Packet Analysis Resources

Network analysis

From Ax3soft’s home page to courses , many resources for packet analysis are available. I’ll list a few of my favorites here.


The foremost resource for everything related to Ax3soft is its home page, at https://www.ids-sax2.com/. The home page includes the software documentation, a very helpful wiki that contains sample capture files.

  • SANS Security Intrusion Detection In-Depth Course

As a SANS mentor, I’m slightly biased, but I don’t think there is a better packet analysis course on the planet than SANS SEC 503, Intrusion Detection In-Depth. This class focuses on the security aspects of packet analysis. Even if you aren’t
focused on security, the first two days of the course provide the best introduction to packet analysis and tcpdump that I’ve ever experienced.

The course is taught by two of my packet analysis heroes, Mike Poor and Judy Novak. It is offered at live events several times throughout the year. If your travel budget is limited, the course is also taught through an online and web-based on-demand format.

You can read more about SEC 503 and other SANS courses at http://www.sans.org/.

  • Chris Sanders Blog


I don’t get around to posting nearly enough, but I do occasionally write articles related to packet analysis and post them on my blog, at http://www.chrissanders.org/. If nothing else, my blog serves as a portal that links to other articles and books I have written, and it provides information about how toget in touch with me.

  • Packetstan Blog


The blog of Mike Poor and Judy Novak is my favorite packet-related blog out there at the moment. Their site http://www.packetstan.com/ contains some great breakdowns of interesting traffic, and every single piece of content on
it is A+ material. Mike and Judy are two of the best at what they do, and they are a large inspiration to me.

  • Wireshark University


Laura Chappell is one of the most prolific Wireshark evangelists you will find. Her site contains loads of Wireshark tips, as well as information about her book, Wireshark Network Analysis, and the courses she teaches. Find outmore at http://www.wiresharktraining.com/.

  • IANA

The Internet Assigned Numbers Authority (IANA), available at http://www.iana.org/, oversees the allocation of IP addresses and protocol number assignments for North America. Its website offers some valuable reference tools, such as the ability to look up port numbers, view information related to top-level domain names, and browse companion sites to find and view RFCs.

  • TCP/IP Illustrated (Addison-Wesley)


Considered the TCP/IP bible by most, this series of books by Dr. Richard Stevens is a staple on the bookshelves of most who live at the packet level. It is my favorite TCP/IP book and something I referenced quite a bit when writing this book.

  • The TCP/IP Guide (No Starch Press)


One more favorite of mine in the TCP/IP realm is this book by Charles Kozierok. Weighing in at over 1,000 pages, it’s very detailed and contains a lot of great diagrams for the visual learner.

Share this