Category Archives: Publications

Practical Packet Analysis 3rd Edition Released!

Ten years after releasing the first edition of Practical Packet Analysis, the third edition is finished and has been released! It’s hard to believe it’s been so long. So far, existing editions have sold tens of thousands of copies, been translated into multiple languages, and been used as a textbook in multiple college courses. I’m very humbled by the success the book has seen over the past decade.

Purchase Here from Amazon

Purchase Here from No Starch Press

If you’ve never read Practical Packet Analysis…

the key word I want to focus on is Practical. There are a lot of books about networking and protocols out there that get into the specific details at magnified level, but this isn’t that book. This book is written for people who need to do things like solve network issues, troubleshoot latency, or investigate security threats. Capturing packets is easy, but understanding them isn’t, and PPA is designed to give you the practical knowledge you need to get started down the right path. Practical Packet Analysis was the first book of its kind a decade ago, and the approach I’ve taken is unlike any other book you’ll find on the topic.

If you’ve read one of the previous editions…

I think you’ll like the new one too. Much of the introductory material is the same, but I’ve added quite a bit of new content:

  • Updated content for Wireshark 2.
  • A new chapter on packet analysis from the command line with tshark and tcpdump.
  • A bonus chapter on how to read packets in hex using packet diagrams.
  • New protocol coverage of IPv6 and SMTP.
  • All new scenarios related to network troubleshooting, internet of things devices, and security scenarios.

Charitable Contributions from Book Sales

A significant portion of the royalties from Practical Packet Analysis will be going to support a number of charities. This includes the Rural Technology Fund, the Against Malaria Foundation, and several others. Through your purchase of my books we’ve been able to put computer science resources into the hands of over 10,000 students just last year alone, purchase life saving mosquito nets for thousands of African families, and so much more. I’m thrilled to be able to use my work to serve others, and I hope you’ll share in that joy with me.

Acknowledgements

First of all, I want to sincerely thank everyone who has ever purchased any of the prior editions. I know you work hard for your money, so I’m glad my work was deemed worthy of your contribution and your time. As I always do, I want to share the acknowledgements and dedications you’ll find in the first few pages.

I’d like to express sincere gratitude for the people who’ve supported me and the development of this book.

Ellen, thank you for your unconditional love and for putting up with me pecking away at the keyboard in bed for countless nights while you were trying to sleep.

Mom, even in death the example of kindness you set continues to motivate me. Dad, I learned what hard work was from you and none of this happens without that.

Jason Smith, you’re like a brother to me, and I can’t thank you enough for being a constant sounding board.

Regarding my coworkers past and present, I’m very fortunate to have surrounded myself with people who’ve made me a smarter, better person. There’s no way I can name everyone, but I want to sincerely thank Dustin, Alek, Martin, Patrick, Chris, Mike, and Grady for supporting me every day and embracing what it means to be servant leaders.

Thanks to Tyler Reguly who served as the primary technical editor. I make stupid mistakes sometimes, and you make me look less stupid. Also, thanks to David Vaughan for providing an extra set of eyes, Jeff Carrell for helping edit the IPv6 content, Brad Duncan for providing a capture file used in the security chapter, and the team at QA Café for providing a Cloudshark license that I used to organize the packet captures for the book.

Of course, I also have to extend thanks to Gerald Combs and the Wireshark development team. It’s the dedication of Gerald and hundreds of other developers that makes Wireshark such a great analysis platform. If it weren’t for their efforts, information technology and network security would be significantly worse off.

Finally, thanks to Bill, Serena, Anna, Jan, Amanda, Alison, and the rest of the No Starch Press staff for their diligence in editing and producing all three editions of Practical Packet Analysis.

Dedication

This time around, rather that dedicating the book to an individual, I chose to include the first verse of one of my favorite songs, “Amazing Grace”. These words have profound meaning, and they just felt right positioned as the first words you’ll read in these pages.

“Amazing grace, how sweet the sound That saved a wretch like me.
I once was lost but now I’m found. Was blind but now I see.”

Reviews

Finally, if you do end up with a copy of Practical Packet Analysis, I’m always grateful for a review on the books Amazon page. A positive review is the most meaningful way to help an author whose work you enjoyed. If you’d rather share your review with me directly, don’t hesitate to e-mail me. I’m always happy to hear your feedback.

Mailing List Availability

If you like the content on my blog, one of my presentations, or enjoyed any of my books, consider signing up for my new mailing list. You can do so here:

http://chrissanders.org/list

I’ll be using the list to occasionally collect feedback about research I’m doing and to send out preliminary research and content that won’t be appearing on the blog. If you’re interested in my work, this is a great way to contribute and benefit from it. I’ll also be sharing details about some new training content I have coming up and how you can get free or discounted access by signing up early and providing feedback. Lastly, I’ll provide information about new publications, discount codes, and the occasional free book giveaway.

Technical Book Purchases Making a Difference

All of the royalties from Practical Packet Analysis and Applied NSM are donated to public school classrooms as well as a specific group of charities. Half way through 2015, your purchases of these books funded the following:

Dupo, IL – One Apple TV
This device will allow students to broadcast tablets to the classroom and will allow for group interaction with a limited number of devices.

Ypsilanti, MI – Two Raspberry Pi starter kits  and touch screen LCDs
Will be used to teach students how to code and debug programs.

Brunswick, GA – Lego Mindstorms kit and circuit building kits
Equipment will be used for an elementary school maker space

Bassett, VA – 3D Printer
Printer will be used as a part of a Maker Space in the elementary school’s library

Orlando, FL – Four DragonTouch Tablets
These devices will allow for customized tech learning plans to be delivered to elementary school students.

Lyndonville, VT – 3D Printer
Printer will be used as a part of a new technology design class focused on STEM education

Stone Mountain, GA – Ten Raspberry Pi kits and five RC robotics kits
Used for developing a technology course to teach kids about programming and robotics

New Lothrop, MI – Two Arduino kits, red boards, soldering kits, and misc sensors
Used in high school technology classes to teach kids about electronics, soldering, and programming

Claysville, PA – Ten Arduino invention kits
Allowing middle school students to explore and invent things that will teach them about electronics, robots, and coding

Charlotte, NC – Raspberry Pi starter kit, electronics kit, invention kit
Equipment will be used to build a Maker Space in the middle school’s library.

Dunlap, IL – Ten Arduino ultimate starter kits
Kits will be used in conjunction with club activities to teach students how create digitally controlled devices

Hartford, KY – Lego Mindstorms EV3 Kit
Kit will be used to develop a middle school robotics program

In additions, cash donations were made to the following:

  • Hope for the Warriors
  • Autism Speaks
  • Hackers for Charity
  • Kiva

If you purchased a copy of one of these books, thank you for contributing to these worthwhile causes. We are using education to fund more education.

MIRCon 2014 Slides: Applied Detection and Analysis with Flow Data

I recently had the opportunity and pleasure to speak at MIRCon 2014. The topic of the presentation was “Applied Detection and Analysis with Flow Data.” We had a great time talking about effective ways to use flow data for NSM, as well as introducing the world to FlowBAT.

 

You can view the slides from this presentation here:

BSides Augusta 2014 Slides and Video – Defeating Cognitive Bias and Developing Analytic Technique

I recently gave a presentation at BSides Augusta on the topic “Defeating Cognitive Bias and Developing Analytic Technique”.

Description:

At the center of many defensive processes is human analysis. While we spend a lot of time performing analysis, we don’t spend nearly enough time thinking about how we perform analysis. The human mind is poorly wired to deal with most complex analysis scenarios effectively. This can be attributed to the inherent complexity of solving technical issues where so many uncertainties exist, and also to the cognitive and unmotivated biases that humans unknowingly apply to their analysis. All of these things can diminish our ability to get from alert to diagnoses quickly and effectively.

In this presentation, I plan to discuss the mental challenges associated with technical defensive analysis by leveraging research associated with traditional intelligence analysis. I will discuss how complexity can overwhelm analysis, how cognitive bias can negatively influence analysis, and techniques for recognizing and overcoming these limiting factors. This will include a few fun mental exercises, as well as an overview of several strategic questioning techniques including analysis of competing hypothesis, red cell analysis, and “what if” analysis. Finally, I will discuss several structured analysis techniques, including two different techniques that can be used specifically for NSM analysis: relational investigation and differential diagnosis.

 

The video for this presentation can be found here:

The slides for this presentation can be found here: