- Email: [email protected]
Practical Packet Analysis Chris Sanders
REVIEWS
Reviews BOOK REVIEW
Practical Packet Analysis Chris Sanders. Third edition. Published by No Starch Press. ISBN: 978-1-59327-802-1. Price: $49.95, 368pgs, paperback. E-book edition also available. e reviewed the second edition of this book six years ago, which itself came four years after the publication of the first edition. It’s tempting to ask what can possibly be new in the world of sniffing data packets that warrants a new edition.
W
The truth is, of course, that while the venerable TCP or UDP packet has remained steadfastly unchanged for decades, pretty much everything else in technology changes. For one thing, the key tool for all would-be packet sniffers – Wireshark – has been upgraded to version 2 and this book reflects its new features. As with previous editions, the book delves deeply into the business of crafting filters, a process that is essential to using Wireshark effectively. If you’re at all baffled by filters – and many people are – this book should sort you out. There is also expanded material on IPv6 which is finally seeing enough uptake to make it essential that network analysts and security specialists know how to deal with it. SMTP also gets more attention in this edition. A brand new chapter covers how to use the command line tools tcpdump and TShark. The former, in particular, has been around forever and is a favourite of people who disdain GUIs and prefer the power – and scriptability – of working within a shell. In a sense, then, this edition of the book has moved even further away from being a manual for Wireshark and has built on its strengths – looking at real-world networking issues (not just security-related) and how to analyse and understand them using key tools. It’s one thing capturing packets – it’s quite another understanding what they’re telling
4
Network Security
you. Practical Packet Analysis not only takes you step-by-step through the process of acquiring the necessary data but also provides classic examples, with the relevant capture files being available to download from the web. It’s very much a ‘hands on’ book and the best way to use it is to follow along on a live network – ideally a lab setup. This book is aimed at anyone who needs to diagnose network problems – in fact there’s a whole chapter entitled ‘Fighting a slow network’. Security issues are saved until the penultimate chapter. However, understanding network traffic, including where the packets are going, what protocols they’re using and what they contain, is so critical to information security that this book will provide an excellent grounding for people looking to work in areas such as penetration testing, malware analysis and so on. It contains all the essential information about the protocols and how network packets are formed and distributed before layering on the practical aspects of capturing and analysing them. Some material may be old hat to anyone already managing networks, but there’s enough advanced material to make the book worthwhile for them too. Best of all, Chris Sanders’ writing style is very accessible. This is, necessarily, a highly technical work, but the feel is that of a workshop manual written by someone who is very knowledgeable and comfortable with the material. As I wrote in the review of the second edition, “Sanders delivers the information in this book with rare clarity and simplicity, without ever being lightweight.” And that still holds true. There’s more information here: www. nostarch.com/packetanalysis3. – SM-D BOOK REVIEW
We Know All About You Rhodri Jeffreys-Jones. Published by Oxford University Press. ISBN: 9780198749660. Price: £18.99, 304pgs, hardback. E-book version also available.
A
ccording to the author of this book, George Orwell made a major miscalculation when he wrote 1984 – he placed all the blame for mass surveillance on government agencies.
While governments certainly do indulge themselves in large-scale and sometimes indiscriminate snooping, we should also be concerned about what private organisations are up to, claims the author, Rhodri Jeffreys-Jones. However, one of the surprises of this book is how infrequently names like ‘Google’ and ‘Facebook’ turn up. There’s a couple of reasons for this: first, the bulk of the book is an historical assessment of how mass surveillance has been conducted through the ages; and second, Jeffreys-Jones seems to have a specific obsession with worker blacklists. He focuses on the US and UK and continually draws parallels between the two. For example, while the US somewhat infamously went through its McCarthyite period (something of a misnomer, as the author points out, because the eponymous politician was exploiting rather than creating the rabid anti-communist zeitgeist) so too did the UK; only, in typically British fashion, the latter did it in secret. What may surprise many people – it did me – is how organised information gathering on large numbers of people has always been largely the remit of private organisations. Building dossiers on ‘troublemakers’ – which usually meant union organisers or labour activists – was bread-and-butter work for private detectives and pretty much built the famous Pinkerton agency. Jeffreys-Jones draws a fascinating, and sometimes frightening, picture of how information has always been subject to misuse. But while he does make some nods towards how the Internet has enabled an unprecedented level of data acquisition by commercial organisations, and he also closes the book with a look at the legislation in the US and UK (with the latter being already slightly outdated) that has enshrined the snooping powers of intelligence agencies, ultimately there’s no serious engagement with arguably the most insidious form of surveillance – the web. Nonetheless, this is a fascinating read and it powerfully underlines the message that when we collect data on people, someone will abuse it. There’s more information here: http://bit.ly/2pxYSpO. – SM-D
May 2017
Reviews BOOK REVIEW
Practical Packet Analysis Chris Sanders. Third edition. Published by No Starch Press. ISBN: 978-1-59327-802-1. Price: $49.95, 368pgs, paperback. E-book edition also available. e reviewed the second edition of this book six years ago, which itself came four years after the publication of the first edition. It’s tempting to ask what can possibly be new in the world of sniffing data packets that warrants a new edition.
W
The truth is, of course, that while the venerable TCP or UDP packet has remained steadfastly unchanged for decades, pretty much everything else in technology changes. For one thing, the key tool for all would-be packet sniffers – Wireshark – has been upgraded to version 2 and this book reflects its new features. As with previous editions, the book delves deeply into the business of crafting filters, a process that is essential to using Wireshark effectively. If you’re at all baffled by filters – and many people are – this book should sort you out. There is also expanded material on IPv6 which is finally seeing enough uptake to make it essential that network analysts and security specialists know how to deal with it. SMTP also gets more attention in this edition. A brand new chapter covers how to use the command line tools tcpdump and TShark. The former, in particular, has been around forever and is a favourite of people who disdain GUIs and prefer the power – and scriptability – of working within a shell. In a sense, then, this edition of the book has moved even further away from being a manual for Wireshark and has built on its strengths – looking at real-world networking issues (not just security-related) and how to analyse and understand them using key tools. It’s one thing capturing packets – it’s quite another understanding what they’re telling
4
Network Security
you. Practical Packet Analysis not only takes you step-by-step through the process of acquiring the necessary data but also provides classic examples, with the relevant capture files being available to download from the web. It’s very much a ‘hands on’ book and the best way to use it is to follow along on a live network – ideally a lab setup. This book is aimed at anyone who needs to diagnose network problems – in fact there’s a whole chapter entitled ‘Fighting a slow network’. Security issues are saved until the penultimate chapter. However, understanding network traffic, including where the packets are going, what protocols they’re using and what they contain, is so critical to information security that this book will provide an excellent grounding for people looking to work in areas such as penetration testing, malware analysis and so on. It contains all the essential information about the protocols and how network packets are formed and distributed before layering on the practical aspects of capturing and analysing them. Some material may be old hat to anyone already managing networks, but there’s enough advanced material to make the book worthwhile for them too. Best of all, Chris Sanders’ writing style is very accessible. This is, necessarily, a highly technical work, but the feel is that of a workshop manual written by someone who is very knowledgeable and comfortable with the material. As I wrote in the review of the second edition, “Sanders delivers the information in this book with rare clarity and simplicity, without ever being lightweight.” And that still holds true. There’s more information here: www. nostarch.com/packetanalysis3. – SM-D BOOK REVIEW
We Know All About You Rhodri Jeffreys-Jones. Published by Oxford University Press. ISBN: 9780198749660. Price: £18.99, 304pgs, hardback. E-book version also available.
A
ccording to the author of this book, George Orwell made a major miscalculation when he wrote 1984 – he placed all the blame for mass surveillance on government agencies.
While governments certainly do indulge themselves in large-scale and sometimes indiscriminate snooping, we should also be concerned about what private organisations are up to, claims the author, Rhodri Jeffreys-Jones. However, one of the surprises of this book is how infrequently names like ‘Google’ and ‘Facebook’ turn up. There’s a couple of reasons for this: first, the bulk of the book is an historical assessment of how mass surveillance has been conducted through the ages; and second, Jeffreys-Jones seems to have a specific obsession with worker blacklists. He focuses on the US and UK and continually draws parallels between the two. For example, while the US somewhat infamously went through its McCarthyite period (something of a misnomer, as the author points out, because the eponymous politician was exploiting rather than creating the rabid anti-communist zeitgeist) so too did the UK; only, in typically British fashion, the latter did it in secret. What may surprise many people – it did me – is how organised information gathering on large numbers of people has always been largely the remit of private organisations. Building dossiers on ‘troublemakers’ – which usually meant union organisers or labour activists – was bread-and-butter work for private detectives and pretty much built the famous Pinkerton agency. Jeffreys-Jones draws a fascinating, and sometimes frightening, picture of how information has always been subject to misuse. But while he does make some nods towards how the Internet has enabled an unprecedented level of data acquisition by commercial organisations, and he also closes the book with a look at the legislation in the US and UK (with the latter being already slightly outdated) that has enshrined the snooping powers of intelligence agencies, ultimately there’s no serious engagement with arguably the most insidious form of surveillance – the web. Nonetheless, this is a fascinating read and it powerfully underlines the message that when we collect data on people, someone will abuse it. There’s more information here: http://bit.ly/2pxYSpO. – SM-D
May 2017