Interview with Chris Sanders, Author of "Practical Packet Analysis"
by Mirko Zorz - Wednesday, 2 April 2008.
The second and MOST deadly mistake I see made is delaying security. Typically, management wants to implement a wireless deployment as fast as possible. So fast, that they don't want to deal with deploying a proper security configuration. If I had a dollar for every time I've heard someone say, "Let's just throw some standard WEP security on it until its up and running for a while and then we can add more security later." Unfortunately, later usually never comes, and by the time it really matters it may be too late. If you are in an organization that transmits sensitive data over a wireless link, look into security now rather than later. Implementing 802.1x, WPA, Certificate Services, etc may take some initial legwork in the beginning of a deployment but it may very well be your saving grace further on down the road.

How long did it take you to write "Practical Packet Analysis" and what was it like? Any major difficulties?

Start to finish, writing PPA took about eight months. This was my first in print book and it really was a lot of work. I used to think that I wrote to teach people, but I've come to learn that I probably learn just as much writing about technical topics as people do reading them. The guys at No Starch were absolutely fantastic to work with and they let me work at my pace and do things my way, which made it that much better for a first time writer. It was a really fun project and I met a lot of really great people in the Wireshark community while doing it. I can't wait to write a follow up to it.

What's the most interesting fact you've become aware of while researching for your book?

Since writing this book, I've gotten a lot of e-mail from different people asking for assistance regarding packet analysis problems they encounter, which I'm always glad to offer some insight into. The funny thing is, a lot of these e-mails reference me as a "Wireshark Expert", which I find kind of funny. Throughout the course of my book research I've come to figure out that anybody can be a Wireshark expert. It's really just a program with a lot of different analysis tools in it. What makes someone really good at packet analysis is being an expert at the underlying protocols that make a network function. Just because I know how to create an IO graph or chart RTT times doesn't mean that I understand how to follow the packet sequence of a DHCP zone transfer or figure out what a particular ICMP error code is. Packet analysis is no more centered on Wireshark as Astronomy is centered on a telescope. Sure, you need to know how to use the tool, but that tool is just a gateway into everything else you need to learn.

What are your future plans? Any exciting new projects?

I'm hoping to eventually write a second edition of PPA which will have quite a few more practical scenarios which should be beneficial to new PPA readers as well those who bought the first edition. Aside from that I continue to post new content to my blog related to both packet analysis and other topics that are of interest to network administrators. Speaking of which, you can check that out here.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th