When a network fails, it's actually a good thing (from a troubleshooting standpoint, that is). Something, somewhere is broken. Fix the break and everything starts working again. The last thing a tech wants to hear is that the network is "slow." It's worse when you start hearing that from a lot of your users and even more so when you hear it from the boss. "Slow" is a lot harder to fix.
Wireshark is the go-to tool for network troubleshooting. Starting life as Ethereal, it's been around in one form or another since 1997. As open source code, it's managed to keep up with incredible growth of network technology and has evolved into a remarkably robust piece of software. There are versions that run on both Mac and Windows. And, best of all, it's free. However, when it comes to reading all the tea leaves that Wireshark can generate, the learning curve can be steep and the comprehensive resources for teaching yourself can be rather limited
One-stop Reference Realizing this, Chris Sanders published the first edition of Practical Packet Analysis in 2007, giving the technically astute a one-stop-shop for learning the basics of Wireshark. The substantially expanded second edition just hit the shelves, expanding the original into a truly comprehensive tutorial and reference that is deserving of a home with virtually every network tech.
The book begins with a chapter that provides a refresher on the elements of networking theory you'll have needed to master to troubleshoot networks and use Wireshark. If any of the topics he presents here are completely new to you, Sanders will advise you to study up on the subject before moving ahead. This chapter is deceptively dry; Sanders' tone becomes much more congenial as he moves onto the fun part: magic and mysteries of Wireshark itself Wireshark itself.
Wireshark captures a horrendous amount of information. Successful troubleshooting is a matter of filtering and summarizing that flood of data that Wireshark will spill onto your screen. Sanders starts out with a discussion of the best places for you to tap into a network in order to give Wireshark the information that it needs to sniff out various issues. The program has virtually every kind of tool you'll need to accomplish this. Sanders does a wonderful job of explaining the intricacies of Wireshark's packet filters as well as revealing the power of its statistics and analysis windows, where solution often lie. Though the book may not walk you through every single one, it covers all the primary functions in enough depth for you to work through the other available variants.
Real World Examples Practical Packet Analysis has a couple of features that go a long way in helping you master Wireshark. First, there are a slew of sample capture files you can download to follow the book's examples. There's also a chapter that walks you through a variety of real-world capture and analysis scenarios to help you learn how to apply the techniques that have been covered. The book closes with a chapter dedicated to specifically troubleshooting slow networks and another on the basics of using Wireshark as a security tool.
Sanders' book assumes that the reader already has a grasp of how networks work. But even a mastery of the theory is not all that helpful when things, in reality, aren't working well. This is where Practical Packet Analysis shines. Wireshark lets you see into the bits, bytes and packets that are flowing though the wires. The book does an equally impressive job of letting you see into Wireshark.
