// Comparison

Practical Packet Analysis vs Zero Trust Networks: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52017

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Chris Sanders

Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

Intermediate

4/52017

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman, Doug Barth

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

Read this if

Anyone who needs to read pcaps fluently: SOC analysts, incident responders, network engineers, security students. Sanders teaches Wireshark at exactly the level that turns the tool from intimidating into a working extension of your hands.

Architects and platform engineers tasked with implementing zero-trust without buying a product called Zero Trust. The book is the rare resource that walks through the engineering substrate — service identity, attestation, policy decision points — instead of the marketing.

Skip this if

Readers wanting deep protocol theory, custom-protocol auditing, or attack-side network research. For depth beyond troubleshooting and IR, follow with Attacking Network Protocols (Forshaw) and Silence on the Wire (Zalewski).

Readers wanting current vendor-comparison or specific cloud-native zero-trust (BeyondCorp, Tailscale, Cloudflare Access, Tetragon) detail. The 2017 publication pre-dates almost all of the productized zero-trust marketplace; the principles are durable, the products are not.

Key takeaways

Capture filters are how you avoid drowning in volume; display filters are how you find the needle. The book teaches both fluently in the first hundred pages.
Reading TCP behaviour at the packet level (handshakes, retransmits, resets) is the core skill that makes every later analysis question tractable.
Wireshark's profile, coloring rule, and decode-as features turn it from a tool into a workflow; the book's chapter on customisation pays back fast.

Zero trust is a property of the architecture, not a product; the book makes this case convincingly enough that it should be the first read for anyone leading a ZT initiative.
Device and workload identity are the load-bearing layer most ZT deployments under-invest in.
Migration is the project — most organizations cannot adopt zero trust without a multi-year incremental plan, and the book's chapters on incremental rollout are the most useful in practice.

How they compare

Practical Packet Analysis and Zero Trust Networks are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Practical Packet Analysis is pitched at beginner level. Zero Trust Networks is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Practical Packet Analysis and Zero Trust Networks both cover Networking, Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading