Practical Packet Analysis
Using Wireshark to Solve Real-World Network Problems
Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Chris Sanders
- Published
- 2017
- Publisher
- No Starch Press
- Pages
- 368
- Language
- English
Read this if
Anyone who needs to read pcaps fluently: SOC analysts, incident responders, network engineers, security students. Sanders teaches Wireshark at exactly the level that turns the tool from intimidating into a working extension of your hands.
Skip this if
Readers wanting deep protocol theory, custom-protocol auditing, or attack-side network research. For depth beyond troubleshooting and IR, follow with Attacking Network Protocols (Forshaw) and Silence on the Wire (Zalewski).
Key takeaways
- Capture filters are how you avoid drowning in volume; display filters are how you find the needle. The book teaches both fluently in the first hundred pages.
- Reading TCP behaviour at the packet level (handshakes, retransmits, resets) is the core skill that makes every later analysis question tractable.
- Wireshark's profile, coloring rule, and decode-as features turn it from a tool into a workflow; the book's chapter on customisation pays back fast.
Notes
Pair with Practice of Network Security Monitoring (Bejtlich) for the program context and Attacking Network Protocols (Forshaw) for the offensive depth. Sanders's blog and the Applied Network Defense training are the natural complements. Buy the third edition; the second is dated against modern Wireshark releases.
What to read before
What to read before Practical Packet Analysis →Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2020
Web Security for Developers
Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.
What to read next
What to read after Practical Packet Analysis →Intermediate · 2013
The Practice of Network Security Monitoring
Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.
Intermediate · 2007
Linux Firewalls
Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.
Intermediate · 2017
Network Security Through Data Analysis
Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.
Explore similar books
Alternatives to Practical Packet Analysis →Intermediate · 2013
The Practice of Network Security Monitoring
Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.