You are previewing Instant Wireshark Starter.
O'Reilly logo
Instant Wireshark Starter

Book Description

A quick and easy guide to getting started with network analysis using Wireshark

  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results.

  • Documents key features and tasks that can be performed using Wireshark

  • Covers details of filters, statistical analysis, and other important tasks

  • Also includes advanced topics like decoding captured data, name resolution, and reassembling

In Detail

Wireshark is by far the most popular network traffic analyzing tool.

It not only provides an interface for traffic capture but also provides a rich platform for an in-depth analysis of the traffic. The GUI provides a very user friendly and interactive media that simplifies the process of network forensics. This concise book provides a perfect start to getting hands-on with packet analysis using Wireshark.

Wireshark Starter is the perfect guide for new learners who are willing to dive into the world of computer networks. Walking you through from the very start, it transitions smoothly to cover core topics like filters, decoding packets, command line tools, and more. It covers every inch of Wireshark in a concise and comprehensive manner.

Wireshark Starter has been designed keeping basic learners in mind. After initial setup, the book leads you through your first packet capture followed by some core topics like analyzing the captured traffic and understanding filters.

You will then be guided through more detailed topics like the decoding of captured packets, generating graphs based on statistics, and name resolution. Finally the book concludes by providing information about further references and official sources to learn more about the tool.

Table of Contents

  1. Instant Wireshark Starter
    1. Instant Wireshark Starter
    2. Credits
    3. About the author
    4. About the reviewer
    5. www.packtpub.com
      1. Support files, eBooks, discount offers and more
    6. packtLib.packtpub.com
      1. Why Subscribe?
      2. Free Access for Packt account holders
    7. 1. Instant Wireshark Starter
      1. So, what is Wireshark?
        1. How does Wireshark work?
      2. Installation
        1. Step 1 – what do I need?
        2. Step 2 – downloading Wireshark
        3. Step 3 - installing Wireshark
        4. And that's it!
        5. Building Wireshark from source
          1. Step 1 – getting the source files
          2. Step 2 – unpacking
          3. Step 3 – building
          4. Step 4 – installing
          5. And that's it!
        6. Installing Wireshark on Unix through binaries
        7. Installing from RPM
          1. Installing from DEB
        8. Setting up the subversion client
          1. Step 1 – creating the directory
          2. Step 2 – setting the subversion path
          3. Step 3 – checkout
      3. Quick start – your first packet capture
        1. Getting started with network interface selection
        2. A quick look at the Wireshark GUI
        3. Wireshark GUI panels
        4. Capture panel
        5. Packet details panel
        6. Packet bytes panel
        7. Setting up filters
        8. Working with the Filter Expression dialog box
        9. Capturing live data
        10. Understanding the Wireshark coloring scheme
        11. Working with captured packets
        12. Searching for packets
        13. Marking packets
        14. Saving captured data
        15. Exporting and merging packets
        16. Printing packets
        17. Input/Output graph window
          1. Graphs
          2. Filter
          3. Style
          4. Graph co-ordinates
        18. Copying and saving
        19. File input/output
          1. Opening captured packets
          2. Wireshark file formats
            1. Input file formats
        20. Expert Infos
        21. Using preferences
      4. Top 5 features you need to know about
        1. Working with packet streams
        2. Decoding packets and exporting objects
        3. Statistics of the captured packets
          1. Summary
          2. Protocol Hierarchy
          3. Conversations
          4. Endpoints
          5. Flow graph
        4. Name resolution and packet reassembling
          1. Name resolution
            1. MAC name resolution
            2. Network name resolution
            3. Transport name resolution
          2. Packet reassembling
        5. Wireshark command-line tools
          1. Tshark – terminal Wireshark
          2. Rawshark – dumping and analyzing the traffic
          3. editcap
          4. mergecap
          5. text2pcap
      5. Wireshark activity
      6. People and places you should get to know
        1. Official sites
        2. Articles and tutorials
        3. Community
        4. Blogs
        5. Twitter