// Comparison

Applied Network Security Monitoring vs Practical Packet Analysis: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52013

Applied Network Security Monitoring

Collection, Detection, and Analysis

Chris Sanders, Jason Smith

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

Beginner

4/52017

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Chris Sanders

Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

Read this if

SOC analysts and aspiring detection engineers who want a structured mental model for collection, detection, and analysis rather than a pile of disconnected tooling tutorials.

Anyone who needs to read pcaps fluently: SOC analysts, incident responders, network engineers, security students. Sanders teaches Wireshark at exactly the level that turns the tool from intimidating into a working extension of your hands.

Skip this if

Anyone hoping for a current toolkit. Skip this if you want hands-on Zeek/Suricata/Elastic configs you can paste today, the commands here have aged out.

Readers wanting deep protocol theory, custom-protocol auditing, or attack-side network research. For depth beyond troubleshooting and IR, follow with Attacking Network Protocols (Forshaw) and Silence on the Wire (Zalewski).

Key takeaways

Collection is a deliberate decision, not a default. Decide what data matters before you drown in everything.
The book's split of detection into signature, anomaly, and statistical approaches still maps cleanly onto how modern stacks work.
Analysis is a discipline with a workflow, not improvised packet-staring, and that framing is the most durable thing here.

Capture filters are how you avoid drowning in volume; display filters are how you find the needle. The book teaches both fluently in the first hundred pages.
Reading TCP behaviour at the packet level (handshakes, retransmits, resets) is the core skill that makes every later analysis question tractable.
Wireshark's profile, coloring rule, and decode-as features turn it from a tool into a workflow; the book's chapter on customisation pays back fast.

How they compare

Applied Network Security Monitoring and Practical Packet Analysis are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Applied Network Security Monitoring is pitched at intermediate level. Practical Packet Analysis is pitched at beginner level. Read the easier one first if you're not yet comfortable with the topic.

Applied Network Security Monitoring and Practical Packet Analysis both cover Networking, Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading