Ethereal Packet Sniffing (Syngress) (英語) ペーパーバック – 2004/4/21
Kindle 端末は必要ありません。無料 Kindle アプリのいずれかをダウンロードすると、スマートフォン、タブレットPCで Kindle 本をお読みいただけます。
This book provides system administrators with all of the information as well as software they need to run Ethereal Protocol Analyzer on their networks. There are currently no other books published on Ethereal, so this book will begin with chapters covering the installation and configuration of Ethereal. From there the book quickly moves into more advanced topics such as optimizing Ethereal's performance and analyzing data output by Ethereal.
Ethereal is an extremely powerful and complex product, capable of analyzing over 350 different network protocols. As such, this book also provides readers with an overview of the most common network protocols used, as well as analysis of Ethereal reports on the various protocols. The last part of the book provides readers with advanced information on using reports generated by Ethereal to both fix security holes and optimize network performance.
· Provides insider information on how to optimize performance of Ethereal on enterprise networks.
· Book comes with a CD containing Ethereal, Tethereal, Nessus, Snort, ACID, Barnyard, and more!
· Includes coverage of popular command-line version, Tethereal.
This book is more like a very good user manual for version 0.10.0 (current version as of 4/20/06 is 0.10.14, so there are a few more features than this book covers.) What seems to be a new version of the book with a new title is due out in June of 2006, so some of you might want to wait until it gets released if you want the most up to date version.
I've been just a casual user of Ethereal for a couple years so I thought I'd learn a lot from this book. Surprisingly though, only chapters 5 "Filters" and 8 "Real World Packet Captures" were helpful to me. Everything else was either stuff I could easily figure out on my own, or things I don't use.
Except for chapter 8 with the real-world examples and possibly chapter 9, "Developing Ethereal", this book is just a user manual and should be bought only with this in mind. It would be fun if they made another book that focuses on packet analyzation using Ethereal as the tool. I'll wait.
Evaluated as a user manual only, I'll give it 4 stars. Because it's merely a user manual, it should be less expensive. Then it would earn 5 stars.
If you do not already have this book and know how to use Ethereal, you should buy this book soon. Start by reading the book, but you really should learn to use Ethereal "hands on", on your LAN as soon as possible. You need to know what "normal" conditions look like on your LAN. When your LAN is down, you probably will not have time for much reading. This book provides far too much information to digest and understand at one time, especially while your LAN is down. This is a book to read when you have some "slow" time because your network is OK.
I gave this book 4 stars only because I think a new edition should be released soon. The current edition is now several years old, and with the name of the software recently changed to Wireshark, the book should be updated with the new name for this classic LAN troubleshooting tool.
I've been using Ethereal for around five years, and this book still taught me a few new tricks. The key to the new material is Ethereal's development, from 0.2 in July 1998 to 0.10.3 this year. (The book covers 0.10.0 which is far from being outdated.) The many improvements lend themselves to the sort of explanations found in "Ethereal." For example, my favorite material involved filters. Although chs. 4 and 5 had minor overlap regarding this feature, I learned new ways to manipulate Ethereal's packet search and display capabilities.
Because the entire book focuses on a single suite of tools, it has the space to take in-depth looks at normally ignored components like stream analysis graphs. The book spends time explaining how to write filters with bitwise AND operations, and talks about 'matches' and 'contains' search functions. For programmers, the chapter on "developing Ethereal" gives clues on adding new protocol dissectors. This reminded me of a similar chapter in Syngress' book on Snort.
If you want to really know how to use Ethereal, buy this book. However, it should have been called "Ethereal Packet Sniffer," not "Ethereal Packet Sniffing." The distinction lies in the book's focus; it spends most of its time explaining functions and not analyzing packets. Books on troubleshooting by Bardwell or Haugdahl have more insights to share than ch. 8 in "Ethereal." Nevertheless, I added this book to my recommended reading list for aspiring security engineers. It's worth a close read.