I have a week to kill between the end of school and the beginning of work, so I have been running through security books.  Today, I read __Practical Packet Analysis__, which teaches the reader how to understand a packet and how to acquire them.  I picked it up expecting a primer on Wireshark, the primary sniffer used, so I was a little disappointed that it is mostly general network and sniffing information. 

The book's core is about 150 pages, and it is geared toward beginners and, unfortunately, Windows users, though that is not to say there is nothing about Linux.  Installation of Wireshark, for example, is covered on both, but arp poisoning is only shown through Cain & Able.  At least one Linux section contains an error; in the installation for both RPMs and DEBs, he says to download the Wireshark package but never mentions to "cd" into the directory into which it is downloaded.  You might think he expects the reader to have enough Linux knowledge to know that, but then they should have enough knowledge to install a .rpm or .deb package anyway.  Also, for .deb packages, it says to download the package from the Wireshark webpage (and he does not give the url, which seems a bit foolish) and run apt-get install wireshark, not dpkg -i wireshark-x.xx.i386.deb (or whatever). 

Overall, the content is a mixed bag.  It spends awhile on changing the timestamps of packets in Wireshark, which anyone with no knowledge of anything could figure out by simply clicking on the menu, yet a few pages later, the author skips over most of the filter expressions because "this book is not is not intended as a Wireshark manual," suggesting the reader go to the Wireshark website (again without providing a link).

The book certainly provides the reader with an understanding of how sniffing on a network.  Its goal is to use Wireshark for things like analyzing bottlenecks and is not specific to security.  If someone wants to get into network security, it works as a primer, I suppose.  It might also work as a refresher if you've been out of the game for awhile, but if you're here, that probably doesn't apply to you.  Other than that, it has little purpose, and I don't recommend it.  The author simply tries to cover too much ground too fast, and nothing is covered in depth.  One might be better off reading something on networks and then something on sniffing or Wireshark.  You can't do both in 150 pages.