Written by Angela Orebaugh along with Greg Morris and Ed Warnicke
Published by Syngress, copyright 2004, 468 pages
ISBN: 1-932266-82-8
Rating 7 out of 10
The Good
Syngress books come with a one-year upgrade, which is a great idea to talk about, and very useful for books of this nature that have the tendency to change.
I especially like the great summaries at the end of each chapter including the "Solutions Fast Track" and FAQ.
The Bad
The book's price of $49.95 seems high at first, however I consider this book to be a reference book. As such, it's about the price of many other books in the reference area. I do believe the publishers should take note that they should really consider lower prices for their books.
Is it too hard to have a one-page chapter listing in the front of the book? The table of contents is eight pages long, which is nicely detailed, however adding a single page before the detailed table of contents for a listing of the chapters would be a simple addition that could make the book more usable.
The Details
The book starts off with the basics, the "What, Who and How" of packet sniffing using Ethereal and the basics of network technologies. The author also demonstrates a very basic sniffer for demonstrating the basic concept of Ethereal.
Some of the points they bring up include an explanation why not to depend on a switch for security, detecting/protecting against sniffers. A book on Ethereal would not be complete without the seemingly mandatory talk about policy. It is too bad that the book neglects to reference a book on policies such as Scott Barman's "Writing Information Security Policies".
Chapter two starts off with an explanation of GPL, which is beneficial for those that are new to open source software, especially the security people that are used to spending large budgets on closed proprietary tools. There is a helpful list of supported protocols, but the list is in paragraph form, instead of an actual list, which makes it very hard to read.
Also helpful for the people that are not necessarily programmers is an introduction to CVS (Concurrent Versioning System) which from my experiences has confused many people that are new to dealing with open source and Linux based software.
Chapter two mentions the need to know your network; Ethereal is just a single tool in your security toolbox. The advice that testing should be done to create a baseline when there are no problems is a great concept that would be quite helpful to include in network documentation.
Chapter three talks about older version, however they do warn about it. The chapter details installation on Linux, Solaris, and Windows, but notably skips Macs. On the Syngress web site though they do have a link that allows people to sign up to be notified when the bonus chapter "Configuring Ethereal for OSX" is ready. It appears that they are trying to accommodate the Mac people.
The fourth chapter starts with explaining the 3 pane GUI, however current version is very different. This is one of those problems that can not be avoided when you publish a physical book on something that changes as often as software.
They do explain again how Ethereal is still being developed and show a CVS update. There is also a good explanation of graphing, which I didn't know about before reading about it in the book.
Chapter five has a solid explanation of filters and the difference between capture filters and display features. This is information that is good for reference, will not change (at least concept wise) from release to release, and is hard to find on the Internet.
Graphical representation for some packet layouts, but a solid understanding of fundamental networking would be extremely helpful. The interworkings of the TCP/IP protocol goes beyond the scope of any Ethereal book. This goes back to Ethereal being a tool, and as with any tool the user must know the environment the tool is to be used in. It may surprise some, but Ethereal is not your information security silver bullet, all of those looking for that can move on now.
The author includes useful information on how to use Ethereal to analyze information captured by Snort. This concept can also be used to analyze capture files from other programs so it is good stuff to know, even if you do not use Snort specifically.
The author hints at the importance of having systems that have the correct time in a FAQ question. This is something that is a great point, but really needs to be talked about in greater detail or at least given a higher level of importance. This is an issue that I have with many information security books. I understand not being able to include everything, but a footnote or something would be helpful.
Chapter eight is all about practicing on existing files. With Ethereal there really is no better way to learn then by using some practice files to hone your skills.
Chapter nine is all about developing Ethereal to suit your needs. This type of writing is missing from many other books on OSS . This is a great central source for how to start developing Ethereal and the necessary programs and libraries required for doing so. Using web-based documents is more trial by fire and is always a challenge to find everything you need. This is one of those times that having a book in print can really make life easier, and it's what makes the book worth its price.
The author briefly goes over line terminating which seems too basic, but many people using Ethereal are not programmers or system admins, they are more security minded professionals.
Conclusion
If you take this book for what it is, and in my opinion the only reference complete book on Ethereal then it is a great book. There are some rough edges, however, I believe the book succeeds at getting people up and running with Ethereal.