Now that the book is very nearly complete and we have managed to get a lot of the particulars squared away I figured now would be a great time to give everyone the low-down on the book and why it would be a good addition to your book shelf.
First of all, the book has finally been titled. Unfortunately it wasn’t one suggested by a reader, but it is a good one none the less. The final title of the book is:
Practical Packet Analysis
“Using Wireshark to Solve Real-World Network Problems”
As for a description, here is what we figured up for the books tipsheet:
“Wireshark (formerly called Ethereal) is the world’s most popular “packet sniffer,” allowing its users to uncover valuable information about computer networks (whether theirs or others). Rather than simply take readers through Wireshark’s tools, Practical Packet Analysis shows readers how to use the software to monitor their own networks. The book is aimed at network engineers and systems administrators, but its clear enough for even Wireshark newbies. The author begins by discussing how networks communicate and builds from there to give readers a solid understanding of how packets travel along the wire. The second half of the book contains real-world examples and case scenarios that help readers apply the knowledge they learn to their own networks. Includes a bonus CD with example trace files that readers can explore on their own as well as videos that show packet analysis in action.”
Rephrased in my own words:
Basically, this book is aimed at anybody who works on, around, or with a computer network. If you do any of those things then if you ever hope to be REALLY good at it you are going to have to learn how things work at the packet leve, and this book is your guide to do that.
I like to think of the book as being divided into three real sections.
The first section starts with a primer on network communication. This means the OSI model, TCP/IP, Ethernet, addressing, network hardware, routing, and all of that good stuff. It doesn’t go into a whole lot of detail..just gives you enough to get started and understand the rest of the book. I do make sure to point to outside references however so you can learn more about each specific thing if you so please.
The second section of the book is the “Intro to packet analysis and Wireshark” part. Here I talk about what packet analysis is, how it works, and how to do it. The later half of this section is devoted to going over the basic and advanced features of Wireshark itself all the way from downloading and installing it to using its graphing and trending feautres.
The last section is what I like to call the money section. If you are going to buy the book this is the part you are going to be paying for. This section, consisting of four chapters is what gives you the knowledge you will need to understand the packet analysis process. The first chapter is devoted to looking at common protocol at the packet level. This means you will actually see what TCP/IP, HTTP, FTP, ARP, MSNMS, ICMP, etc look from the view of a packet analyzer. From this point there are three more chapters dedicated completely to case scenarios and situations. Divided into chapters for basic scenarios, security scenarios, and slow network scenarios you will go through several dozen scenarios all the way from the users initial complaint to analysis to solving the problem. You may never see these exact problems on your network but using the techniques given you will have the ability to properly analyze any situation that comes up.
Lastly, along with the book comes a CD with LOADS of goodies on it. The main thing the CD will be used for is all of the trace/capture files. Any time I mention a trace or capture in the book you will be able to pull it off of the CD and look at it yourself. Heck, you may even see some things in the capture files that I managed to miss! Along with these capture files I there will be included some video analysis of some capture files and one VERY special feature that I can’t quite talk about right now…but trust me..it’s going to be HUGE.
Other Bonuses
A couple other great things start with the fact that this book is being technically reviewed by none other than Gerald Combs, the author of the Wireshark program. If you are going to buy any book about Wireshark then you are going to want the one that is technically endoresed by the guy who made the program. Along with Gerald, Laura Chappel from the packet analysis institute has so graciously provided me with a bulk of the capture files being used for examples in the book. This means that along with my analysis you will also see shades of hers.
There isn’t a date yet on when it will be released but you can figure on it costing about $39.95 USD. Also, I plan on giving away a couple of autographed copies to readers of the site, so look for that soon!
