Superbly written by Laura Chappell the Wireshark Network Analysis (Second Edition) is a must have book. Not only to learn the Wireshark tool in great depth but also protocol analysis in general. I’ve been eager to study for the WCNA (Wireshark Certified Network Analyst) for some time now so I made the purchase a few months back. This is the most expensive book I’ve purchased but has a very deserving place on my shelf.
With the SDN apocalypse upon us I wanted to learn in depth packet analysis to aid with the “mean time to innocence” when trouble shooting. Some vendors SDN controllers are unlikely to be built around open standards and powered by secret sauce only. With this in mind I believe packet analysis is going to be even more of a crucial skill going forward. “Packets don’t lie” – Gerald Combs the creator of Wireshark.
War Story
I recently spent some time with a client troubleshooting a web application issue between a load balancer and a web server which was using SSL. The developers insisted the load balancer was at fault. The issue was only identified after temporarily reducing the crypto ciphers to RSA only (turning of PFS) and loading the servers private key into Wireshark to decrypt the packets from the trace file. This enabled us to view the http headers and point out the issue to the developers.
Wireshark Network Analysis (Second Edition) available on Amazon