Practical Packet Analysis


Chris Sanders




No Starch Press, 3rd Edition

Practical Packet Analysis

I’ve taken two networking classes (one at the undergrad level and one at the graduate level) and both left me feeling like I had just wasted a semester of my life. Arguably, this is partially due to the quality of the instructors, but both classes suffered from a common failing in academia: not teaching anything practical or tangible to go with the conceptual. This book covers a good chunk of information I felt my classes were missing: a deep dive into network protocols, their headers, uses and troubleshooting techniques, all with real world scenarios to underscore the lesson.

Additionally, Practical Packet Analysis serves as a solid introduction to Wireshark, with great examples included in each section. Unfortunately, a lot of the examples are out of date, using an older version of Wireshark, and frankly the Wireshark website does a better job walking you through more advanced ways to use the tool. So this book is probably not the best way to learn advanced Wireshark techniques. Where this book excels is helping you understand network protocols and how to break down packets to better understand the current health and security of your network regardless of the monitoring tool you are using.

Practical Packet Analysis starts off a bit slow for anyone who already has a decent understanding of networking and Wireshark, but once you get into network protocols around chapter 7, things improve significantly. The book really does a great job of providing a clear and concise overview of each common protocol without dragging, making it a pretty quick read. Chapters 7 thru 9 are great reference chapters I know I will be referring to again in the future. Chapters 10 and up brought everything together, walking you through real world scenarios of performing packet analysis to solve common problems. These chapters are what makes this book worth the investment. This is where things really started clicking for me and I am sure I will be using many of the techniques discussed both on my home network and at work.


Throughout my 10 year career I have worked as a web developer, systems administrator, software engineer, security analyst and now cybersecurity engineer. I currently develop software applications to automate security vulnerability and compliance scanning and reporting for a multinational financial institution.