O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Wireshark 2 Quick Start Guide

Book Description

Protect your network as you move from the basics of the Wireshark scenarios to detecting and resolving network anomalies.

About This Book
  • Learn protocol analysis, optimization and troubleshooting using Wireshark, an open source tool
  • Learn the usage of filtering and statistical tools to ease your troubleshooting job
  • Quickly perform root-cause analysis over your network in an event of network failure or a security breach
Who This Book Is For

If you are a security professional or a network enthusiast who is interested in understanding the internal working of networks and packets, then this book is for you. No prior knowledge of Wireshark is needed.

What You Will Learn
  • Learn how TCP/IP works
  • Install Wireshark and understand its GUI
  • Creation and Usage of Filters to ease analysis process
  • Understand the usual and unusual behaviour of Protocols
  • Troubleshoot network anomalies quickly with help of Wireshark
  • Use Wireshark as a diagnostic tool for network security analysis to identify source of malware
  • Decrypting wireless traffic
  • Resolve latencies and bottleneck issues in the network
In Detail

Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.

This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations.

By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.

Style and approach

Learn and practice the skills of protocol and network analysis using the tool of the pros, Wireshark.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Wireshark 2 Quick Start Guide
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  6. Installing Wireshark
    1. Introduction to Wireshark
      1. Why use Wireshark?
        1. The installation process
        2. Troubleshooting common installation errors
    2. A brief overview of the TCP/IP model
    3. The layers in the TCP/IP model
    4. Summary
  7. Introduction to Wireshark and Packet Analysis
    1. What is Wireshark?
      1. How Wireshark works
    2. An introduction to packet analysis with Wireshark
      1. How to do packet analysis
    3. Capturing methodologies
      1. Hub-based networks
      2. The switched environment
      3. ARP poisoning
      4. Passing through routers
      5. The Wireshark GUI
      6. Starting our first capture
    4. Summary
  8. Filtering Our Way in Wireshark
    1. Introducing filters
    2. Capture filters
      1. Why use capture filters
      2. How to use capture filters
      3. An example capture filter
      4. Display filters
      5. Retaining filters for later use
    3. Searching for packets using the Find dialog
      1. Colorize traffic
    4. Create new Wireshark profiles
    5. Summary
  9. Analyzing Application Layer Protocols
    1. Domain Name System (DNS)
      1. Dissecting a DNS packet
      2. Dissecting DNS query/response
    2. File transfer protocol
      1. Dissecting FTP communication packets
    3. Hypertext Transfer Protocol (HTTP)
      1. How request/response works
      2. Request
      3. Response
    4. Simple Mail Transfer Protocol (SMTP)
      1. Dissecting SMTP communication packets
      2. Session Initiation Protocol (SIP) and Voice Over Internet Protocol(VOIP)
        1. Reassembling packets for playback
      3. Decrypting encrypted traffic (SSL/TLS)
    5. Summary
  10. Analyzing the Transport Layer Protocols TCP/UDP
    1. The transmission control protocol
      1. Understanding the TCP header and its various flags
      2. How TCP communicates
        1. How it works
        2. How sequence numbers are generated and managed
        3. RST (reset) packets
      3. Unusual TCP traffic
    2. The User Datagram Protocol
      1. The UDP header
      2. How it works
        1. The DHCP
        2. The TFTP
      3. Unusual UDP traffic
    3. Summary
  11. Network Security Packet Analysis
    1. Information gathering
      1. PING sweep
      2. Half-open scan (SYN)
      3. OS fingerprinting
    2. ARP poisoning
    3. Analysing brute force attacks
      1. Inspecting malicious traffic (malware)
    4. Summary
  12. Analyzing Traffic in Thin Air
    1. Understanding IEEE 802.11
      1. Various modes in wireless communications
    2. Usual and unusual wireless traffic
      1. WPA Enterprise
    3. Decrypting wireless network traffic
    4. Summary
  13. Mastering the Advanced Features of Wireshark
    1. The Statistics menu
      1. Using the Statistics menu
        1. Protocol Hierarchy
      2. Conversations
      3. Endpoints
      4. Follow TCP Streams
      5. Command line-fu
    2. Summary
  14. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think