Book Image

Wireshark Network Security

By : Piyush Verma
Book Image

Wireshark Network Security

By: Piyush Verma

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Wireshark Network Security
Piyush Verma
Jul, 2015 | 138 pages
No titles found
Table of Contents (14 chapters)
Wireshark Network Security
Wireshark Network Security
Credits
Credits
About the Author
About the Author
Acknowledgment
Acknowledgment
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Wireshark – What, Why, and How?
Getting Started with Wireshark – What, Why, and How?
Sniffing
The tools of the trade
What is Wireshark?
The Wireshark interface – Before starting the capture
First packet capture
Summary
2
Tweaking Wireshark
Tweaking Wireshark
Filtering our way through Wireshark
Wireshark profiles
Essential techniques in Wireshark
Wireshark command-line fu
Summary
3
Analyzing Threats to LAN Security
Analyzing Threats to LAN Security
Analyzing clear-text traffic
Examining sniffing attacks
Analyzing network reconnaissance techniques
Detect password cracking attempts
Miscellaneous attacks
Complementary tools to Wireshark
Important display filters
Nailing the CTF challenge
Summary
4
Probing E-mail Communications
Probing E-mail Communications
E-mail forensics challenges
Analyzing attacks on e-mail communications
Important filters
Summary
5
Inspecting Malware Traffic
Inspecting Malware Traffic
Gearing up Wireshark
Malicious traffic analysis
IRC botnet(s)
Summary
6
Network Performance Analysis
Network Performance Analysis
Creating a custom profile for troubleshooting
Optimization before analysis
TCP-based issues
Case study 1 – Slow Internet
Case study 2 – Sluggish downloads
Case study 3 – Denial of Service
Summary
Index
Index

Complementary tools to Wireshark

In this section, we will look at some fantastic tools that complement Wireshark and help us in performing better analysis.

Xplico

Xplico is a fantastic open source network forensics analysis tool and comes packaged with popular pen-testing and forensics Linux distributions.

Up and running with Xplico on Kali Linux:

  1. To install Xplico manually, run the following command:

    sudo apt-get install xplico

  2. Once installed, we need to start Xplico's service by running:

    /etc/init.d/xplico start

  3. Also, make sure that the web service is running. This can be done by running /etc/init.d/apache2 start. Now we need to open the browser and browse http://127.0.0.1:9876 and use xplico and xplico as the username and password.

    Xplico's GUI post-login

  4. First, we need to create a new case and then a new session inside that case and later upload the PCAP file for analysis.

As mentioned in its Wiki page, Xplico can help reconstruct the contents of acquisitions performed with a packet sniffer...

Previous Section
End of Section 7
Next Section