Chapter 7. Security Analysis

In the previous chapters, we learned more about protocols and their analysis techniques. In this chapter, we will learn how Wireshark helps us perform a security analysis and try to cover the security aspects in these area application and network by covering these topics:

The Heartbleed bug
DoS SYN flood/mitigation
DoS ICMP flood/mitigation
Scanning the network
ARP duplicate IP detection (MITM)
DrDoS introduction
BitTorrent source identification
Wireshark endpoints and protocol hierarchy

Heartbleed bug

The Heartbeat protocol (RFC6520) runs on top of the Record layer protocol (the Record layer protocol is defined in SSL).

The Heartbleed bug (CVE-2014-0160) exists in selected OpenSSL versions (1.0.1 to 1.0.1f) that implement the ...

Get Packet Analysis with Wireshark now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Packet Analysis with Wireshark by Anish Nath

Chapter 7. Security Analysis

Heartbleed bug

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly