Index
A
- ACK scan / ACK scan
- active sniffing / Examining sniffing attacks
- Adaptive Security Device Manage (ASDM)
- about / HTTP basic authentication
- Address Resolution Protocol (ARP)
- about / ARP poisoning
- ARP poisoning / ARP poisoning
- tools, using / ARP poisoning
- detecting, with Wireshark / ARP poisoning
- AUTH LOGIN command
B
- Base64
- Base64 decoding
- Berkeley Packet Filtering (BPF) filter synta / Filtering our way through Wireshark
- Blackhole exploit kit
- defining / Case study – Blackhole exploit kit
- URL / Case study – Blackhole exploit kit
- protocols, defining / Protocols in action
- IP address, of infected box / The IP address of the infected box
- unusual port number / Any unusual port number
- malicious website / A compromised website
- infected file(s) / Infected file(s)
- conclusion / Conclusion
- blacklisted IP addresses
- URL / Any unusual port number
- Botnet-based communications
- URL / IRC botnet(s)
- Brute-force attacks
- about / Brute-force attacks
- POP3 password cracking, identifying / Identifying POP3 password cracking
- HTTP basic authentication / HTTP basic authentication
C
- capinfos
- about / capinfos
- capture engine / Capture filters
- capture file, Blackhole exploit kit
- capture files
- URL / The Files menu
- capture filters
- about / Filter toolbar, Capture filters
- reference / Filtering our way through Wireshark, Capture filters
- list / Capture filters
- Capture setup
- URL / Capture Help
- clear-text traffic
- analyzing / Analyzing clear-text traffic
- credentials, viewing in Wireshark / Viewing credentials in Wireshark
- data stream, reassembling / Reassembling data stream
- coloring rules
- command-and-control (C&C)
- about / IRC botnet(s)
- command-line utilities, Wireshark
- about / Wireshark command-line fu
- tshark / tshark
- capinfos / capinfos
- editcap / editcap
- mergecap / mergecap
- Conversations window
- about / The Conversations window
- CTF challenge
- nailing / Nailing the CTF challenge
- CTU-13 dataset
- URL / Inspection
- custom profile
- creating, for troubleshooting / Creating a custom profile for troubleshooting
D
- data stream
- case study / Case study
- Denial of Service (DoS)
- about / Case study 3 – Denial of Service
- dictionary-based attacks
- about / Dictionary-based attacks
- FTP password cracking, detecting / Detecting FTP password cracking
- display filters
- about / Filter toolbar, Display filters, Important display filters
- reference / Filtering our way through Wireshark, The list of display filters
- URL / Display filters
- list / The list of display filters
- filters, based on protocols / Filters based on protocols
- filters, based on unique signatures / Filters based on unique signatures and regular expressions
- filters, based on regular expressions / Filters based on unique signatures and regular expressions, Regular expressions
- Distributed Denial-of-Service (DDoS)
- about / IRC botnet(s)
- Distributed DoS (DDoS)
- about / Case study 3 – Denial of Service
- DNS
- about / DNS
- DNS zone transfer / DNS zone transfer
- Dynamic Host Configuration Protocol (DHCP)-related issues / Capture filters
E
- e-mail communications
- attacks, analyzing on / Analyzing attacks on e-mail communications
- SMTP enumeration, detecting / Detecting SMTP enumeration
- SMTP relay attack, analyzing / Analyzing SMTP relay attack
- e-mail forensics challenges
- about / E-mail forensics challenges
- normal login session / Challenge 1 – Normal login session
- URL / Challenge 1 – Normal login session, Challenge 2 – Corporate espionage
- corporate espionage / Challenge 2 – Corporate espionage
- editcap
- about / editcap
- Endpoints window
- about / The Endpoints window
- ESMTP (Enhanced SMTP)
- essential techniques, Wireshark
- about / Essential techniques in Wireshark
- Summary window / The Summary window
- Protocol Hierarchy window / The Protocol Hierarchy window
- Conversations window / The Conversations window
- Endpoints window / The Endpoints window
- Expert Infos window / The Expert Infos window
- Expert Infos window
- about / The Expert Infos window
F
- file
- extracting / Infected file(s)
- file(s), extracting manually
- URL / Infected file(s)
- file signatures
- filtering options
- display filters / Filtering our way through Wireshark
- capture filters / Filtering our way through Wireshark
- filters
- defining / Important filters
- Filters based on protocols
- first packet capture
- defining, Wireshark used / First packet capture
- frame 105840
- about / Nailing the CTF challenge
- FTP / FTP
- FTP bounce attack / FTP bounce attack
G
- GeoIP database
- URL / The Endpoints window
H
I
- ICMP-based fingerprinting / OS fingerprinting attempts
- Initial Sequence Number (ISN)
- about / OS fingerprinting attempts
- installation guideline, Wireshark
- URL / What is Wireshark?
- Internet Information Server (IIS)
- about / Case study 3 – Denial of Service
- Internet Message Format (IMF)
- about / Nailing the CTF challenge
- Internet Relay Chat (IRC)
- about / IRC botnet(s)
- IP Protocol scan / IP Protocol scan
- IRC Botnet(s)
- defining / IRC botnet(s)
- inspection / Inspection
- IRC communications
- URL / IRC botnet(s)
- IV (Initialization Vector)
- about / Nailing the CTF challenge
K
- Kali Linux
- URL / SSL stripping attack
L
- live machines
- ping sweep / Ping sweep
- ARP sweep / ARP sweep
M
- MAC flooding
- about / MAC flooding
- tools / MAC flooding
- detecting, with Wireshark / MAC flooding
- Expert Info / MAC flooding
- malicious traffic analysis
- about / Malicious traffic analysis
- Blackhole exploit kit / Case study – Blackhole exploit kit
- malwares
- URL / Any unusual port number
- Man-in-the-Middle (MitM)
- about / Examining sniffing attacks
- md5sum
- mergecap
- about / mergecap
- Metasploit
- auxiliary module, using / Using auxiliary module in Metasploit
- miscellaneous attacks
- about / Miscellaneous attacks
- FTP bounce attack / FTP bounce attack
- DNS zone transfer / DNS zone transfer
- SSL stripping attack / SSL stripping attack
N
- Network Access Control (NAC)
- about / Examining sniffing attacks
- network intrusion detection system (NIDS)
- about / The tools of the trade
- network intrusion prevention system (NIPS)
- about / The tools of the trade
- Network Mapper (Nmap)
- Network Media
- URL / Capture Help
- network reconnaissance
- network reconnaissance techniques
- analyzing / Analyzing network reconnaissance techniques
- network scanning activities, examining / Examining network scanning activities
- OS fingerprinting, attempts / OS fingerprinting attempts
- network scanning activities
- examining / Examining network scanning activities
- defining / Examining network scanning activities
- scanning, for live-machines / Detect the scanning activity for live machines
- port scanning attempts, identifying / Identify port scanning attempts
- scanning techniques / Other scanning attempts
O
- optimization
- defining / Optimization before analysis
- options, Capture frame
- Interface List / Capture frame
- Start / Capture frame
- Capture Options / Capture frame
- options, frame
- URL / Capture frame
- OS fingerprinting technique
- about / OS fingerprinting attempts
- tools, using / OS fingerprinting attempts
- ICMP-based fingerprinting / OS fingerprinting attempts
- TCP/IP-based fingerprinting / OS fingerprinting attempts
- URL / OS fingerprinting attempts
P
- packet analysis
- about / Packet analysis
- defining / Packet analysis
- panes, Wireshark
- Packet List pane / First packet capture
- Packet Details pane / First packet capture
- Packet Bytes pane / First packet capture
- passive sniffing / Examining sniffing attacks
- password cracking attempts
- detecting / Detect password cracking attempts
- Brute-force attacks / Brute-force attacks
- dictionary-based attacks / Dictionary-based attacks
- PCAP2XML
- PCAP file
- Perl Compatible Regular Expression (PCRE)
- about / Regular expressions
- port scanning attempts
- TCP Connect scan / A TCP Connect scan
- stealth scan / Stealth scan
- NULL scan / NULL scan
- UDP scan / UDP scan
- probing e-mail conversations
- about / Case study
- Protocol Hierarchy window
- about / The Protocol Hierarchy window
- protocols, clear-text traffic
Q
- quoted-printable encoding
R
- reconnaissance
- Regular Expressions (RegEx)
- about / Regular expressions
- URL / Regular expressions
- Request Time-Outs (RTOs)
- about / TCP-based issues
S
- scanning techniques
- ACK scan / ACK scan
- IP Protocol scan / IP Protocol scan
- signatures
- SMTP-AUTH
- SMTP enumeration
- detecting / Detecting SMTP enumeration
- auxiliary module, using in Metasploit / Using auxiliary module in Metasploit
- SMTP relay attacks
- analyzing / Analyzing SMTP relay attack
- filters, displaying / Analyzing SMTP relay attack
- sniffing
- about / Sniffing
- need for / The purpose of sniffing
- packet analysis / Packet analysis
- sniffing attacks
- examining / Examining sniffing attacks
- passive sniffing / Examining sniffing attacks
- active sniffing / Examining sniffing attacks
- MAC flooding / MAC flooding
- ARP poisoning / ARP poisoning
- SSHFlow
- sslstrip
- about / SSL stripping attack
- SSL stripping attack
- about / SSL stripping attack
- URL / SSL stripping attack
- Statistics category / The Endpoints window
- stealth scan
- about / Stealth scan
- Flow Graph / Wireshark's Flow Graph
- Expert Info / Wireshark's Expert Info
- Conversations / Wireshark's Conversations
- Steganography
- about / Case study
- Summary window
- about / The Summary window
- SYN flood
- about / SYN flood
- Sysdig
- URL / Sysdig
- SYSDIG
- about / Sysdig
T
- TCP-based issues
- about / TCP-based issues
- display filters / TCP-based issues
- considerations / TCP-based issues
- case study, slow internet / Case study 1 – Slow Internet, Analysis
- case study, sluggish downloads / Case study 2 – Sluggish downloads, Analysis
- case study, Denial of Service (DoS) / Case study 3 – Denial of Service
- TCP/IP-based fingerprinting / OS fingerprinting attempts
- TCP Connect scan
- about / A TCP Connect scan
- Flow Graph / Wireshark's Flow Graph
- Expert Info / Wireshark's Expert Info
- Conversations / Wireshark's Conversations
- tcpdump / Filtering our way through Wireshark
- Tcpdump
- about / The tools of the trade
- URL / The tools of the trade
- Telnet / Telnet
- Telnet traffic
- credentials, viewing for / Telnet
- TFTP / TFTP
- tools, of trade
- defining / The tools of the trade
- Tcpdump / The tools of the trade
- Nagios Network Analyzer / The tools of the trade
- OmniPeek / The tools of the trade
- Wireshark / The tools of the trade
- tools, Wireshark
- about / Complementary tools to Wireshark
- XPLICO / Xplico
- SYSDIG / Sysdig
- PCAP2XML / Pcap2XML
- SSHFlow / SSHFlow
- traffic
- analyzing / A compromised website
- tshark
- about / tshark, Analysis
- capture, starting / Starting the capture
- capture, saving to file / Saving the capture to a file
- filters, using / Using filters
- statistics / Statistics
W
- WEP
- cracking / Nailing the CTF challenge
- Wireshark
- about / The tools of the trade
- URL / The tools of the trade, What is Wireshark?
- defining / What is Wireshark?, Gearing up Wireshark
- used, for defining first packet capture / First packet capture
- filtering through / Filtering our way through Wireshark
- essential techniques / Essential techniques in Wireshark
- command-line utilities / Wireshark command-line fu
- using / Nailing the CTF challenge
- updated columns / Updated columns
- updated coloring rules / Updated coloring rules
- display filters / Important display filters
- Wireshark interface
- about / The Wireshark interface – Before starting the capture
- title / Title
- Menu bar / Menu
- main toolbar / Main toolbar
- filter toolbar / Filter toolbar
- Capture frame / Capture frame
- Capture Help menu / Capture Help
- Files menu / The Files menu
- online resources / Online
- Status bar / The Status bar
- Wireshark profiles
- about / Wireshark profiles
- creating / Creating a new profile
X
Z
- ZeroAccess Trojan
- about / Conclusion
- Zero window
- about / TCP-based issues