Wireshark · Wireshark-users: Re: [Wireshark-users] Network Analysis Training

[Hansang Bae <for_list_hbae@xxxxxxxxxx>]

charles rech wrote:
> Hi folks,someone know more names of good books for study TCP/IP , 
> traffic analyzer?

I think I recently sent this, but can't remember if it was to the list 
or to an individual.  So just in case...

Understand the TCP/IP protocol in depth.  You can start by reading the 
following two books (and related RFCs of course.  But I recommend the 
books first)
	a.  TCP/IP Illustrated Volume I by Stevens.
	b.  Internetwork with TCP/IP Volume I by Comer.

The first book is dated, but still a classic.  The above two books are 
(IMO) the industry bible on the topic of TCP/IP.


Then to round out your experience, I would recommend reading a few more 
books.
	a.  Computer Networks by Tanenbaum
	c.  Interconnections: Bridges, Routers, Switches.... by Perlman.


Once you've read the four books and have a very good understanding of 
the topic, you should review the RFCs.  It'll help you fill in the gap 
in knowledge and you'll better understand the protocols.

*NOW* you're ready to read some books on protocol analysis.  The problem 
is that I don't know if there is one 'bible' on the topic of protocol 
analysis.  So much of it is based on experience and intuition that it's 
hard to translate it into a book.

The book I do like very much is "Troubleshooting TCP/IP" by Mark Miller. 
 It uses Sniffer output as examples, but it's very generic and can be 
directly applied to Wireshark.

In case you're wondering "I need to read all this for protocol 
analysis??"  The answer is *yes* if you really want to be good at it!  :)

Finally, I've decided to record my in-house protocol analysis training 
sessions (the "best" of which I save for Sharkfest!)  so I'll shoot out 
an email to the list when I get going on that.

--

Thanks,
Hansang