Index
A
- ACK packets / WEP-open key
- Address Resolution Protocol (ARP)
- about / The layers in the TCP/IP model
- poisoning / ARP poisoning, ARP poisoning
- advantages, Wireshark
- user friendly / Why use Wireshark?
- robustness / Why use Wireshark?
- platform independent / Why use Wireshark?
- filters / Why use Wireshark?
- cost / Why use Wireshark?
- support / Why use Wireshark?
- application-based issues
- troubleshooting / Troubleshooting application-based issues
- association request/response / WEP-open key
B
- Base Service Set Identifier (BSSID) / Various modes in wireless communications
- bottleneck issues
- troubleshooting / Troubleshooting bottleneck issues
- BPF syntax
- identifiers / How to use capture filters
- qualifiers / How to use capture filters
- brute force attacks
- malicious traffic, inspecting / Inspecting malicious traffic
- real-world CTF challenges, solving / Solving real-world CTF challenges
C
- capture filters
- using / Why use capture filters
- using, techniques / How to use capture filters
- example / An example capture filter
- with protocol header values / Capture filters that use protocol header values
- capturing methodologies
- about / Capturing methodologies
- hub-based networks / Hub-based networks
- switched environment / The switched environment
- ARP poisoning / ARP poisoning
- passing, through routers / Passing through routers
- first capture, starting / Starting our first capture
- Carrier Sense Multiple Access and Collision Avoidance protocol (CSMA/CA) / Various modes in wireless communications
- client-side latency issues / Client- and server-side latencies
- Command Line-fu
- about / Command Line-fu
- comparison operators
- </lt / Display filters
- ==/eq / Display filters
- <=/le / Display filters
- !=/ne / Display filters
- >/gt / Display filters
- >=/ge / Display filters
- control frame
- about / The IEEE 802.11 packet structure
- Request-to-send (RTS) / The IEEE 802.11 packet structure
- Clear-to-send (CTS) / The IEEE 802.11 packet structure
- Acknowledgement (ACK) / The IEEE 802.11 packet structure
- Conversations
- about / Conversations
- cyclic redundancy check (CRC) / The IEEE 802.11 packet structure
D
- deauthentication packet / WPA-Enterprise
- disassociation packet / WPA-Enterprise
- display filters
- about / Display filters
- retaining, for later use / Retaining filters for later use
- distribution system (DS) / The IEEE 802.11 packet structure
- DNS error code
- DNS packet
- dissecting / Dissecting a DNS packet
- Domain Name Service (DNS) / How it works
- domain name system (DNS)
- about / Domain name system
- packet, dissecting / Dissecting a DNS packet
- packet, fields / Dissecting a DNS packet
- query/response, dissecting / Dissecting DNS query/response
- unusual DNS traffic / Unusual DNS traffic
- Dynamic Host Configuration Protocol (DHCP) / The DHCP
- Dynamic Host Control Protocol (DHCP) / How it works
E
- encrypted traffic (SSL/TLS)
- decrypting / Decrypting encrypted traffic (SSL/TLS)
- endpoints
- about / Endpoints
- Expert Info dialog
- about / Expert Infos
- Chat section / Expert Infos
- Note section / Expert Infos
- warning messages / Expert Infos
- error section / Expert Infos
- details / Expert Infos
- Packet Comments / Expert Infos
- Extended passive (ESPV) mode / Passive mode
- Extended Port (EPRT) / Active mode
F
- fields, domain name system (DNS) packet
- Transaction ID / Dissecting a DNS packet
- Query/response / Dissecting a DNS packet
- Flag bits / Dissecting a DNS packet
- Response code / Dissecting a DNS packet
- Questions / Dissecting a DNS packet
- Answers / Dissecting a DNS packet
- Authority RRs / Dissecting a DNS packet
- Additional RRs / Dissecting a DNS packet
- Query section / Dissecting a DNS packet
- Answer section / Dissecting a DNS packet
- Type / Dissecting a DNS packet
- Additional info / Dissecting a DNS packet
- window size / Understanding the TCP header and its various flags
- checksum / Understanding the TCP header and its various flags
- urgent pointer / Understanding the TCP header and its various flags
- options / Understanding the TCP header and its various flags
- data / Understanding the TCP header and its various flags
- file transfer protocol (FTP)
- about / File transfer protocol
- communications, dissecting / Dissecting FTP communications
- packets, dissecting / Dissecting FTP packets
- unusual FTP / Unusual FTP
- File Transfer Protocol (FTP) / The layers in the TCP/IP model
- filters
- display filters / Display filters
- Find dialog
- used, for searching for packets / Searching for packets using the Find dialog
- flags, TCP
- SYN (synchronize) / Understanding the TCP header and its various flags
- ACK (acknowledgement) / Understanding the TCP header and its various flags
- RST (reset) / Understanding the TCP header and its various flags
- FIN (finish) / Understanding the TCP header and its various flags
- PSH (push) / Understanding the TCP header and its various flags
- URG (urgent) / Understanding the TCP header and its various flags
- CWR (congestion window reduced) / Understanding the TCP header and its various flags
- flow control mechanism / The flow control mechanism
- flow graphs
- about / Flow graphs
- FTP communications
- dissecting / Dissecting FTP communications
- passive mode / Passive mode
- active mode / Active mode
- FTP packets
- Dissecting / Dissecting FTP packets
G
- Google
- reference link / Dissecting DNS query/response, Unusual DNS traffic
- graph improvements / Graph improvements
H
- half-open scan (SYN)
- performing / Half-open scan (SYN)
- open state / Half-open scan (SYN)
- closed state / Half-open scan (SYN)
- filtered state / Half-open scan (SYN)
- header fields, TCP
- source port / Understanding the TCP header and its various flags
- destination port / Understanding the TCP header and its various flags
- sequence number / Understanding the TCP header and its various flags
- acknowledgement number / Understanding the TCP header and its various flags
- data offset / Understanding the TCP header and its various flags
- header types, IEEE 802.11 packet structure
- management frames / The IEEE 802.11 packet structure
- control frames / The IEEE 802.11 packet structure
- data frames / The IEEE 802.11 packet structure
- HTTP error code
- HUB / Hub-based networks
- hub-based networks / Hub-based networks
- hubbing out / The switched environment
- Hyper Text Transfer Protocol (HTTP) / The layers in the TCP/IP model
- about / Hyper Text Transfer Protocol
- working / How it works – request/response
- request / Request
- response / Response
- unusual HTTP traffic / Unusual HTTP traffic
I
- IEEE 802.11
- about / Understanding IEEE 802.11
- standards / Understanding IEEE 802.11
- wireless communications, modes / Various modes in wireless communications
- station (STA) / Various modes in wireless communications
- wireless access point (AP) / Various modes in wireless communications
- basic service set (BSS) / Various modes in wireless communications
- extended service set (ESS) / Various modes in wireless communications
- independent basic service set (IBSS) / Various modes in wireless communications
- distribution system (DS) / Various modes in wireless communications
- packet structure / The IEEE 802.11 packet structure
- information gathering
- about / Information gathering
- PING sweep, performing / PING sweep
- half-open scan (SYN), performing / Half-open scan (SYN)
- OS fingerprinting / OS fingerprinting
- Initial Sequence Numbers (ISN) / How it works
- Internet Protocol (TCP) / How it works
- IO graph
- creating / Graph improvements
- IO graphs
- working with / Working with IO, Flow, and TCP stream graphs
- about / IO graphs
L
- layers, TCP/IP model
- about / The layers in the TCP/IP model
- Application Layer / The layers in the TCP/IP model
- Transport Layer / The layers in the TCP/IP model
- Internet layer / The layers in the TCP/IP model
- Link Layer / The layers in the TCP/IP model
- logical operators
- AND/&& / Display filters
- OR/|| / Display filters
- NOT/! / Display filters
M
- malicious traffic
- inspecting / Inspecting malicious traffic
- management frames
- about / The IEEE 802.11 packet structure
- beacon frame / The IEEE 802.11 packet structure
- authentication frame / The IEEE 802.11 packet structure
- association request frame / The IEEE 802.11 packet structure
- associate response frame / The IEEE 802.11 packet structure
- deauthentication frame / The IEEE 802.11 packet structure
- disassociation frame / The IEEE 802.11 packet structure
- probe request frame / The IEEE 802.11 packet structure
- probe response frame / The IEEE 802.11 packet structure
- reassociation (request/response) frame / The IEEE 802.11 packet structure
- Master Key exchange / WPA-Enterprise
- maximum segment size (MSS) / Understanding the TCP header and its various flags
- Message integrity check (MIC) / WPA-Personal
- MetaGeek
- reference link / Wireless interference and strength
- modes, wireless communications
- about / Various modes in wireless communications
- infrastructure/managed mode / Various modes in wireless communications
- Ad Hoc mode / Various modes in wireless communications
- master mode / Various modes in wireless communications
- monitor mode / Various modes in wireless communications
- wireless interference / Wireless interference and strength
- strength / Wireless interference and strength
- Multiple-Input Multiple-output (MIMO) / Understanding IEEE 802.11
N
- Name Resolution
- about / Endpoints
- Network Interface Card (NIC) / The layers in the TCP/IP model
- about / Endpoints
- network latencies
- troubleshooting / Troubleshooting slow Internet and network latencies
- Nmap
- reference link / Half-open scan (SYN)
- Null Function packets / WEP-open key
O
- Orthogonal Frequency Division Multiplexing (OFDM) / Understanding IEEE 802.11
- OS fingerprinting
- about / OS fingerprinting
- active fingerprinting / OS fingerprinting
- passive fingerprinting / OS fingerprinting
P
- packet analysis
- with Wireshark / An introduction to packet analysis with Wireshark
- packet analysis, Wireshark used
- about / An introduction to packet analysis with Wireshark
- aspects / An introduction to packet analysis with Wireshark
- performing / How to do packet analysis
- packets
- searching, Find dialog used / Searching for packets using the Find dialog
- traffic colorization / Colorize traffic
- packet structure, IEEE 802.11
- about / The IEEE 802.11 packet structure
- RTS/CTS / RTS/CTS
- Pairwise Transient Key (PTK) / WPA-Personal
- Password-based key derivation function (PBKDF2) / Summary
- ping sweep attack
- performing / PING sweep
- Point to Pont (PPP) / The layers in the TCP/IP model
- port mirroring / The switched environment
- Pre Shared Key (PSK) / WPA-Personal
- processes, protocol analyzer
- collect / How it works
- convert / How it works
- analyze / How it works
- Protocol data unit (PDU) / The layers in the TCP/IP model
- Protocol Hierarchy
- about / Protocol Hierarchy
Q
- QOS data packet / WEP-open key
- qualifiers
- type / How to use capture filters
- direction / How to use capture filters
- proto / How to use capture filters
R
- Radio Frequency (RF) / Wireless interference and strength
- Radio Frequency Monitor Mode (RFMON) / Various modes in wireless communications
- RADIUS server / WPA-Enterprise
- Read filter
- about / Command Line-fu
- real-world CTF challenges
- solving / Solving real-world CTF challenges
- Real time transport protocol (RTP) / Session Initiation Protocol and Voice Over Internet Protocol
- receive sequence counter (RSC) / WPA-Personal
- recovery features
- flow control mechanism / The flow control mechanism
- slow Internet, troubleshooting / Troubleshooting slow Internet and network latencies
- network latencies, troubleshooting / Troubleshooting slow Internet and network latencies
- client-side latency issues / Client- and server-side latencies
- server-side latency issues / Client- and server-side latencies
- bottleneck issues, troubleshooting / Troubleshooting bottleneck issues
- application-based issues, troubleshooting / Troubleshooting application-based issues
- Request-to-send (RTS) frame / The IEEE 802.11 packet structure
- routers
- passing through / Passing through routers
S
- Secure File Transfer Protocol (SFTP) / Dissecting FTP packets
- server-side latency issues / Client- and server-side latencies
- Service Set Identifier (SSID) / Various modes in wireless communications
- Session Initiation Protocol (SIP) / Session Initiation Protocol and Voice Over Internet Protocol
- Simple Mail Transfer Protocol (SMTP) / The layers in the TCP/IP model
- about / Simple Mail Transfer Protocol
- usual, versus unusual SMTP traffic / Usual versus unusual SMTP traffic
- Session Initiation Protocol (SIP) / Session Initiation Protocol and Voice Over Internet Protocol
- Voice Over Internet Protocol (VOIP) / Session Initiation Protocol and Voice Over Internet Protocol
- Voice Over Internet Protocol (VOIP) traffic, analyzing / Analyzing VOIP traffic
- unusual traffic patterns / Unusual traffic patterns
- encrypted traffic (SSL/TLS), decrypting / Decrypting encrypted traffic (SSL/TLS)
- Simple Network Management Protocol (SNMP) / The layers in the TCP/IP model
- slow Internet
- troubleshooting / Troubleshooting slow Internet and network latencies
- STA / WPA-Enterprise
- standards, IEEE 802.11
- about / Understanding IEEE 802.11
- 802.11 / Understanding IEEE 802.11
- 802.11b / Understanding IEEE 802.11
- 802.11a / Understanding IEEE 802.11
- 802.11g / Understanding IEEE 802.11
- 802.11n / Understanding IEEE 802.11
- Statistics menu
- about / The Statistics menu
- using / Using the Statistics menu
- Protocol Hierarchy / Protocol Hierarchy
- switched environment / The switched environment
T
- TCP / The layers in the TCP/IP model
- about / The transmission control protocol
- header / Understanding the TCP header and its various flags
- flags / Understanding the TCP header and its various flags
- communicating / How TCP communicates
- working / How it works
- graceful termination / Graceful termination
- RST (reset) packets / RST (reset) packets
- relative, verses absolute numbers / Relative verses Absolute numbers
- unusual TCP traffic / Unusual TCP traffic
- analysis flags, checking in Wireshark / How to check for different analysis flags in Wireshark
- TCP/IP model
- overview / A brief overview of the TCP/IP model
- layers / The layers in the TCP/IP model
- TCP sliding window mechanism / The flow control mechanism
- TCP stream graphs
- about / TCP stream graphs
- Round-trip time (RTT) / Round-trip time graphs
- Throughput graphs / Throughput graphs
- Time-Sequence graph (tcptrace) / The Time-sequence graph (tcptrace)
- TCP streams
- following / Follow TCP streams
- Temporal Key Integrity Protocol (TKIP) / WPA-Personal
- three-way handshake / The transmission control protocol
- translation / Translation
- Transmission Control Protocol (TCP) / How it works
- Trivial File Transfer Protocol (TFTP) / The TFTP
U
- UDP / The layers in the TCP/IP model
- about / The User Datagram Protocol
- header / A UDP header
- working / How it works
- Dynamic Host Configuration Protocol (DHCP) / The DHCP
- Trivial File Transfer Protocol (TFTP) / The TFTP
- unusual traffic / Unusual UDP traffic
- UDP header
- about / A UDP header
- source port field / A UDP header
- destination port field / A UDP header
- packet length field / A UDP header
- checksum field / A UDP header
- Uniform Resource Locator (URL) / Request
- unusual FTP / Unusual FTP
- USBPcap
- about / USBPcap
- usual SMTP traffic
- versus unusual SMTP traffic / Usual versus unusual SMTP traffic
V
- VirusTotal
- reference link / Inspecting malicious traffic
- Voice Over Internet Protocol (VOIP)
- about / Session Initiation Protocol and Voice Over Internet Protocol
- traffic, analyzing / Analyzing VOIP traffic
- packets, resembling for playback / Reassembling packets for playback
- VOIP traffic
- analyzing / Analyzing VOIP traffic
- packets, reassembling for playback / Reassembling packets for playback
W
- WEP
- open key / Usual and unusual WEP – open/shared key communication, WEP-open key
- shared key / Usual and unusual WEP – open/shared key communication, The shared key
- about / Usual and unusual WEP – open/shared key communication
- personal / WPA-Personal
- traffic, decrypting / Decrypting WEP and WPA traffic
- Wi-Fi Protected Access (WPA)
- about / WPA-Personal
- enterprise / WPA-Enterprise
- traffic, decrypting / Decrypting WEP and WPA traffic
- Wireshark
- about / Introduction to Wireshark, What is Wireshark?
- packet analysis / An introduction to packet analysis with Wireshark
- reference link / What is Wireshark?, Passing through routers, Summary
- working / How it works
- advantages / Why use Wireshark?
- Statistics menu / The Statistics menu
- analysis flags, checking / How to check for different analysis flags in Wireshark
- Wireshark GUI
- about / The Wireshark GUI
- installation process / The installation process
- Wireshark profiles
- creating / Create new Wireshark profiles
- Wireshark v2
- translation / Translation
- graph improvements / Graph improvements
- TCP streams / TCP streams
- USBPcap / USBPcap
Z
- Zero window notification / The flow control mechanism