Kim wrote: > May I know from you all Wireshark & Protocol analysis experts your > recommended reading material or training for Wireshark and protocol > analysis? I would like to be able to take Wireshark trace file and pinpoint > possible communication issue like slow network/server response time, > malware, fragmentation, and others. > > Thanks. > Kim
Hi Kim, When reading your post I just remembered addressing a similar issue in my Amazon.com review of Charles Kozierok's "The TCP/IP Guide" (TTG): -begin review excerpt- For beginners, a better introduction is Jeanna Matthews' "Computer Networking: Internet Protocols in Action." Matthews' book is shorter (273 pages), more direct, and packet-example-based, meaning it ships with a CD-ROM of traces that readers can analyze as they read Matthews' commentary. The lack of examinations of packet traces is one of my biggest problems with TTG. If TTG aims to be comprehensive, it should have looked at real traffic using Ethereal/Wireshark instead of staying at the specification level. For intermediate readers, Eric Hall's "Internet Core Protocols: The Definitive Guide" is a great look at the building blocks of networking, albeit without IPv6 or application protocols. Hall's book is also packet-oriented, with examples for each concept. For expert readers, "Troubleshooting Campus Networks" by Priscilla Oppenheimer and Joseph Bardwell is outstanding. J. Scott Haugdahl's "Network Analysis and Troubleshooting" and Kevin Burns' "TCP/IP Analysis and Troubleshooting Toolkit" are also excellent. All three show packets. Those with some networking experience looking for a thorough (but not packet-example-based) examination should definitely read Adrian Farrel's "The Internet and Its Protocols: A Comparative Approach." Farrel demonstrates deep subject matter expertise by showing similarities and differences between protocols. He also covers protocols like MPLS and SCTP that are ignored by TTG. -end review excerpt- For training, I built my 4-day TCP/IP Weapons School class to teach packet-level analysis of security events. I taught the first two days at USENIX in Vancouver and as a result USENIX invited me back. :) I've got a public offering scheduled in DC in December. You can read more about it on my Web site: http://www.taosecurity.com/training.html Thank you, Richard _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
