Book description
Master Wireshark and discover how to analyze network packets and protocols effectively, along with engaging recipes to troubleshoot network problems
About This Book
- Gain valuable insights into the network and application protocols, and the key fields in each protocol
- Use Wireshark's powerful statistical tools to analyze your network and leverage its expert system to pinpoint network problems
- Master Wireshark and train it as your network sniffer
Who This Book Is For
This book is aimed at IT professionals who want to develop or enhance their packet analysis skills. A basic familiarity with common network and application services terms and technologies is assumed.
What You Will Learn
- Discover how packet analysts view networks and the role of protocols at the packet level
- Capture and isolate all the right packets to perform a thorough analysis using Wireshark's extensive capture and display filtering capabilities
- Decrypt encrypted wireless traffic
- Use Wireshark as a diagnostic tool and also for network security analysis to keep track of malware
- Find and resolve problems due to bandwidth, throughput, and packet loss
- Identify and locate faults in communication applications including HTTP, FTP, mail, and various other applications ? Microsoft OS problems, databases, voice, and video over IP
- Identify and locate faults in detecting security failures and security breaches in the network
In Detail
This Learning Path starts off installing Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. You will then discover different ways to create and use capture and display filters. By halfway through the book, you'll be mastering Wireshark features, analyzing different layers of the network protocol, and looking for any anomalies.We then start Ethernet and LAN switching, through IP, and then move on to TCP/UDP with a focus on TCP performance problems. It also focuses on WLAN security. Then, we go through application behavior issues including HTTP, mail, DNS, and other common protocols. This book finishes with a look at network forensics and how to locate security problems that might harm the network.This course provides you with highly practical content explaining Metasploit from the following books:
- Wireshark Essentials
- Network Analysis Using Wireshark Cookbook
- Mastering Wireshark
Style and approach
This step-by-step guide follows a practical approach, starting from the basic to the advanced aspects. Through a series of real-world examples, this learning path will focus on making it easy for you to become an expert at using Wireshark.
Publisher resources
Table of contents
-
Wireshark Revealed: Essential Skills for IT Professionals
- Table of Contents
- Wireshark Revealed: Essential Skills for IT Professionals
- Credits
- Preface
-
1. Module 1
- 1. Getting Acquainted with Wireshark
-
2. Networking for Packet Analysts
- The OSI model – why it matters
- IP networks and subnets
- Switching and routing packets
- WAN links
- Wireless networking
- Summary
-
3. Capturing All the Right Packets
- Picking the best capture point
- Test Access Ports and switch port mirroring
- Capturing interfaces, filters, and options
- Verifying a good capture
- Saving the bulk capture file
- Isolating conversations of interest
- Using the Conversations window
- Wireshark display filters
- Filter Expression Buttons
- Following TCP/UDP/SSL streams
- Marking and ignoring packets
- Saving the filtered traffic
- Summary
- 4. Configuring Wireshark
-
5. Network Protocols
- The OSI and DARPA reference models
- Transport layer protocols
- Application layer protocols
- Summary
-
6. Troubleshooting and Performance Analysis
- Troubleshooting methodology
- Troubleshooting connectivity issues
- Troubleshooting functional issues
-
Performance analysis methodology
- Top five reasons for poor application performance
- Summary
- 7. Packet Analysis for Security Tasks
- 8. Command-line and Other Utilities
-
2. Module 2
- 1. Introducing Wireshark
- 2. Using Capture Filters
- 3. Using Display Filters
-
4. Using Basic Statistics Tools
- Introduction
- Using the Summary tool from the Statistics menu
- Using the Protocol Hierarchy tool from the Statistics menu
- Using the Conversations tool from the Statistics menu
- Using the Endpoints tool from the Statistics menu
- Using the HTTP tool from the Statistics menu
- Configuring Flow Graph for viewing TCP flows
- Creating IP-based statistics
-
5. Using Advanced Statistics Tools
- Introduction
- Configuring IO Graphs with filters for measuring network performance issues
- Throughput measurements with IO Graph
- Advanced IO Graph configurations with advanced Y-Axis parameters
- Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
- Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
- Getting information through TCP stream graphs – the Throughput Graph window
- Getting information through TCP stream graphs – the Round Trip Time window
- Getting information through TCP stream graphs – the Window Scaling Graph window
- 6. Using the Expert Infos Window
- 7. Ethernet, LAN Switching, and Wireless LAN
- 8. ARP and IP Analysis
-
9. UDP/TCP Analysis
- Introduction
- Configuring TCP and UDP preferences for troubleshooting
- TCP connection problems
- TCP retransmission – where do they come from and why
- Duplicate ACKs and fast retransmissions
- TCP out-of-order packet events
- TCP Zero Window, Window Full, Window Change, and other Window indicators
- TCP resets and why they happen
- 10. HTTP and DNS
-
11. Analyzing Enterprise Applications' Behavior
- Introduction
- Finding out what is running over your network
- Analyzing FTP problems
- Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
- Analyzing MS-TS and Citrix communications problems
- Analyzing problems in the NetBIOS protocols
- Analyzing database traffic and common problems
-
12. SIP, Multimedia, and IP Telephony
- Introduction
- Using Wireshark's features for telephony and multimedia analysis
- Analyzing SIP connectivity
- Analyzing RTP/RTCP connectivity
- Troubleshooting scenarios for video and surveillance applications
- Troubleshooting scenarios for IPTV applications
- Troubleshooting scenarios for video conferencing applications
- Troubleshooting RTSP
- 13. Troubleshooting Bandwidth and Delay Problems
- 14. Understanding Network Security
- A. Links, Tools, and Reading
-
3. Module 3
- 1. Welcome to the World of Packet Analysis with Wireshark
- 2. Filtering Our Way in Wireshark
- 3. Mastering the Advanced Features of Wireshark
- 4. Inspecting Application Layer Protocols
- 5. Analyzing Transport Layer Protocols
- 6. Analyzing Traffic in Thin Air
- 7. Network Security Analysis
- 8. Troubleshooting
- 9. Introduction to Wireshark v2
- Bibliography
- Index
Product information
- Title: Wireshark Revealed: Essential Skills for IT Professionals
- Author(s):
- Release date: December 2017
- Publisher(s): Packt Publishing
- ISBN: 9781788833226
You might also like
book
Wireshark for Security Professionals
Master Wireshark to solve real-world security problems If you don’t already use Wireshark for a wide …
book
Wireshark Network Security
A succinct guide to securely administer your network using Wireshark In Detail Wireshark is the world's …
book
Network Protocols for Security Professionals
Get to grips with network-based attacks and learn to defend your organization's network and network devices …
book
CCISO Certified Chief Information Security Officer All-in-One Exam Guide
100% coverage of every objective for the EC-Council’s Certified Chief Information Security Officer exam Take the …