Book Image

Wireshark Revealed: Essential Skills for IT Professionals

By : James H Baxter, Yoram Orzach, Charit Mishra
Book Image

Wireshark Revealed: Essential Skills for IT Professionals

By: James H Baxter, Yoram Orzach, Charit Mishra

Overview of this book

This Learning Path starts off installing Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. You will then discover different ways to create and use capture and display filters. By halfway through the book, you'll be mastering Wireshark features, analyzing different layers of the network protocol, and looking for any anomalies.We then start Ethernet and LAN switching, through IP, and then move on to TCP/UDP with a focus on TCP performance problems. It also focuses on WLAN security. Then, we go through application behavior issues including HTTP, mail, DNS, and other common protocols. This book finishes with a look at network forensics and how to locate security problems that might harm the network.This course provides you with highly practical content explaining Metasploit from the following books: 1) Wireshark Essentials 2) Network Analysis Using Wireshark Cookbook 3) Mastering Wireshark
Table of Contents (5 chapters)

Chapter 2. Using Capture Filters

In this chapter, we will cover the following topics:

  • Configuring capture filters
  • Configuring Ethernet filters
  • Configuring hosts and networks filters
  • Configuring TCP/UDP and port filters
  • Configuring compound filters
  • Configuring byte-offset and payload matching filters

Introduction

In the first chapter we talked about how to install Wireshark, how to configure it for basic operations, and where to locate it in the network. In this chapter and the next one we will talk about capture filters (Chapter 2, Using Capture Filters) and display filters (Chapter 3, Using Display Filters).

It is important to distinguish between these two types of filters:

  • Capture filters are configured before we start to capture data, so only data that is approved with the filters will be captured. All other data will be lost. These filters are described in this chapter.
  • Display filters are filters that filter data after it has been captured. In this case, all data is captured, and you...