Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Preface

In the early 2000s, a coworker introduced me to Ethereal, the precursor to Wireshark. I remember looking at the screen as my laptop gobbled up traffic and thinking, "I don't know what this is, but I want to know!" Over the next few years, I immersed myself in learning as much as possible about packet analysis using Wireshark. I attended training, watched videos, and read books that helped me compile and curate my knowledge and respect for what the packets tell us.

I have taught network and security courses and presented at conferences about the many benefits of using Wireshark. In this second edition of Learn Wireshark, I want to share my knowledge with you. Each chapter has multiple opportunities for a hands-on approach. Using the examples, you will make sense of the data and understand what the packets are telling you. I'll outline how to conduct a detailed search, follow the data stream, and identify endpoints so that you can troubleshoot latency issues and actively recognize network attacks. Join me on this journey, and you'll soon realize that the ability to understand what's happening on the network is a superpower!

Who this book is for

This book is for network administrators, security analysts, students, teachers, and anyone interested in learning about packet analysis using Wireshark. Basic knowledge of network fundamentals, devices, and protocols, along with an understanding of different topologies, will be beneficial as you move through the material.

What this book covers

Chapter 1, Appreciating Traffic Analysis, describes the countless places and reasons to conduct packet analysis. In addition, we'll cover the many benefits of using Wireshark, an open source protocol analyzer that includes many rich features.

Chapter 2, Using Wireshark, starts with an overview of the beginnings of today's Wireshark. We'll examine the interface and review the phases of packet analysis. Finally, we'll cover the built-in tools, with a closer look at tshark (or terminal-based Wireshark), a lightweight alternative to Wireshark.

Chapter 3, Installing Wireshark, illustrates how Wireshark provides support for different operating systems. We'll compare the different capture engines, such as WinPCap, LibPcap, and Npcap, walk through a standard Windows installation, and then review the resources available at https://www.wireshark.org/.

Chapter 4, Exploring the Wireshark Interface, provides a deeper dive into some of the common elements of Wireshark to improve your workflow. We'll investigate the welcome screen and common menu choices, such as File, Edit, and View, so that you can easily navigate the interface during an analysis.

Chapter 5, Tapping into the Data Stream, starts with a comparison of the different network architectures and then moves on to the various capture options. You'll discover the conversations and endpoints you'll see when tapping into the stream, and then learn about the importance of baselining network traffic.

Chapter 6, Personalizing the Interface, helps you to realize all the ways you can customize the many aspects of the interface. You'll learn how to personalize the layout and general appearance, create a tailored configuration profile, adjust the columns, font, and color, and create buttons.

Chapter 7, Using Display and Capture Filters, helps you to make examining a packet capture less overwhelming. We'll take a look at how to narrow your scope by filtering network traffic. We'll compare and contrast display and capture filters, discover the shortcuts used to build filters, and conclude with a review of the expression builder.

Chapter 8, Outlining the OSI Model, provides an overview of the Open Systems Interconnection (OSI) model, a seven-layer framework that outlines how the OS prepares data for transport on the network. We'll review the purpose, protocols, and Protocol Data Units (PDUs) of each layer, explore the encapsulation process, and demonstrate the frame formation in Wireshark.

Chapter 9, Decoding TCP and UDP, is a deep dive into two of the key protocols in the transport layer – the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). We'll review the purpose of the transport layer and then evaluate the header and field values of both the TCP and the UDP.

Chapter 10, Managing TCP Connections, begins by examining the three-way handshake. We'll discover the TCP options, get a better understanding of the TCP protocol preferences, and then conclude with an overview of the TCP teardown process.

Chapter 11, Analyzing IPv4 and IPv6, provides a breakdown of the purpose of the Internet Protocol (IP). We'll outline IPv4 and the header fields and then explore the streamlined header of IPv6. We'll summarize with a discussion of the protocol preferences and see how IPv4 and IPv6 can coexist by using tunneling protocols.

Chapter 12, Discovering ICMP, details the purpose of the Internet Control Message Protocol (ICMP). We'll dissect ICMP and ICMPv6, compare query and error messages, and discuss the ICMP type and code values. We'll cover how ICMP can be used in malicious ways and outline the importance of configuring firewall rules.

Chapter 13, Diving into DNS, outlines the significance of the Domain Name System (DNS). You'll learn how DNS works when resolving a hostname to an IP address. We'll compare the different types of records, step through a query and response, review the DNS header, and calculate the DNS response time using Wireshark.

Chapter 14, Examining DHCP, begins by explaining the need for the Dynamic Host Configuration Protocol (DHCP). We'll then outline the DORA process – Discover Offer Request Acknowledge. We'll dissect a DHCP header and review all the field values, flags, and port numbers, and then finish by stepping through a DHCP example.

Chapter 15, Decoding HTTP, highlights the Hypertext Transfer Protocol (HTTP), an application layer protocol used when browsing the web. We'll learn the details of HTTP, explore common methods of transport, and dissect the header and fields. We'll then compare request and response messages, and then summarize by following an HTTP stream.

Chapter 16, Understanding ARP, takes a closer look at the Address Resolution Protocol (ARP), which is a significant protocol in delivering data. We'll outline the role and purpose of ARP, explore the header and fields, describe the different types of ARP, and take a brief look at ARP attacks.

Chapter 17, Determining Network Latency Issues, outlines how even a beginner can diagnose network problems. We'll explore coloring rules and the Intelligent Scrollbar, and then conclude with an overview of the expert information, which divides the alerts into categories and guides you through a more targeted evaluation.

Chapter 18, Subsetting, Saving, and Exporting Captures, helps you to explore the many different ways in which to break down a packet capture into smaller files for analysis. We'll cover the different options when saving a file, discover ways to export components such as objects, session keys, and packet bytes, and then outline why and how to add comments.

Chapter 19, Discovering I/O and Stream Graphs, begins by covering the many ways the statistics menu can help us when analyzing a capture file. We'll create basic I/O graphs to help visualize network issues and summarize by comparing how the different TCP stream graphs provide a visual representation of the streams.

Chapter 20, Using CloudShark for Packet Analysis, covers CloudShark, an online application that is similar to Wireshark. You'll learn how to filter traffic and generate graphs. We'll then review how you can share captures with colleagues and outline where you can find sample captures so that you can continue improving your skills.

To get the most out of this book

To prepare for working with Wireshark, download and install the latest version on your system. Detailed instructions are listed in Chapter 3, Installing Wireshark.

To get the most out of each chapter, when there is a reference to a packet capture, download the files so that you can follow along with the lessons.

In addition to this, practice your skills on your own and, in particular, review the common protocols in the TCP/IP suite so that you can deepen your knowledge and become more proficient in packet analysis.

Download the example code files

All Wireshark capture files are referenced within the book. Download the appropriate capture files from the online repositories so that you can follow along with the lessons.

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/iF8Fj.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To write to a file, use -w, then the filename and path."

Any command-line input or output is written as follows:

C:Program FilesWireshark>tshark -i "ethernet 2" -w Test-Tshark.pcap -a duration:10

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "Once you're in CloudShark, select the Export | Download File drop-down menu."

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you've read Learn Wireshark - Second Edition, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Preface

Create new playlist

Sign In

Sign Up