This is a copy of the review I put on Amazon tonight for the book Practical Packet Analysis (2nd edition). I didn't say this on Amazon, but I would recommend you buy the book straight from the publisher, No Starch Press, because you get the electronic version for free with your purchase of the physical book. Anyway, here's my review:
After reading this book, I have a much better understanding of the capabilities of Wireshark, but I really learned so much more. The author does a great job introducing the reader to basic networking concepts, such as the OSI model, data encapsulation, ports, MAC and IP addresses and so on. Chris Sanders does an excellent job teaching the basics and moving on from there in a way that even those very new to the material can keep up.
Networking has always been something I've known just a little about, but I've never been anywhere close to an expert. While I knew about setting up a basic Windows network, that was about it. I took SANS Network Forensics (FOR 558) last year, which uses Wireshark some and learned a lot. Looking back, I can see how much better off I would have been had I read Practical Packet Analysis before the class. So much of what was discussed in class is covered in PPA in clear, concise explanations that would have made it easier for me when I took the forensics course.
This really is one of the best tech books I've ever read. I don't say that lightly, as I've read many good IT and computer forensics books. It is well written and easy to follow. The author has .pcap files available for download from the publisher website so the reader can follow along with the examples in the book. To me, this made learning the material that much easier, allowing me to see first hand what was being taught.
Another thing I like about this and other books from the publisher, No Starch Press, are the graphics. Screenshots of computer screens are often very difficult to make out in other publishers books, but I've noticed in all of my No Starch books they are easy to see.
Practical Packet Analysis is a must-read for anyone wanting to learn how to sniff and analyze packets. Highly recommended!
I am currently working on a review of Malware Forensics Field Guide for Windows Systems. I hope to finish and post it sometime next week.