Book description
Over 100 recipes to analyze and troubleshoot network problems using Wireshark 2
About This Book
- Place Wireshark 2 in your network and configure it for effective network analysis
- Deep dive into the enhanced functionalities of Wireshark 2 and protect your network with ease
- A practical guide with exciting recipes on a widely used network protocol analyzer
Who This Book Is For
This book is for security professionals, network administrators, R&D, engineering and technical support, and communications managers who are using Wireshark for network analysis and troubleshooting. It requires a basic understanding of networking concepts, but does not require specific and detailed technical knowledge of protocols or vendor implementations.
What You Will Learn
- Configure Wireshark 2 for effective network analysis and troubleshooting
- Set up various display and capture filters
- Understand networking layers, including IPv4 and IPv6 analysis
- Explore performance issues in TCP/IP
- Get to know about Wi-Fi testing and how to resolve problems related to wireless LANs
- Get information about network phenomena, events, and errors
- Locate faults in detecting security failures and breaches in networks
In Detail
This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. The book expands on some of the subjects explored in the first version, including TCP performance, network security, Wireless LAN, and how to use Wireshark for cloud and virtual system monitoring. You will learn how to analyze end-to-end IPv4 and IPv6 connectivity failures for Unicast and Multicast traffic using Wireshark. It also includes Wireshark capture files so that you can practice what you've learned in the book. You will understand the normal operation of E-mail protocols and learn how to use Wireshark for basic analysis and troubleshooting. Using Wireshark, you will be able to resolve and troubleshoot common applications that are used in an enterprise network, like NetBIOS and SMB protocols. Finally, you will also be able to measure network parameters, check for network problems caused by them, and solve them effectively. By the end of this book, you'll know how to analyze traffic, find patterns of various offending traffic, and secure your network from them.
Style and approach
This book consists of practical recipes on Wireshark 2 that target novices as well as intermediate Wireshark users. It goes deep into the technical issues, covers additional protocols, and many more real-live examples so that you are able to implement it in your daily life scenarios.
Publisher resources
Table of contents
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
-
Introduction to Wireshark Version 2
- Wireshark Version 2 basics
- Locating Wireshark
- Capturing data on virtual machines
-
Starting the capture of data
- Getting ready
-
How to do it...
- Capture on multiple interfaces
- How to configure the interface you capture data from
- Capture data to multiple files
- Configure output parameters
- Manage interfaces (under the Input tab)
- Capture packets on a remote machine
- Start capturing data – capture data on Linux/Unix machines
- Collecting from a remote communication device
- How it works...
- There's more...
- See also
- Configuring the start window
- Mastering Wireshark for Network Troubleshooting
- Using Capture Filters
- Using Display Filters
-
Using Basic Statistics Tools
- Introduction
- Using the statistics – capture file properties menu
- Using the statistics – resolved addresses
- Using the statistics – protocol hierarchy menu
- Using the statistics – conversations menu
- Using the statistics – endpoints menu
- Using the statistics – HTTP menu
- Configuring a flow graph for viewing TCP flows
- Creating IP-based statistics
-
Using Advanced Statistics Tools
- Introduction
- Configuring I/O graphs with filters for measuring network performance issues
- Throughput measurements with I/O graphs
- Advanced I/O graph configurations with y axis parameters
- Getting information through TCP stream graphs – time/sequence (Steven's) window
- Getting information through TCP stream graphs – time/sequences (TCP-trace) window
- Getting information through TCP stream graphs – throughput window
- Getting information through TCP stream graphs – round-trip-time window
- Getting information through TCP stream graphs – window-scaling window
- Using the Expert System
- Ethernet and LAN Switching
- Wireless LAN
-
Network Layer Protocols and Operations
- Introduction
- IPv4 address resolution protocol operation and troubleshooting
- ICMP – protocol operation, analysis, and troubleshooting
- Analyzing IPv4 unicast routing operations
- Analyzing IP fragmentation failures
- IPv4 multicast routing operations
- IPv6 principle of operations
- IPv6 extension headers
- ICMPv6 – protocol operations, analysis, and troubleshooting
- IPv6 auto configuration
- DHCPv6-based address assignment
- IPv6 neighbor discovery protocol operation and analysis
-
Transport Layer Protocol Analysis
- Introduction
- UDP principle of operation
- UDP protocol analysis and troubleshooting
- TCP principle of operation
- Troubleshooting TCP connectivity problems
-
Troubleshooting TCP retransmission issues
- Getting ready
-
How to do it...
- Case 1 – retransmissions to many destinations
- Case 2 – retransmissions on a single connection
- Case 3 – retransmission patterns
- Case 4 – retransmission due to a non-responsive application
- Case 5 - retransmission due to delayed variations
- Finding out what it is
- How it works...
- There's more...
- See also
- TCP sliding window mechanism
- TCP enhancements – selective ACK and timestamps
- Troubleshooting TCP throughput
- FTP, HTTP/1, and HTTP/2
- DNS Protocol Analysis
- Analyzing Mail Protocols
- NetBIOS and SMB Protocol Analysis
- Analyzing Enterprise Applications' Behavior
- Troubleshooting SIP, Multimedia, and IP Telephony
- Troubleshooting Bandwidth and Delay Issues
- Security and Network Forensics
Product information
- Title: Network Analysis Using Wireshark 2 Cookbook - Second Edition
- Author(s):
- Release date: March 2018
- Publisher(s): Packt Publishing
- ISBN: 9781786461674
You might also like
book
Network Analysis Using Wireshark Cookbook
This book will be a massive ally in troubleshooting your network using Wireshark, the world’s most …
video
Network Analysis Using Wireshark 3
Wireshark is an open-source network protocol analyzer. It is the world's leading packet analyzer when it …
book
Nmap: Network Exploration and Security Auditing Cookbook - Second Edition
Over 100 practical recipes related to network and application security auditing using the powerful Nmap About …
book
Learn Wireshark - Second Edition
Expertly analyze common protocols such as TCP, IP, and ICMP, along with learning how to use …