book

Wireshark Network Security

Name: Wireshark Network Security
Author: Piyush Verma
ISBN: 9781784393335

by Piyush Verma

July 2015

Intermediate to advanced

138 pages

2h 49m

English

Packt Publishing

Read now

Unlock full access

Wireshark Network Security
Table of Contents
Wireshark Network Security
Credits
About the Author
Acknowledgment
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this bookErrataPiracyQuestions
1. Getting Started with Wireshark – What, Why, and How?
SniffingThe purpose of sniffingPacket analysis
The tools of the trade
What is Wireshark?
The Wireshark interface – Before starting the capture
TitleMenuMain toolbarFilter toolbarCapture frameCapture HelpThe Files menuOnlineThe Status bar
First packet capture
Summary
2. Tweaking Wireshark
Filtering our way through WiresharkCapture filtersDisplay filtersThe list of display filters
Wireshark profiles
Creating a new profile
Essential techniques in Wireshark
The Summary windowThe Protocol Hierarchy windowThe Conversations windowThe Endpoints windowThe Expert Infos window
Wireshark command-line fu
tsharkStarting the captureSaving the capture to a fileUsing filtersStatisticscapinfoseditcapmergecap
Summary
3. Analyzing Threats to LAN Security
Analyzing clear-text trafficViewing credentials in WiresharkFTPTelnetHTTPTFTPReassembling data streamCase study
Examining sniffing attacks
MAC floodingARP poisoning
Analyzing network reconnaissance techniques
Examining network scanning activitiesDetect the scanning activity for live machinesPing sweepARP sweepIdentify port scanning attemptsA TCP Connect scanWireshark's Flow GraphWireshark's Expert InfoWireshark's ConversationsStealth scanWireshark's Flow GraphWireshark's Expert InfoWireshark's ConversationsNULL scanUDP scanOther scanning attemptsACK scanIP Protocol scanOS fingerprinting attempts
Detect password cracking attempts
Brute-force attacksIdentifying POP3 password crackingHTTP basic authenticationDictionary-based attacksDetecting FTP password cracking
Miscellaneous attacks
FTP bounce attackDNS zone transferSSL stripping attack
Complementary tools to Wireshark
XplicoSysdigPcap2XMLSSHFlow
Important display filters
Filters based on protocolsDNSFTPHTTPFilters based on unique signatures and regular expressionsRegular expressions
Nailing the CTF challenge
Summary
4. Probing E-mail Communications
E-mail forensics challengesChallenge 1 – Normal login sessionChallenge 2 – Corporate espionage
Analyzing attacks on e-mail communications
Detecting SMTP enumerationUsing auxiliary module in MetasploitAnalyzing SMTP relay attack
Important filters
Summary
5. Inspecting Malware Traffic
Gearing up WiresharkUpdated columnsUpdated coloring rulesImportant display filters
Malicious traffic analysis
Case study – Blackhole exploit kitProtocols in actionThe IP address of the infected boxAny unusual port numberA compromised websiteInfected file(s)Conclusion
IRC botnet(s)
Inspection
Summary
6. Network Performance Analysis
Creating a custom profile for troubleshooting
Optimization before analysis
TCP-based issues
Case study 1 – Slow Internet
Analysis
Case study 2 – Sluggish downloads
Analysis
Case study 3 – Denial of Service
SYN flood
Summary
Index

Overview

This guide, "Wireshark Network Security," introduces the powerful network analysis tool Wireshark and teaches secure administration practices. You'll master network troubleshooting, threat detection, and performance optimization by analyzing real-world scenarios.

What this Book will help me do

Gain expertise in using Wireshark for network analysis and troubleshooting.
Develop skills for detecting and analyzing security threats using Wireshark tools.
Understand and investigate attacks using common security tools like Nmap and Metasploit.
Learn to configure Wireshark effectively for tailored security analysis tasks.
Explore real-world challenges and solutions, including Capture The Flag (CTF) scenarios, to hone your skills.

Author(s)

None Verma combines expertise in network analysis tools with a tailored approach to teaching Wireshark. With industry experience and a focus on practical applications, Verma offers insights to empower readers, emphasizing clear, actionable learning.

Who is it for?

This book is perfect for network administrators or security analysts aiming to leverage Wireshark for security analysis. It requires a basic grasp of networking fundamentals and application services. Whether you're beginning or looking to refine your skills, this book will elevate your network security practices.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781784393335

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills