This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Books: Learning Wireshark...

I'm looking at two books right now, and I need to know which is better:

"Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (2nd Edition)"

-- Chris Sanders


"Wireshark (R) 101: Essential Skills for Network Analysis"

--Laura Chappell

  • I may see where you are coming from as both authors and these books have great reviews. After reading a few pages from both books, a number of reviews on amazon and a few google searches later I've come to ask myself if I wanted to know more about packet analysis or the wireshark program? Here is my approach. If I wanted to learn more about the wireshark program I would choose Laura Chappell simply because she founded Wireshark University and she does a step-by-step walkthrough of the labs. If I felt comfortable using Wireshark or Microsoft Network Performance Monitoring (free tool from Microsoft) I would choose Chris Sanders as he expects you to know how to use Wireshark and dives into more details of packet analysis which is ultimately what you want to do if you are looking at both of these books or using a packet capturing tool.

    Level 1 book w/minimal to no Wireshark experience and just starting out with analyzing traffic.

    --Laura Chappell / Wireshark 101

    Level 2 book w/some experience using Wireshark and capturing traffic that expands on analyzing traffic.

    --Chris Sanders / Practical Packet Analysis

    Possibly other helpful links:

    Wireshark Wiki

    Wireshark University (Founded by Laura Chappell)

    Comptia Network+ (Specifically chapter 6, learn how the protocols)

    OSI Model

    Sorry for the lengthy post but some may find it helpful while others will tell you there's a ton I left out. =)

  • Wow, that was comprehensive and thorough... and highly appreciated. This is EXACTLY what I needed, and I think you've definitely helped me make my decision... I think I'll definitely pick up Sander's book.

    Thanks, Adam Boyd!

  • I've read both and while Sanders second edition was much better I found the only really useful section was on network base lining ( capture some sample traffic in good times so you have something to compare against in bad times)

    Laura is always amazing but I think her lab kit would be the best starting place.

    Frankly I have found packet analysis to be best learned by really knowing protocols (TCP/IP Illustrated Volume 1, Second Edition) and then getting good wireshark filters for finding the packets you want out of 10's of k of packets captured- for that I'd recommend Network Anaylsis Using Wireshark Cookbook by pakt publishing.

    Either way real world problem solving will be the only way to solidly the concepts - best of luck!!

  • Awesome! You are very welcome. I'm glad I was able help out. emoticons_happy.png

  • I definitely am downloading the stuff from that link. Thanks a lot!

  • So, now that I've read the book, should I write a review of it, for everyone here on Thwack, or would that violate some terms of service?

  • You must start a book club now.




    ...Any idea on how to create a group? I was trying to find that. I'd hate to go all "CHALLENGE DECLINED." (bluefunelemental)

  • I'll keep the review limited:

    The book covers the basics well -- you get a rather nice (highly informative for the newbie) explanation of TCP/IP and various protocols that go with it. You learn to think less about how IP operates and more about how the individual programs operate (i.e. UDP vs TFTP) It really makes you think more about each program that goes across the network.

    The real benefits come from what you gain in skill with Wireshark. The book teaches you some stuff that even the more experienced users may be wowed by.

    All things considered, I don't regret the purchase. The book is a worthwhile read. Highly recommended to anyone who's new with packet analysis.

  • Actually a Book Club would be a nifty idea! emoticons_happy.png instead of a bunch of old ladies discussing books, it'd be a bunch of geeks talking about technical books O.o