I managed to hold off from studying the Friday I passed the IPS exam. However, the next day it wasn't so easy. I started into (and finished) Practical Packet Analysis.
It was a quick and easy 178 pages. I'm not exactly sure what Chris Sanders was trying to do with the book. It wasn't meant to be a Wireshark book. But, it focused mainly on Wireshark. The book would dig into a topic - only to leave it open to the reader to research further to complete the topic. It might be a good book for beginners or those who want to have a general idea of what's going on, but not really as "practical" as the title would suggest.
I'm also going through the Wireshark University DVDs. I was lucky enough to (nag) ask my supervisor a few years ago for these. I have all 4 DVDs from the set. I've been through them already and they are very worth the money! At the time - I had already read the Ethereal book. I was reasonably familiar with how to take a trace and had muddled my way through a few. With these DVDs, I was able to know how to best sample the traffic, navigate the Wireshark interface, and produce some meaningful results. THAT is practical packet analysis.
I have since joined the Wireshark email list. It's very interesting to see people ask questions that can be easily answered from the User Guide or from the Wiki. What's better is when I see a question that was covered in the Wireshark DVDs. What's best is when you see the experienced users asking very detailed questions. And (as with all email lists) there are the gurus who always seem to have the answer. I want to be at that level.
So I'm going through the DVDs again. Just in the first few sections of the first DVD, I have already picked up on some things that I really glazed over the first time. And this time I'm watching with a notebook by my side. I compared the course outlines to the objectives on the Wireshark Certification Guide. The outlines and objectives seem to match up pretty evenly. And it's an open-book test... When I'm ready, I shouldn't have too many problems with it. I have the material to study. I have quite a bit of practice already due to requests and situations at work. And there are several sites online with sample captures to analyze.
I'm really looking forward to it. This is the type of studying that is more fun than work. I think the thing I like the most about it is that this is something that you have to think about. Routing/switching is more configure-test-troubleshoot. Security is more parry-thrust. This is more like look-dissect-think-analyze. People may think that their traffic is doing this or that -- but this shows what it's *really* doing. The packets don't lie.
Posted by BlueWolf on August 4, 2009 10:43 PM