You are previewing Mastering Wireshark.
O'Reilly logo
Mastering Wireshark

Book Description

Analyze data network like a professional by mastering Wireshark - From 0 to 1337

About This Book

  • Master Wireshark and train it as your network sniffer

  • Impress your peers and get yourself pronounced as a network doctor

  • Understand Wireshark and its numerous features with the aid of this fast-paced book packed with numerous screenshots, and become a pro at resolving network anomalies

  • Who This Book Is For

    Are you curious to know what’s going on in a network? Do you get frustrated when you are unable to detect the cause of problems in your networks? This is where the book comes into play.

    Mastering Wireshark is for developers or network enthusiasts who are interested in understanding the internal workings of networks and have prior knowledge of using Wireshark, but are not aware about all of its functionalities.

    What You Will Learn

  • Install Wireshark and understand its GUI and all the functionalities of it

  • Create and use different filters

  • Analyze different layers of network protocols and know the amount of packets that flow through the network

  • Decrypt encrypted wireless traffic

  • Use Wireshark as a diagnostic tool and also for network security analysis to keep track of malware

  • Troubleshoot all the network anomalies with help of Wireshark

  • Resolve latencies and bottleneck issues in the network

  • In Detail

    Wireshark is a popular and powerful tool used to analyze the amount of bits and bytes that are flowing through a network. Wireshark deals with the second to seventh layer of network protocols, and the analysis made is presented in a human readable form.

    Mastering Wireshark will help you raise your knowledge to an expert level. At the start of the book, you will be taught how to install Wireshark, and will be introduced to its interface so you understand all its functionalities. Moving forward, you will discover different ways to create and use capture and display filters. Halfway through the book, you’ll be mastering the features of Wireshark, analyzing different layers of the network protocol, looking for any anomalies. As you reach to the end of the book, you will be taught how to use Wireshark for network security analysis and configure it for troubleshooting purposes.

    Style and approach

    Every chapter in this book is explained to you in an easy way accompanied by real-life examples and screenshots of the interface, making it easy for you to become an expert at using Wireshark.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Mastering Wireshark
      1. Table of Contents
      2. Mastering Wireshark
      3. Credits
      4. About the Author
      5. About the Reviewer
      6. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Welcome to the World of Packet Analysis with Wireshark
        1. Introduction to Wireshark
        2. A brief overview of the TCP/IP model
        3. The layers in the TCP/IP model
        4. An introduction to packet analysis with Wireshark
          1. How to do packet analysis
          2. What is Wireshark?
          3. How it works
        5. Capturing methodologies
          1. Hub-based networks
          2. The switched environment
          3. ARP poisoning
          4. Passing through routers
          5. Why use Wireshark?
          6. The Wireshark GUI
            1. The installation process
          7. Starting our first capture
        6. Summary
        7. Practice questions
      9. 2. Filtering Our Way in Wireshark
        1. An introduction to filters
        2. Capture filters
          1. Why use capture filters
          2. How to use capture filters
          3. An example capture filter
          4. Capture filters that use protocol header values
        3. Display filters
          1. Retaining filters for later use
        4. Searching for packets using the Find dialog
          1. Colorize traffic
        5. Create new Wireshark profiles
        6. Summary
        7. Practice questions
      10. 3. Mastering the Advanced Features of Wireshark
        1. The Statistics menu
          1. Using the Statistics menu
          2. Protocol Hierarchy
        2. Conversations
        3. Endpoints
        4. Working with IO, Flow, and TCP stream graphs
        5. IO graphs
        6. Flow graphs
        7. TCP stream graphs
          1. Round-trip time graphs
          2. Throughput graphs
          3. The Time-sequence graph (tcptrace)
        8. Follow TCP streams
        9. Expert Infos
        10. Command Line-fu
        11. Summary
        12. Exercise
      11. 4. Inspecting Application Layer Protocols
        1. Domain name system
          1. Dissecting a DNS packet
          2. Dissecting DNS query/response
          3. Unusual DNS traffic
        2. File transfer protocol
          1. Dissecting FTP communications
            1. Passive mode
            2. Active mode
          2. Dissecting FTP packets
          3. Unusual FTP
        3. Hyper Text Transfer Protocol
          1. How it works – request/response
          2. Request
          3. Response
          4. Unusual HTTP traffic
        4. Simple Mail Transfer Protocol
          1. Usual versus unusual SMTP traffic
          2. Session Initiation Protocol and Voice Over Internet Protocol
          3. Analyzing VOIP traffic
            1. Reassembling packets for playback
          4. Unusual traffic patterns
          5. Decrypting encrypted traffic (SSL/TLS)
        5. Summary
        6. Practice questions:
      12. 5. Analyzing Transport Layer Protocols
        1. The transmission control protocol
          1. Understanding the TCP header and its various flags
          2. How TCP communicates
            1. How it works
            2. Graceful termination
            3. RST (reset) packets
          3. Relative verses Absolute numbers
          4. Unusual TCP traffic
          5. How to check for different analysis flags in Wireshark
        2. The User Datagram Protocol
          1. A UDP header
          2. How it works
            1. The DHCP
            2. The TFTP
          3. Unusual UDP traffic
        3. Summary
        4. Practice questions
      13. 6. Analyzing Traffic in Thin Air
        1. Understanding IEEE 802.11
          1. Various modes in wireless communications
            1. Wireless interference and strength
          2. The IEEE 802.11 packet structure
            1. RTS/CTS
        2. Usual and unusual WEP – open/shared key communication
          1. WEP-open key
          2. The shared key
          3. WPA-Personal
          4. WPA-Enterprise
        3. Decrypting WEP and WPA traffic
        4. Summary
        5. Practice questions
      14. 7. Network Security Analysis
        1. Information gathering
          1. PING sweep
          2. Half-open scan (SYN)
          3. OS fingerprinting
        2. ARP poisoning
        3. Analyzing brute force attacks
          1. Inspecting malicious traffic
          2. Solving real-world CTF challenges
        4. Summary
        5. Practice questions
      15. 8. Troubleshooting
        1. Recovery features
          1. The flow control mechanism
          2. Troubleshooting slow Internet and network latencies
          3. Client- and server-side latencies
          4. Troubleshooting bottleneck issues
          5. Troubleshooting application-based issues
        2. Summary
        3. Practice questions
      16. 9. Introduction to Wireshark v2
        1. The intelligent scroll bar
        2. Translation
        3. Graph improvements
        4. TCP streams
        5. USBPcap
        6. Summary
        7. Practice questions
      17. Index