Practical Packet Analysis – Using Wireshark (Book Review)
If you have done any type of performance testing, you’ve inevitably come across an application or two that could not be scripted using standard protocols in a performance test tool like LoadRunner. The Loadrunner protocol of last resort — when no other protocol will work — is called Winsock, and it can be pretty nasty to debug. That’s the main reason I picked up Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Wireshark is a free, open-source tool that allows you to capture and analyze network traffic. With the communication captured, you can then easily tell it to filter on certain protocols, making reading the packet info much easier than it is in LoadRunner.
This book starts at ground level, assuming no user experience with packet analysis and/or packet sniffers. It can basically be divided into four sections.
- The first covers packet analysis and network basics and gives a nice overview of the OSI model.
- The second covers Wireshark’s basic and advanced features.
- The next covers common protocols like ARP, TCP, and HTTP,
- and in the last section, the author ties it all together with real world examples using familiar sites like Twitter, Facebook and ESPN, while explaining how to troubleshoot common network issues.
I like the hands-on approach the writer uses throughout the book. He clearly explains everything in a clear, concise manner. I also appreciated the fact that the author uses packet capture files in each example that can be downloaded and opened in Wireshark in order to follow along. I was able to follow all of the examples without any confusion — which is kind of a big deal, since packet analysis at this level is a new subject for me. Well done!
Note: I received a free copy of this book as part of the O’Reilly Blogger Review program. View O’Reilly Product Page