You are previewing Wireshark Network Security.
O'Reilly logo
Wireshark Network Security

Book Description

A succinct guide to securely administer your network using Wireshark

In Detail

Wireshark is the world's foremost network protocol analyzer for network analysis and troubleshooting.

This book will walk you through exploring and harnessing the vast potential of Wireshark, the world's foremost network protocol analyzer.

The book begins by introducing you to the foundations of Wireshark and showing you how to browse the numerous features it provides. You'll be walked through using these features to detect and analyze the different types of attacks that can occur on a network. As you progress through the chapters of this book, you'll learn to perform sniffing on a network, analyze clear-text traffic on the wire, recognize botnet threats, and analyze Layer 2 and Layer 3 attacks along with other common hacks.

By the end of this book, you will be able to fully utilize the features of Wireshark that will help you securely administer your network.

What You Will Learn

  • Familiarize yourself with the robust features offered by Wireshark

  • Use the powerful command-line utilities shipped with Wireshark

  • Analyze numerous threats to network security using Wireshark

  • Investigate attacks performed using popular security tools such as Nmap, Nessus, Metasploit, and more

  • Solve real-world CTF challenges using Wireshark

  • Create your own security-related profile in Wireshark

  • Configure Wireshark for effective network troubleshooting

  • Get accustomed to common scenarios faced by security analysts

  • Analyze malware traffic successfully by using Wireshark

  • Unearth anomalies hampering the speed of network communications

  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Wireshark Network Security
      1. Table of Contents
      2. Wireshark Network Security
      3. Credits
      4. About the Author
      5. Acknowledgment
      6. About the Reviewers
      7. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      9. 1. Getting Started with Wireshark – What, Why, and How?
        1. Sniffing
          1. The purpose of sniffing
          2. Packet analysis
        2. The tools of the trade
        3. What is Wireshark?
        4. The Wireshark interface – Before starting the capture
          1. Title
          2. Menu
          3. Main toolbar
          4. Filter toolbar
          5. Capture frame
          6. Capture Help
          7. The Files menu
          8. Online
          9. The Status bar
        5. First packet capture
        6. Summary
      10. 2. Tweaking Wireshark
        1. Filtering our way through Wireshark
          1. Capture filters
          2. Display filters
            1. The list of display filters
        2. Wireshark profiles
          1. Creating a new profile
        3. Essential techniques in Wireshark
          1. The Summary window
          2. The Protocol Hierarchy window
          3. The Conversations window
          4. The Endpoints window
          5. The Expert Infos window
        4. Wireshark command-line fu
          1. tshark
            1. Starting the capture
            2. Saving the capture to a file
            3. Using filters
            4. Statistics
          2. capinfos
          3. editcap
          4. mergecap
        5. Summary
      11. 3. Analyzing Threats to LAN Security
        1. Analyzing clear-text traffic
          1. Viewing credentials in Wireshark
            1. FTP
            2. Telnet
            3. HTTP
            4. TFTP
          2. Reassembling data stream
            1. Case study
        2. Examining sniffing attacks
          1. MAC flooding
          2. ARP poisoning
        3. Analyzing network reconnaissance techniques
          1. Examining network scanning activities
            1. Detect the scanning activity for live machines
              1. Ping sweep
              2. ARP sweep
            2. Identify port scanning attempts
              1. A TCP Connect scan
                1. Wireshark's Flow Graph
                2. Wireshark's Expert Info
                3. Wireshark's Conversations
              2. Stealth scan
                1. Wireshark's Flow Graph
                2. Wireshark's Expert Info
                3. Wireshark's Conversations
              3. NULL scan
              4. UDP scan
            3. Other scanning attempts
              1. ACK scan
              2. IP Protocol scan
          2. OS fingerprinting attempts
        4. Detect password cracking attempts
          1. Brute-force attacks
            1. Identifying POP3 password cracking
            2. HTTP basic authentication
          2. Dictionary-based attacks
            1. Detecting FTP password cracking
        5. Miscellaneous attacks
          1. FTP bounce attack
          2. DNS zone transfer
          3. SSL stripping attack
        6. Complementary tools to Wireshark
          1. Xplico
          2. Sysdig
          3. Pcap2XML
          4. SSHFlow
        7. Important display filters
          1. Filters based on protocols
            1. DNS
            2. FTP
            3. HTTP
          2. Filters based on unique signatures and regular expressions
            1. Regular expressions
        8. Nailing the CTF challenge
        9. Summary
      12. 4. Probing E-mail Communications
        1. E-mail forensics challenges
          1. Challenge 1 – Normal login session
          2. Challenge 2 – Corporate espionage
        2. Analyzing attacks on e-mail communications
          1. Detecting SMTP enumeration
            1. Using auxiliary module in Metasploit
          2. Analyzing SMTP relay attack
        3. Important filters
        4. Summary
      13. 5. Inspecting Malware Traffic
        1. Gearing up Wireshark
          1. Updated columns
          2. Updated coloring rules
          3. Important display filters
        2. Malicious traffic analysis
          1. Case study – Blackhole exploit kit
            1. Protocols in action
            2. The IP address of the infected box
            3. Any unusual port number
            4. A compromised website
            5. Infected file(s)
            6. Conclusion
        3. IRC botnet(s)
          1. Inspection
        4. Summary
      14. 6. Network Performance Analysis
        1. Creating a custom profile for troubleshooting
        2. Optimization before analysis
        3. TCP-based issues
        4. Case study 1 – Slow Internet
          1. Analysis
        5. Case study 2 – Sluggish downloads
          1. Analysis
        6. Case study 3 – Denial of Service
          1. SYN flood
        7. Summary
      15. Index