Wireshark is one of the most popular packet capture analysis tool available to incident response analysts. In addition to the ability to capture packets, there are a great many features that are available. As entire volumes and training courses are built around this platform, it is impossible to identify every feature. Therefore, this chapter will focus on some of the key features of Wireshark that are most applicable to an incident investigation.

There are a number of free resources about Wireshark and its capability. The Wireshark site wireshark.org contains a great deal of information. Furthermore, the site wiresharkuniversity.com contains exercises and training packet captures to hone skills around analysis.

Because Wireshark ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.