0%

Book Description

Master Wireshark and discover how to analyze network packets and protocols effectively, along with engaging recipes to troubleshoot network problems

About This Book

  • Gain valuable insights into the network and application protocols, and the key fields in each protocol
  • Use Wireshark's powerful statistical tools to analyze your network and leverage its expert system to pinpoint network problems
  • Master Wireshark and train it as your network sniffer

Who This Book Is For

This book is aimed at IT professionals who want to develop or enhance their packet analysis skills. A basic familiarity with common network and application services terms and technologies is assumed.

What You Will Learn

  • Discover how packet analysts view networks and the role of protocols at the packet level
  • Capture and isolate all the right packets to perform a thorough analysis using Wireshark's extensive capture and display filtering capabilities
  • Decrypt encrypted wireless traffic
  • Use Wireshark as a diagnostic tool and also for network security analysis to keep track of malware
  • Find and resolve problems due to bandwidth, throughput, and packet loss
  • Identify and locate faults in communication applications including HTTP, FTP, mail, and various other applications ? Microsoft OS problems, databases, voice, and video over IP
  • Identify and locate faults in detecting security failures and security breaches in the network

In Detail

This Learning Path starts off installing Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. You will then discover different ways to create and use capture and display filters. By halfway through the book, you'll be mastering Wireshark features, analyzing different layers of the network protocol, and looking for any anomalies.We then start Ethernet and LAN switching, through IP, and then move on to TCP/UDP with a focus on TCP performance problems. It also focuses on WLAN security. Then, we go through application behavior issues including HTTP, mail, DNS, and other common protocols. This book finishes with a look at network forensics and how to locate security problems that might harm the network.This course provides you with highly practical content explaining Metasploit from the following books:

  • Wireshark Essentials
  • Network Analysis Using Wireshark Cookbook
  • Mastering Wireshark

Style and approach

This step-by-step guide follows a practical approach, starting from the basic to the advanced aspects. Through a series of real-world examples, this learning path will focus on making it easy for you to become an expert at using Wireshark.

Table of Contents

  1. Wireshark Revealed: Essential Skills for IT Professionals
    1. Table of Contents
    2. Wireshark Revealed: Essential Skills for IT Professionals
    3. Credits
    4. Preface
      1. What this learning path covers
      2. What you need for this learning path
      3. Who this learning path is for
        1. Reader feedback
      4. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    5. 1. Module 1
      1. 1. Getting Acquainted with Wireshark
        1. Installing Wireshark
          1. Installing Wireshark on Windows
          2. Installing Wireshark on Mac OS X
          3. Installing Wireshark on Linux/Unix
        2. Performing your first packet capture
          1. Selecting a network interface
          2. Performing a packet capture
          3. Wireshark user interface essentials
          4. Filtering out the noise
            1. Applying a display filter
          5. Saving the packet trace
        3. Summary
      2. 2. Networking for Packet Analysts
        1. The OSI model – why it matters
          1. Understanding network protocols
          2. The seven OSI layers
            1. Layer 1 – the physical layer
            2. Layer 2 – the data-link layer
            3. Layer 3 – the network layer
              1. Internet Protocol
              2. Address Resolution Protocol
            4. Layer 4 – the transport layer
              1. User Datagram Protocol
              2. Transmission Control Protocol
            5. Layer 5 – the session layer
            6. Layer 6 – the presentation layer
            7. Layer 7 – the application layer
              1. Encapsulation
        2. IP networks and subnets
        3. Switching and routing packets
          1. Ethernet frames and switches
          2. IP addresses and routers
        4. WAN links
        5. Wireless networking
        6. Summary
      3. 3. Capturing All the Right Packets
        1. Picking the best capture point
          1. User location
          2. Server location
          3. Other capture locations
            1. Mid-network captures
            2. Both sides of specialized network devices
        2. Test Access Ports and switch port mirroring
          1. Test Access Port
          2. Switch port mirroring
            1. Capturing packets on high traffic rate links
        3. Capturing interfaces, filters, and options
          1. Selecting the correct network interface
          2. Using capture filters
          3. Configuring capture filters
          4. Capture options
            1. Capturing filenames and locations
            2. Multiple file options
            3. Ring buffer
            4. Stop capture options
            5. Display options
            6. Name resolution options
        4. Verifying a good capture
        5. Saving the bulk capture file
        6. Isolating conversations of interest
        7. Using the Conversations window
          1. The Ethernet tab
          2. The TCP and UDP tabs
          3. The WLAN tab
        8. Wireshark display filters
          1. The Display Filter window
          2. The display filter syntax
          3. Typing in a display filter
          4. Display filters from a Conversations or Endpoints window
        9. Filter Expression Buttons
          1. Using the Expressions window button
          2. Right-click menus on specific packet fields
        10. Following TCP/UDP/SSL streams
        11. Marking and ignoring packets
        12. Saving the filtered traffic
        13. Summary
      4. 4. Configuring Wireshark
        1. Working with packet timestamps
          1. How Wireshark saves timestamps
          2. Wireshark time display options
          3. Adding a time column
            1. Conversation versus displayed packet time options
          4. Choosing the best Wireshark time display option
          5. Using the Time Reference option
        2. Colorization and coloring rules
          1. Packet colorization
        3. Wireshark preferences
        4. Wireshark profiles
          1. Creating a Wireshark profile
          2. Selecting a Wireshark profile
        5. Summary
      5. 5. Network Protocols
        1. The OSI and DARPA reference models
          1. Network layer protocols
            1. Wireshark IPv4 filters
            2. Wireshark ARP filters
          2. Internet Group Management Protocol
            1. Wireshark IGMP filters
          3. Internet Control Message Protocol
            1. ICMP pings
            2. ICMP traceroutes
            3. ICMP control message types
            4. ICMP redirects
              1. Wireshark ICMP filters
          4. Internet Protocol Version 6
            1. IPv6 addressing
            2. IPv6 address types
            3. IPv6 header fields
            4. IPv6 transition methods
              1. Wireshark IPv6 filters
          5. Internet Control Message Protocol Version 6
            1. Multicast Listener Discovery
              1. Wireshark ICMPv6 filters
        2. Transport layer protocols
          1. User Datagram Protocol
            1. Wireshark UDP filters
          2. Transmission Control Protocol
            1. TCP flags
            2. TCP options
              1. Wireshark TCP filters
        3. Application layer protocols
          1. Dynamic Host Configuration Protocol
            1. Wireshark DHCP filters
          2. Dynamic Host Configuration Protocol Version 6
            1. Wireshark DHCPv6 filters
          3. Domain Name Service
            1. Wireshark DNS filters
          4. Hypertext Transfer Protocol
            1. HTTP Methods
            2. Host
            3. Request Modifiers
              1. Wireshark HTTP filters
          5. Additional information
            1. Wireshark wiki
            2. Protocols on Wikipedia
            3. Requests for Comments
        4. Summary
      6. 6. Troubleshooting and Performance Analysis
        1. Troubleshooting methodology
          1. Gathering the right information
          2. Establishing the general nature of the problem
          3. Half-split troubleshooting and other logic
        2. Troubleshooting connectivity issues
          1. Enabling network interfaces
          2. Confirming physical connectivity
          3. Obtaining the workstation IP configuration
          4. Obtaining MAC addresses
          5. Obtaining network service IP addresses
          6. Basic network connectivity
            1. Connecting to the application services
        3. Troubleshooting functional issues
        4. Performance analysis methodology
          1. Top five reasons for poor application performance
            1. Preparing the tools and approach
            2. Performing, verifying, and saving a good packet capture
            3. Initial error analysis
            4. Detecting and prioritizing delays
            5. Server processing time events
            6. Application turn's delay
            7. Network path latency
            8. Bandwidth congestion
            9. Data transport
              1. TCP StreamGraph
              2. IO Graph
              3. IO Graph – Wireshark 2.0
        5. Summary
      7. 7. Packet Analysis for Security Tasks
        1. Security analysis methodology
          1. The importance of baselining
        2. Security assessment tools
        3. Identifying unacceptable or suspicious traffic
        4. Scans and sweeps
          1. ARP scans
          2. ICMP ping sweeps
          3. TCP port scans
          4. UDP port scans
        5. OS fingerprinting
        6. Malformed packets
        7. Phone home traffic
        8. Password-cracking traffic
        9. Unusual traffic
        10. Summary
      8. 8. Command-line and Other Utilities
        1. Wireshark command-line utilities
        2. Capturing traffic with Dumpcap
        3. Capturing traffic with Tshark
        4. Editing trace files with Editcap
        5. Merging trace files with Mergecap
          1. Mergecap batch file
        6. Other helpful tools
          1. HttpWatch
          2. SteelCentral Packet Analyzer Personal Edition
          3. AirPcap adapters
        7. Summary
    6. 2. Module 2
      1. 1. Introducing Wireshark
        1. Introduction
        2. Locating Wireshark
          1. Getting ready
          2. How to do it...
            1. Monitoring a server
            2. Monitoring a router
            3. Monitoring a firewall
          3. How it works...
          4. There's more...
          5. See also
        3. Starting the capture of data
          1. Getting ready
          2. How to do it...
            1. How to choose the interface to start the capture
            2. How to configure the interface you capture data from
          3. How it works...
          4. There's more...
          5. See also
        4. Configuring the start window
          1. Getting ready
            1. Main Toolbar
            2. Display Filter Toolbar
            3. Status Bar
          2. How to do it...
            1. Configuring toolbars
            2. Configuring the main window
            3. Name Resolution
            4. Colorizing the packet list
            5. Auto scrolling in live capture
        5. Using time values and summaries
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Configuring coloring rules and navigation techniques
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        7. Saving, printing, and exporting data
          1. Getting ready
          2. How to do it...
            1. Saving data in various formats
            2. How to print data
          3. How it works...
        8. Configuring the user interface in the Preferences menu
          1. Getting ready
          2. How to do it...
            1. Changing and adding columns
            2. Changing the capture configuration
            3. Configuring the name resolution
          3. How it works...
        9. Configuring protocol preferences
          1. Getting ready
          2. How to do it...
            1. Configuring of IPv4 and IPv6 Preferences
            2. Configuring TCP and UDP
          3. How it works...
          4. There's more...
      2. 2. Using Capture Filters
        1. Introduction
        2. Configuring capture filters
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Configuring Ethernet filters
          1. Getting ready
          2. How to do it...
          3. How it works…
          4. There's more...
          5. See also
        4. Configuring host and network filters
          1. Getting ready
          2. How to do it...
          3. How it works…
          4. There's more...
          5. See also
        5. Configuring TCP/UDP and port filters
          1. Getting ready
          2. How to do it...
          3. How it works…
          4. There's more...
          5. See also
        6. Configuring compound filters
          1. Getting ready
          2. How to do it...
          3. How it works…
          4. There's more...
          5. See also
        7. Configuring byte offset and payload matching filters
          1. Getting ready
          2. How to do it...
          3. How it works…
          4. There's more...
          5. See also
      3. 3. Using Display Filters
        1. Introduction
        2. Configuring display filters
          1. Getting ready
          2. How to do it...
            1. Choosing from the filters menu
            2. Writing the syntax directly into the display filter window
            3. Choosing a parameter in the packet pane and defining it as a filter
          3. How it works...
          4. There's more...
            1. What is the parameter we filter?
            2. Adding a parameter column
            3. Saving the displayed data
        3. Configuring Ethernet, ARP, host, and network filters
          1. Getting ready
          2. How to do it...
            1. Ethernet filters
            2. ARP filters
            3. IP and ICMP filters
            4. Complex filters
          3. How it works...
            1. Ethernet broadcasts
            2. IPv4 multicasts
            3. IPv6 multicasts
          4. See also
        4. Configuring TCP/UDP filters
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Configuring specific protocol filters
          1. Getting ready
          2. How to do it...
            1. HTTP display filters
            2. DNS display filters
            3. FTP display filters
          3. How it works...
          4. See also
        6. Configuring substring operator filters
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Configuring macros
          1. Getting ready
          2. How to do it...
          3. How it works...
      4. 4. Using Basic Statistics Tools
        1. Introduction
        2. Using the Summary tool from the Statistics menu
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Using the Protocol Hierarchy tool from the Statistics menu
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Using the Conversations tool from the Statistics menu
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Ethernet conversations statistics
            2. IP conversations statistics
            3. TCP/UDP conversations statistics:
        5. Using the Endpoints tool from the Statistics menu
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Using the HTTP tool from the Statistics menu
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Configuring Flow Graph for viewing TCP flows
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. Creating IP-based statistics
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      5. 5. Using Advanced Statistics Tools
        1. Introduction
        2. Configuring IO Graphs with filters for measuring network performance issues
          1. Getting ready
          2. How to do it...
            1. Filter configuration
            2. X-Axis configuration
            3. Y-Axis configuration
          3. How it works...
          4. There's more...
        3. Throughput measurements with IO Graph
          1. Getting ready
          2. How to do it...
            1. Measuring throughput between end devices
            2. Measuring application throughput
          3. How it works...
          4. There's more...
            1. Graph SMS usage – finding SMS messages sent by a specific subscriber
            2. Graphing number of accesses to the Google web page
        4. Advanced IO Graph configurations with advanced Y-Axis parameters
          1. Getting ready
          2. How to do it...
            1. How to monitor inter-frame time delta statistics
            2. How to monitor the number of TCP retransmissions in a stream
            3. How to monitor a number of field appearances
          3. How it works...
          4. There's more...
        5. Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Getting information through TCP stream graphs – the Throughput Graph window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. Getting information through TCP stream graphs – the Round Trip Time window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        9. Getting information through TCP stream graphs – the Window Scaling Graph window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      6. 6. Using the Expert Infos Window
        1. Introduction
        2. The Expert Infos window and how to use it for network troubleshooting
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Error events and understanding them
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        4. Warning events and understanding them
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Notes events and understanding them
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
      7. 7. Ethernet, LAN Switching, and Wireless LAN
        1. Introduction
        2. Discovering broadcast and error storms
          1. Getting ready
          2. How to do it...
            1. Spanning Tree Problems
            2. A device that generates Broadcasts
            3. Fixed pattern broadcasts
          3. How it works...
          4. There's more…
          5. See also
        3. Analyzing Spanning Tree Protocols
          1. Getting ready
          2. How to do it...
            1. Which STP version is running on the network?
            2. Are there too many topology changes?
          3. How it works...
            1. Port states
          4. There's more…
        4. Analyzing VLANs and VLAN tagging issues
          1. Getting ready
          2. How to do it...
            1. Monitoring traffic inside a VLAN
            2. Viewing tagged frames going through a VLAN tagged port
          3. How it works...
          4. There's more…
          5. See also
        5. Analyzing wireless (Wi-Fi) problems
          1. Getting ready
          2. How to do it…
          3. How it works…
      8. 8. ARP and IP Analysis
        1. Introduction
        2. Analyzing connectivity problems with ARP
          1. Getting ready
          2. How to do it...
            1. ARP poisoning and Man-in-the-Middle attacks
            2. Gratuitous ARP
            3. ARP sweeps
            4. Requests or replies, and who is the sender
            5. How many ARPs
          3. How it works...
          4. There's more...
        3. Using IP traffic analysis tools
          1. Getting ready
          2. How to do it...
            1. IP statistics tools
          3. How it works...
          4. There's more...
        4. Using GeoIP to look up physical locations of the IP address
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Finding fragmentation problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Analyzing routing problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Finding duplicate IPs
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. Analyzing DHCP problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      9. 9. UDP/TCP Analysis
        1. Introduction
        2. Configuring TCP and UDP preferences for troubleshooting
          1. Getting ready
          2. How to do it...
            1. UDP parameters
            2. TCP parameters
          3. How it works...
          4. There's more…
        3. TCP connection problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
        4. TCP retransmission – where do they come from and why
          1. Getting ready
          2. How to do it...
            1. Case 1 – retransmissions to many destinations
            2. Case 2 – retransmissions on a single connection
            3. Case 3 – retransmission patterns
            4. Case 4 – retransmission due to a non-responsive application
            5. Case 5 – retransmission due to delayed variations
            6. Finding what it is
          3. How it works...
            1. Regular operation of the TCP Sequence/Acknowledge mechanism
            2. What are TCP retransmissions and what do they cause
          4. There's more...
          5. See also
        5. Duplicate ACKs and fast retransmissions
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. TCP out-of-order packet events
          1. Getting ready
          2. How to do it...
            1. When will it happen?
          3. How it works...
        7. TCP Zero Window, Window Full, Window Change, and other Window indicators
          1. Getting ready
          2. How to do it...
            1. TCP Zero Window, Zero Window Probe, and Zero Window Violation
            2. TCP Window Update
            3. TCP Window Full
          3. How it works...
          4. There's more…
        8. TCP resets and why they happen
          1. Getting ready
          2. How to do it...
            1. Cases in which reset is not a problem
            2. Cases in which reset can indicate a problem
          3. How it works...
      10. 10. HTTP and DNS
        1. Introduction
        2. Filtering DNS traffic
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Analyzing regular DNS operations
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. DNS operation
            2. DNS namespace
            3. The resolving process
          4. There's more...
        4. Analysing DNS problems
          1. Getting ready
          2. How to do it...
            1. DNS cannot resolve a name
            2. DNS slow responses
          3. How it works...
          4. There's more...
        5. Filtering HTTP traffic
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. HTTP methods
            2. Status codes
          4. There's more...
        6. Configuring HTTP preferences
          1. Getting ready
          2. How to do it...
            1. Custom HTTP headers fields
          3. How it works...
          4. There's more...
        7. Analyzing HTTP problems
          1. Getting ready
          2. How to do it...
            1. Informational codes
            2. Success codes
            3. Redirect codes
            4. Client errors
            5. Server errors
          3. How it works...
          4. There's more...
        8. Exporting HTTP objects
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        9. HTTP flow analysis and the Follow TCP Stream window
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        10. Analyzing HTTPS traffic – SSL/TLS basics
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      11. 11. Analyzing Enterprise Applications' Behavior
        1. Introduction
        2. Finding out what is running over your network
          1. Getting ready
          2. How to do it...
          3. There's more...
        3. Analyzing FTP problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
          1. Getting ready
          2. How to do it...
            1. POP3 communications
            2. SMTP communications
            3. Some other methods and problems
          3. How it works...
            1. POP3
            2. SMTP and SMTP error codes (RFC3463)
          4. There's more...
        5. Analyzing MS-TS and Citrix communications problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
        6. Analyzing problems in the NetBIOS protocols
          1. Getting ready
          2. How to do it...
            1. General tests
            2. Specific issues
          3. How it works...
          4. There's more…
            1. Example 1 – application freezing
            2. Example 2 – broadcast storm caused by SMB
        7. Analyzing database traffic and common problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      12. 12. SIP, Multimedia, and IP Telephony
        1. Introduction
        2. Using Wireshark's features for telephony and multimedia analysis
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Analyzing SIP connectivity
          1. Getting ready
          2. How to do it...
            1. 1xx codes – provisional/informational
            2. 2xx codes – success
            3. 3xx codes – redirection
            4. 4xx codes – client error
            5. 5xx codes – server error
            6. 6xx codes – global failure
          3. How it works...
          4. There's more...
        4. Analyzing RTP/RTCP connectivity
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. RTP principles of operation
            2. The RTCP principle of operation
          4. There's more...
        5. Troubleshooting scenarios for video and surveillance applications
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Troubleshooting scenarios for IPTV applications
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Troubleshooting scenarios for video conferencing applications
          1. Getting ready
          2. How to do it...
        8. Troubleshooting RTSP
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      13. 13. Troubleshooting Bandwidth and Delay Problems
        1. Introduction
        2. Measuring total bandwidth on a communication link
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Measuring bandwidth and throughput per user and per application over a network connection
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        4. Monitoring jitter and delay using Wireshark
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Discovering delay/jitter-related application problems
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      14. 14. Understanding Network Security
        1. Introduction
        2. Discovering unusual traffic patterns
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Discovering MAC- and ARP-based attacks
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Discovering ICMP and TCP SYN/Port scans
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Discovering DoS and DDoS attacks
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Locating smart TCP attacks
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        7. Discovering brute-force and application attacks
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
      15. A. Links, Tools, and Reading
        1. Useful Wireshark links
        2. tcpdump
        3. Some additional tools
          1. SNMP tools
          2. SNMP platforms
          3. The NetFlow, JFlow, and SFlow analyzers
          4. HTTP debuggers
          5. Syslog
          6. Other stuff
        4. Network analysers
        5. Interesting websites
        6. Books
    7. 3. Module 3
      1. 1. Welcome to the World of Packet Analysis with Wireshark
        1. Introduction to Wireshark
        2. A brief overview of the TCP/IP model
        3. The layers in the TCP/IP model
        4. An introduction to packet analysis with Wireshark
          1. How to do packet analysis
          2. What is Wireshark?
          3. How it works
        5. Capturing methodologies
          1. Hub-based networks
          2. The switched environment
          3. ARP poisoning
          4. Passing through routers
          5. Why use Wireshark?
          6. The Wireshark GUI
            1. The installation process
          7. Starting our first capture
        6. Summary
        7. Practice questions
      2. 2. Filtering Our Way in Wireshark
        1. An introduction to filters
        2. Capture filters
          1. Why use capture filters
          2. How to use capture filters
          3. An example capture filter
          4. Capture filters that use protocol header values
        3. Display filters
          1. Retaining filters for later use
        4. Searching for packets using the Find dialog
          1. Colorize traffic
        5. Create new Wireshark profiles
        6. Summary
        7. Practice questions
      3. 3. Mastering the Advanced Features of Wireshark
        1. The Statistics menu
          1. Using the Statistics menu
          2. Protocol Hierarchy
        2. Conversations
        3. Endpoints
        4. Working with IO, Flow, and TCP stream graphs
        5. IO graphs
        6. Flow graphs
        7. TCP stream graphs
          1. Round-trip time graphs
          2. Throughput graphs
          3. The Time-sequence graph (tcptrace)
        8. Follow TCP streams
        9. Expert Infos
        10. Command Line-fu
        11. Summary
        12. Exercise
      4. 4. Inspecting Application Layer Protocols
        1. Domain name system
          1. Dissecting a DNS packet
          2. Dissecting DNS query/response
          3. Unusual DNS traffic
        2. File transfer protocol
          1. Dissecting FTP communications
            1. Passive mode
            2. Active mode
          2. Dissecting FTP packets
          3. Unusual FTP
        3. Hyper Text Transfer Protocol
          1. How it works – request/response
          2. Request
          3. Response
          4. Unusual HTTP traffic
        4. Simple Mail Transfer Protocol
          1. Usual versus unusual SMTP traffic
          2. Session Initiation Protocol and Voice Over Internet Protocol
          3. Analyzing VOIP traffic
            1. Reassembling packets for playback
          4. Unusual traffic patterns
          5. Decrypting encrypted traffic (SSL/TLS)
        5. Summary
        6. Practice questions
      5. 5. Analyzing Transport Layer Protocols
        1. The transmission control protocol
          1. Understanding the TCP header and its various flags
          2. How TCP communicates
            1. How it works
            2. Graceful termination
            3. RST (reset) packets
          3. Relative verses Absolute numbers
          4. Unusual TCP traffic
          5. How to check for different analysis flags in Wireshark
        2. The User Datagram Protocol
          1. A UDP header
          2. How it works
            1. The DHCP
            2. The TFTP
          3. Unusual UDP traffic
        3. Summary
        4. Practice questions
      6. 6. Analyzing Traffic in Thin Air
        1. Understanding IEEE 802.11
          1. Various modes in wireless communications
            1. Wireless interference and strength
          2. The IEEE 802.11 packet structure
            1. RTS/CTS
        2. Usual and unusual WEP – open/shared key communication
          1. WEP-open key
          2. The shared key
          3. WPA-Personal
          4. WPA-Enterprise
        3. Decrypting WEP and WPA traffic
        4. Summary
        5. Practice questions
      7. 7. Network Security Analysis
        1. Information gathering
          1. PING sweep
          2. Half-open scan (SYN)
          3. OS fingerprinting
        2. ARP poisoning
        3. Analyzing brute force attacks
          1. Inspecting malicious traffic
          2. Solving real-world CTF challenges
        4. Summary
        5. Practice questions
      8. 8. Troubleshooting
        1. Recovery features
          1. The flow control mechanism
          2. Troubleshooting slow Internet and network latencies
          3. Client- and server-side latencies
          4. Troubleshooting bottleneck issues
          5. Troubleshooting application-based issues
        2. Summary
        3. Practice questions
      9. 9. Introduction to Wireshark v2
        1. The intelligent scroll bar
        2. Translation
        3. Graph improvements
        4. TCP streams
        5. USBPcap
        6. Summary
        7. Practice questions
      10. Bibliography
    8. Index
44.195.23.152