// Comparison

Network Security Through Data Analysis vs Practical Packet Analysis: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52017

From Data to Action

Michael Collins

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Beginner

4/52017

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Chris Sanders

Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

Read this if

Detection engineers and SOC analysts who've graduated from "what alert is this" to "is this alert worth triaging at all." Collins is the quantitative-detection text the field needed.

Anyone who needs to read pcaps fluently: SOC analysts, incident responders, network engineers, security students. Sanders teaches Wireshark at exactly the level that turns the tool from intimidating into a working extension of your hands.

Skip this if

Beginners with no NSM background, or readers who only do log-based detection. The book leans heavily on flow data and statistical thinking; pair with The Practice of Network Security Monitoring (Bejtlich) first if you're new to the discipline.

Readers wanting deep protocol theory, custom-protocol auditing, or attack-side network research. For depth beyond troubleshooting and IR, follow with Attacking Network Protocols (Forshaw) and Silence on the Wire (Zalewski).

Key takeaways

Detection engineering at scale is a statistical problem; the book teaches the framing every modern SOC eventually reinvents.
Flow-data analytics (NetFlow / IPFIX / sFlow) catch lateral movement that packet-based detection misses; the book is the cleanest treatment in print.
Time-series anomaly detection can be done well with off-the-shelf tooling and clear thinking; the chapters on baseline calibration are the practical core.

Capture filters are how you avoid drowning in volume; display filters are how you find the needle. The book teaches both fluently in the first hundred pages.
Reading TCP behaviour at the packet level (handshakes, retransmits, resets) is the core skill that makes every later analysis question tractable.
Wireshark's profile, coloring rule, and decode-as features turn it from a tool into a workflow; the book's chapter on customisation pays back fast.

How they compare

Network Security Through Data Analysis and Practical Packet Analysis are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Network Security Through Data Analysis is pitched at intermediate level. Practical Packet Analysis is pitched at beginner level. Read the easier one first if you're not yet comfortable with the topic.

Network Security Through Data Analysis and Practical Packet Analysis both cover Defensive, Networking, so reading them in sequence reinforces the same material from different angles.

Keep reading

Network Security Through Data Analysis

→ Alternatives to Network Security Through Data Analysis → What to read after Network Security Through Data Analysis