This edition of the book, a significant extension of the first one [1], comprises two intertwined parts. The first covers fundamentals of computer networking and network protocols. It consists of two introductory chapters on network basics and connectivity, as well as middle chapters on lower-layer protocols--address resolution protocol (ARP), Internet protocol (IP), transmission control protocol (TCP), user datagram protocol (UDP), and Internet control message protocol (ICMP)--and upper-layer protocols--dynamic host configuration protocol (DHCP), domain name system (DNS), and hypertext transfer protocol (HTTP). Those who have worked with or studied computer networks can safely skip these chapters unless they want to refresh their knowledge of basic networking concepts, which is always worthwhile.
The rest of the book is devoted to discussing and using Wireshark software for packet analysis. After introducing Wireshark in three chapters--they cover installation and basic information on the user interface; capturing packets and filtering them; and viewing endpoints and network conversation, protocol dissections, and graphing--the book gets to the point of addressing its subtitle.
This is the most interesting part, comprising four chapters on various aspects of analyzing network traffic. It starts with basic real-world scenarios such as dissecting social network traffic (for Twitter and Facebook) at the packet level and capturing ESPN.com traffic. The same chapter continues by addressing various aspects of the lack of Internet access, limited access, or network errors. Because of its length and substantial content, as well as its hands-on applicability to Wireshark, this is probably the most important chapter.
The last three chapters discuss other important practical aspects of using Wireshark for network analysis. The chapter on fighting a slow network is interesting because it shows how to use a tool for reasoning about network problems based on TCP features such as error recovery and flow control. (It would be interesting to couple Wireshark data with some reasoning tool, perhaps based on Bayesian belief networks such as Netica, for automatic decision making in real time.)
The most interesting chapter, which I read very carefully, is the one on packet analysis for security--a topic worth an entire book or more. The specific analysis done by the author is a dissection of three cases: a recently discovered vulnerability of Internet Explorer (known as Operation Aurora), which allows the server to be taken over; traffic redirection via ARP cache poisoning; and remote-access Trojan (RAT). Using colors in the Wireshark graphical user interface (GUI) to view the captured packets (the book’s illustrations are black and white) definitely helps one understand the malicious traffic. All captured files are available for download from the publisher’s and author’s Web sites.
The book ends with discussion and tips on wireless packet analysis. However, this--and the author is fully aware of it--is treated only superficially. The reason is that wireless network packet capture and analysis is significantly different from that of wired networks because of differences in the protocols at the two lowest layers of the network reference model (data link and physical layer) and because of a different medium.
Overall, the book met my expectations of learning the intricacies of packet analysis with Wireshark and applying it to some practical problems. I would recommend it to anyone interested in dealing with networking issues, from students of various computing disciplines to seasoned network administrators and their staff, to project managers. One additional point worth noting is that the author’s royalties from this book are donated to the Rural Technology Fund, a nonprofit founded by the author to offer scholarships for students from rural areas--a very worthwhile purpose.