Wireshark-users: Re: [Wireshark-users] Network Analysis Training
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: j.snelders@xxxxxxxxxx
Date: Sun, 19 Jul 2009 10:42:59 +0200
Hi Hansang,

Looking forward to your training sessions.

Thanks for your study advice.
Joan

On Sat, 18 Jul 2009 20:09:00 -0400 Hansang Bae wrote:
>charles rech wrote:
>> Hi folks,someone know more names of good books for study TCP/IP , 
>> traffic analyzer?
>
>I think I recently sent this, but can't remember if it was to the list 
>or to an individual.  So just in case...
>
>Understand the TCP/IP protocol in depth.  You can start by reading the 
>following two books (and related RFCs of course.  But I recommend the 
>books first)
>	a.  TCP/IP Illustrated Volume I by Stevens.
>	b.  Internetwork with TCP/IP Volume I by Comer.
>
>The first book is dated, but still a classic.  The above two books are 
>(IMO) the industry bible on the topic of TCP/IP.
>
>
>Then to round out your experience, I would recommend reading a few more

>books.
>	a.  Computer Networks by Tanenbaum
>	c.  Interconnections: Bridges, Routers, Switches.... by Perlman.
>
>
>Once you've read the four books and have a very good understanding of 
>the topic, you should review the RFCs.  It'll help you fill in the gap 
>in knowledge and you'll better understand the protocols.
>
>*NOW* you're ready to read some books on protocol analysis.  The problem
>
>is that I don't know if there is one 'bible' on the topic of protocol 
>analysis.  So much of it is based on experience and intuition that it's

>hard to translate it into a book.
>
>The book I do like very much is "Troubleshooting TCP/IP" by Mark Miller.
>
>  It uses Sniffer output as examples, but it's very generic and can be 
>directly applied to Wireshark.
>
>In case you're wondering "I need to read all this for protocol 
>analysis??"  The answer is *yes* if you really want to be good at it!  :)
>
>Finally, I've decided to record my in-house protocol analysis training 
>sessions (the "best" of which I save for Sharkfest!)  so I'll shoot out

>an email to the list when I get going on that.
>
>-- 
>
>Thanks,
>Hansang
>
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe