There were minimal grammar errors, and it does seem like the case studies were not tech edited by the book editor — many of them contained several grammar mistakes. Although, it does appear that those were submitted by third parties and probably used as-is. Nevertheless, I can provide plenty of other examples as to why Wireshark Network Analysis is a great book. There are plenty of screenshots, review questions with answers on the next page (instead of making the reader turn to the back of the book), and links to tons of packet captures for analyzing on your own. Overall, the book is well-written and, in my opinion, the best network analysis book on the market today.
Page 563 resonated with me, as I’m a firm believer in baselining network traffic. In this section, Wireshark Network Analysis details the importance of baselining and the types of traffic to focus on. Like other sections, this section also provides screenshots, showing how to analyze traffic and packet statistics.
The Wireshark community this week is gathering for the SharkFest conference, which is a proof point for the continuing strength of the community. Degionnia noted that the Wireshark network analyzer is a project that has fostered a great community, as developers around the world keep adding protocol support as new technologies emerge.
Wireshark Network Analysis goes well beyond Wireshark functionality. Although the first several chapters outline how to best use Wireshark — examining the settings, filters, and other configurations — I think the true value of the book is in the detailed explanations of network traffic analysis. For instance, pg. 304 delves into DNS. This section tells the reader exactly what DNS is used for and provides an analysis of normal and abnormal DNS traffic. It also shows screenshots of the packet, displays and describes its contents. This type of analysis is provided throughout the book and covers all forms of network traffic (including suspect traffic — my personal favorite).