through this because Laura is the best instructor I've ever met. Each time I've had the opportunity to see her teach I've been impressed with her ability to convey the most arcane technical details in an easy-going, down to earth way. She has a unique talent for making protocol analysis accessible (and even fun). This book continues that style."

Wireshark Network Analysis...A Small Book Review.
April 8, 2010 5:28 PM
Jeremy Cioara
http://www.ciscoblog.com/2010/04/wireshark-netwo-1.html

Well, the day finally came: I've got my Wireshark Network Analysis book in the mail. After paging through it for about an hour, I can definitely tell you that it's a worthwhile book to get for your library. As I hoped, the writing style is kept casual (Sidenote: I really loathe reading 'sterile' books - no passive voice, no contractions, no referring to yourself. The very first book I wrote was like that...please don't ever buy it.)

I was a little worried when I first started reading. Chapter 2 was a Wireshark interface breakdown, "This button does this, that button does that, and so on..." with no context of why you would use the features. But then, the book begins to turn into a scenario-driven guide...to the feel of, "Here's the problem. Here's what capture filters are...now, here's how you use them."

Now here's what I loved: every chapter ends with one or more "real life" scenarios submitted by various engineers in the network world. Really helps put the WHY into the concepts you just learned. Likewise, each chapter ends with labs anyone can do with either live captures or canned pcap files from the author's website. You could easily teach a class straight from this book...hmmmm...

When I ordered the book, I selected the "Signed by Author" option from the site (why not?)...and indeed it was! Someone's hand is tired I'm sure. The simple inscription just said, "Enjoy!" - thanks! I'm sure I will.

Book Review: Wireshark Network Analysis
April 9, 2010 by Marcos Christodonte II
http://ardenal.info/tech/2010/04/09/book-review-wireshark-network-analysis-marcos-christodonte-ii/

I was a little nervous when I started reading this book. Chapter 1 provided an overview of network analysis, but had a lot of “personality.” When I read, “Wait…more data is coming in…and more…and…SCREECH!” I wasn’t too sure if I was going to finish the book. At over 700 pages, I was hoping that each page contained only “meat and potatoes,” without a lot of dry humor and meaningless analogies. Thankfully, a few pages later I began what turned into a great read — full of solid content.

Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark — examining the settings, filters, and other configurations — I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic — my personal favorite).

Page 563 resonated with me, as I’m a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots, showing how to analyze traffic and packet statistics.

There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor — many of them contained several grammar mistakes. Although, it does appear that those were submitted by third parties and probably used as-is. Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today.