Preface

Wireshark is perhaps the world's most popular network packet analyzer used to troubleshoot and analyze network and application protocols across wide variety of technologies. Wireshark is free, open source, and available for Windows, Mac OS X, Linux, and several Unix-like platforms, and it is continuously being improved and expanded by its original developer, Gerald Combs, and over 500 code contributors.

Wireshark has a rich feature set, including the ability to capture, save, and import packet files in a variety of formats. It provides an extensive filtering capability, detailed protocol information, statistics, and built-in analysis and packet coloring features to help you identify and analyze important events. This powerful analysis capability is available to anyone who is willing to invest a little time to learn Wireshark's basic features and how to interpret a relatively small set of core network and application protocols.

This book is designed to introduce Wireshark and essential packet analysis techniques to not only network engineers and administrators, but also application developers, database designers and administrators, server administrators, and IT security professionals. It also gives them the essential knowledge and practical examples needed to effectively utilize Wireshark so they can include packet-level analysis in their daily tasks.

Application developers can use Wireshark to view and understand how the routines in their code that make network calls translate into request/response packets, inspect how the application-related data fields within those packets are structured, and verify that these calls are efficient and work in the way that they are anticipated and intended.

Database designers and administrators can utilize the packet details provided by Wireshark to examine the queries and responses carried by packets and to check whether they are efficient. Are there a lot of small request/response cycles involved in a transactional query that could be replaced by fewer, more efficient requests to improve performance?

Server processing times can be a huge factor and point of contention in performance-related issues across almost all IT arenas. This book will show you how easy it is to use Wireshark to identify and measure server processing times at the packet level where there can be no disputing the evidence.

IT security professionals inherently utilize protocol-level parameters to configure firewalls and intrusion detection and prevention devices, but may lack the skills to confidently establish and verify these factors themselves—instead relying upon others for this critical input. The ability of a security professional to inspect packet captures to identify, characterize, and guard against malicious traffic is assumed, and a small investment of time with this book will open the door to mastering this essential skill.

Finally, network support personnel are called upon on an almost daily basis to troubleshoot strange connectivity or slow network issues. They need the visibility and evidence that packet-level analysis provides to not only defend their domain, but also to assist in identifying and resolving the real problem; that's usually the only way the heat gets permanently turned off. Good Wireshark skills are a must-have for these folks.

The focus of this book is to teach you how to become comfortable and proficient in using basic Wireshark skills within your respective domain. At first glance, looking at a screen full of packets of seemingly endless varieties and sources can be very intimidating, but it is actually quite easy after learning the concepts provided in this book to isolate just the packets that pertain to the area of interest and filter everything else out, establish a high-level understanding of the packet flow and sequence of events, and then find and inspect the correct packets and data fields that address the issue at hand.

One of the additional advantages of learning how to use Wireshark is an increased understanding of how networks and applications really work, the benefits of which are helpful across all other aspects of your work. I'm confident the small investment in time required to learn Wireshark and packet analysis skills will return huge dividends.