Chris Sanders - Practical Packet Analysis

An essential book if you are responsible for network administration on any level.

This book was made possible through the direct and indirect contributions of a great number of people.

First and foremost, all the glory goes to God. Writing a book brings forth a great deal of positive and negative emotion. When I am stressed, He brings me comfort. When I am frustrated, He brings me peace. When I am confused, He brings me resolve. When I am tired, He brings me rest. When I am prideful, He keeps me level-headed. This book, my career, and my existence are possible only because of God and his son Jesus Christ.

Dad, I draw motivation from a lot of sources, but nothing makes me happier than to hear you say that you are proud of me. I cant thank you enough for letting me know that you are.

Mom, the second edition of this book will be released right before the ten-year anniversary of your passing. I know you are watching over me and that you are proud, and I hope I can continue to make you even prouder.

Aunt Debi and Uncle Randy, you guys have been my biggest supporters since day one. I dont have a large family, but I treasure what I do have, especially you guys. Although we dont get together nearly as much as Id like, I cant thank you enough for being like a second set of parents to me.

Tina Nance, we dont get to talk nearly as much as we used to, but I will always consider you my second mom. I wouldnt be doing what Im doing today without your support and belief in me.

Jason Smith, youve listened to more of my frequent rants than anyone else, and just that has helped me keep sane. Thanks for being a great friend and coworker, providing input on various projects, and letting me use your garage for like six months that one time.

Regarding my coworkers (past and present), Ive always believed that if a person surrounds himself with good people, he will become a better person. I have the good fortune of working with some great people who are some of the best and brightest in the business. You guys are my family.

Mike Poor, you are my packet-analysis idol without equivocation. Your work and approach to what you do are inspiring and help me do what I do.

Tyler Reguly, thanks so much for tech-editing this book. Im sure it wasnt a fun process, but it was absolutely necessary and absolutely appreciated.

Thanks also to Gerald Combs and the Wireshark development team. Its the dedication of Gerald and the hundreds of other developers that makes Wireshark such a great analysis platform. If it werent for their efforts, this book wouldnt exist... or if it did, it would be based on tcpdump, and that wouldnt be fun for anyone.

Bill and the No Starch Press staff took a chance on a kid from Kentucky not just once but twice. Thanks for doing it, having patience with me, and helping me make my dreams come true.

Introduction

Practical Packet Analysis, 2nd Edition was written over the course of a year and a half, from late 2009 to mid 2011, approximately four years after the first editions release. This book contains almost all new content, with completely new capture files and scenarios. If you liked the first edition, then you will like this one. It is written in the same tone and breaks down explanations in a simple, understandable manner. If you didnt like the first edition, you will like this one, because of the new scenarios and expanded content.

Why This Book?

You may find yourself wondering why you should buy this book as opposed to any other book about packet analysis. The answer lies in the title: Practical Packet Analysis . Lets face itnothing beats real-world experience, and the closest you can come to that experience in a book is through practical examples of packet analysis with real-world scenarios.

The first half of this book gives you the prerequisite knowledge you will need to understand packet analysis and Wireshark. The second half of the book is devoted entirely to practical cases that you could easily encounter in day-to-day network management.

Whether you are a network technician, a network administrator, a chief information officer, a desktop technician, or even a network security analyst, you have a lot to gain from understanding and using the packet-analysis techniques described in this book.

Concepts and Approach

I am generally a really laid-back guy, so when I teach a concept, I try to do so in a really laid-back way. This holds true for the language used in this book. It is very easy to get lost in technical jargon when dealing with technical concepts, but I have tried my best to keep things as casual as possible. Ive made all the definitions clear, straightforward, and to the point, without any added fluff. After all, Im from the great state of Kentucky, so I try to keep the big words to a minimum. (Youll have to forgive me for some of the backwoods country verbiage youll find throughout the text.)