Book Image

Packet Analysis with Wireshark

By : ANISH NATH
Book Image

Packet Analysis with Wireshark

By: ANISH NATH

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Packet Analysis with Wireshark
ANISH NATH
Dec, 2015 | 172 pages
Small book image
Mastering Linux Administration
Alexandru Calcatinge | Julian Balog
Mar, 2024 | 764 pages
Small book image
Linux for System Administrators
Viorel Rudareanu | Daniil Baturin
Sep, 2023 | 294 pages
Small book image
Mastering Linux Administration
Alexandru Calcatinge | Julian Balog
Jun, 2021 | 772 pages
Table of Contents (14 chapters)
Packet Analysis with Wireshark
Packet Analysis with Wireshark
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Packet Analyzers
Packet Analyzers
Uses for packet analyzers
Introducing Wireshark
Other packet analyzer tools
Summary
2
Capturing Packets
Capturing Packets
Guide to capturing packets
Troubleshooting
Wireshark user interface
Wireshark features
Tcpdump and snoop
References
Summary
3
Analyzing the TCP Network
Analyzing the TCP Network
Recapping TCP
TCP connection establishment and clearing
TCP data communication
TCP close sequence
Lab exercise
TCP troubleshooting
TCP latency issues
Wireshark TCP sequence analysis
References
Summary
4
Analyzing SSL/TLS
Analyzing SSL/TLS
An introduction to SSL/TLS
The SSL/TLS handshake
Key exchange
Decrypting SSL/TLS
Debugging issues
Summary
5
Analyzing Application Layer Protocols
Analyzing Application Layer Protocols
DHCPv6
BOOTP/DHCP
DNS
HTTP
References
Summary
6
WLAN Capturing
WLAN Capturing
WLAN capture setup
Analyzing the Wi-Fi networks
Wi-Fi sniffing products
Summary
7
Security Analysis
Security Analysis
Heartbleed bug
The DOS attack
Scanning
ARP duplicate IP detection
DrDoS
BitTorrent
Wireshark protocol hierarchy
Summary
Index
Index

Index

A

  • 802.11 auth process
    • about / 802.11 auth process
  • alerts
    • close_notify / Alert Protocol
    • unexpected_message / Alert Protocol
    • bad_record_mac / Alert Protocol
    • decryption_failed / Alert Protocol
    • record_overflow / Alert Protocol
    • decompression_failure / Alert Protocol
    • handshake_failure / Alert Protocol
    • bad_certificate / Alert Protocol
    • unsupported_certificate / Alert Protocol
    • certificate_revoked / Alert Protocol
    • certificate_expired / Alert Protocol
    • certificate_unknown / Alert Protocol
    • illegal_parameter / Alert Protocol
    • unknown_ca / Alert Protocol
    • decode_error / Alert Protocol
    • decrypt_error / Alert Protocol
    • export_restriction / Alert Protocol
    • protocol_version / Alert Protocol
    • insufficient_security / Alert Protocol
    • internal_error / Alert Protocol
    • user_canceled / Alert Protocol
    • no_renegotiation / Alert Protocol
  • ARP duplicate IP detection
    • about / ARP duplicate IP detection

B

  • Berkeley Packet Filter (BPF)
    • about / The capture filter options
  • Bit-Twist
    • URL / Other packet analyzer tools
  • BitTorrent protocol
    • about / BitTorrent
  • BOOTP/DHCP
    • about / BOOTP/DHCP
    • Wireshark filter / BOOTP/DHCP Wireshark filter
    • address assignment / Address assignment
    • capture DHCPv4 traffic / Capture DHCPv4 traffic

C

  • Cain
    • URL / Other packet analyzer tools
  • Capture Options
    • packets, capturing with / Capturing packets with Capture Options
    • Capture Filter options / The capture filter options
  • client certificate
    • about / Client certificate
  • client certificate request
    • about / Client certificate request
  • Client Hello message
    • about / Client Hello
    • structure / Client Hello
    • message / Client Hello
    • version / Client Hello
    • random / Client Hello
    • Session ID / Client Hello
    • cipher suites / Client Hello
    • compression methods / Client Hello
    • extensions / Client Hello
  • Client Key Exchange message
    • about / Client Key Exchange
  • control frames / Control frames

D

  • data frames / Data frames
  • decode-as feature
    • about / Decode-As
  • DHCP/BOOT
    • URL / References
  • DHE/ECHDE traffic
    • decrypting / Decrypting DHE/ECHDE traffic
    • forward secrecy / Forward secrecy
  • Diffie-Hellman (DHE) key exchange
    • about / The Diffie-Hellman key exchange
    • naming convention / The Diffie-Hellman key exchange
    • URL / The Diffie-Hellman key exchange
  • displayed packet
    • exporting / Exporting the displayed packet
  • Display filter references
    • URL / References
  • Distributed Reflection Denial of Service (DrDoS) / DrDoS
  • Domain Name System (DNS)
    • about / DNS
    • Wireshark filter / DNS Wireshark filter
    • port / Port
    • resource records / Resource records
    • traffic / DNS traffic
    • URL / References
  • DOS attack
    • about / The DOS attack
    • SYN flood / SYN flood
    • Internet Control Message Protocol (ICMP) flood / ICMP flood
    • SSL flood / SSL flood
  • Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    • about / DHCPv6
    • Wireshark filter / DHCPv6 Wireshark filter
    • multicast addresses / Multicast addresses
    • UDP port information / The UDP port information
    • message types / DHCPv6 message types
    • message exchanges / Message exchanges
    • traffic capture / DHCPv6 traffic capture
    • URL / References

E

  • EAPOL / 802.1X EAPOL
  • EAP over LAN / 802.1X EAPOL
  • Elliptic curve cryptography (ECC) / Elliptic curve Diffie-Hellman key exchange
  • Elliptic curve Diffie-Hellman cryptography (ECDHE) / Forward secrecy
  • Elliptic curve Diffie-Hellman key exchange
    • about / Elliptic curve Diffie-Hellman key exchange
    • URL / Elliptic curve Diffie-Hellman key exchange
  • Ettercap
    • URL / Other packet analyzer tools
  • Extensible Authentication Protocol (EAP) / 802.1X EAPOL

F

  • features, Wireshark
    • decode-as / Decode-As
    • protocol preference / Protocol preferences
    • IO graph, using / The IO graph
    • TCP stream, following / Following the TCP stream
    • displayed packet, exporting / Exporting the displayed packet
    • firewall ACL rules, generating / Generating the firewall ACL rules
  • Filter toolbar
    • about / The Filter toolbar
    • filtering techniques / Filtering techniques
    • filter examples / Filter examples
  • firewall ACL rules
    • generating / Generating the firewall ACL rules
  • forward secrecy
    • about / Forward secrecy
    • references / Forward secrecy
  • frames
    • about / Frames
    • management frames / Management frames
    • data frames / Data frames
    • control frames / Control frames

H

  • Heartbleed
    • bug / Heartbleed bug
    • Wireshark filter / The Heartbleed Wireshark filter
    • Wireshark analysis / Heartbleed Wireshark analysis
    • testing / The Heartbleed test
    • Detector, URL / The Heartbleed test
    • online test, URL / The Heartbleed test
    • recommendations / Heartbleed recommendations
  • HTTP
    • about / HTTP
    • Wireshark filter / HTTP Wireshark filter
    • use cases / HTTP use cases
    • URL / References
  • HTTP, use cases
    • top http response time, finding / Finding the top HTTP response time
    • packets finding, HTTP methods based / Finding packets based on HTTP methods
    • sensitive information, finding in form post / Finding sensitive information in a form post
    • HTTP status code, using / Using HTTP status code
  • HTTP protocol preferences
    • about / Protocol preferences

I

  • initial sequence number (ISN) / Handshake message – first step [SYN]
  • Interface Lists
    • packets, capturing with / Capturing packets with Interface Lists
    • interface names / Common interface names
  • Internet Control Message Protocol (ICMP) flood, DOS attack
    • about / ICMP flood
    • mitigation / ICMP flood mitigation
  • IO graph
    • using / The IO graph

K

  • key exchange
    • about / Key exchange
  • key exchange, types
    • Diffie-Hellman (DHE) key exchange / The Diffie-Hellman key exchange
    • Elliptic curve Diffie-Hellman key exchange / Elliptic curve Diffie-Hellman key exchange
    • RSA / RSA
  • KisMac
    • URL / Wi-Fi sniffing products
  • Kismet
    • URL / Wi-Fi sniffing products

M

  • management frames / Management frames
  • Maximum Segment Size (MSS) / Handshake message – first step [SYN]
  • medium access control (MAC) layer / The 802.11 protocol stack
  • message exchanges, Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    • about / Message exchanges
    • four-message exchange / The four-message exchange
    • two-message exchange / The two-message exchange
  • message types, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) / DHCPv6 message types

N

  • NetStumbler
    • URL / Wi-Fi sniffing products
  • No-Operation (NOP) / TCP header fields, Handshake message – first step [SYN]

O

  • online nmap tool
    • URL / Vulnerability scanning

P

  • 802.11 protocol stack / The 802.11 protocol stack
  • packet analyzer
    • tools / Other packet analyzer tools
    • mobile packet capture / Mobile packet capture
  • packet analyzers
    • uses / Uses for packet analyzers
  • Packet Bytes pane
    • about / The Packet Bytes pane
  • packet capture process
    • about / The Wireshark packet capture process
  • Packet Details pane
    • about / The Packet Details pane
  • Packet List pane
    • about / The Packet List pane
  • packets
    • capturing / Guide to capturing packets
    • capturing, with Interface Lists / Capturing packets with Interface Lists
    • capturing, with Start options / Capturing packets with Start options
    • capturing, with Capture Options / Capturing packets with Capture Options
    • file, auto-capturing periodically / Auto-capturing a file periodically
  • PPP (Point-to-Point Protocol) / 802.1X EAPOL
  • protocol preference feature
    • about / Protocol preferences

R

  • reset sequence
    • about / TCP reset sequence
    • RST after SYN-ACK / RST after SYN-ACK
    • RST after SYN / RST after SYN
  • RFC675 TCP/IP
    • URL / References
  • RFC793 TCP v4
    • URL / References
  • RFMON (Radio Frequency Monitor) mode / WLAN capture setup
  • Riverbed AirPcap adapter
    • URL / Wi-Fi sniffing products
  • RSA / RSA
  • RSA traffic
    • decrypting / Decrypting RSA traffic

S

  • scanning
    • about / Scanning
    • vulnerability scanning / Vulnerability scanning
    • SSL scans / SSL scans
  • Scapy
    • URL / Other packet analyzer tools
  • server certificate
    • about / Server certificate
  • Server Hello Done message
    • about / Server Hello Done
  • Server Hello message
    • about / Server Hello
    • Handshake Type / Server Hello
    • version / Server Hello
    • session ID / Server Hello
    • cipher suite / Server Hello
    • extensions / Server Hello
  • Server Key Exchange message
    • about / Server Key Exchange
  • snoop tool
    • about / Tcpdump and snoop
  • Snort
    • URL / Other packet analyzer tools
  • SSL-related issues
    • debugging / Debugging issues
  • SSL/TLS
    • about / An introduction to SSL/TLS
    • benefits / An introduction to SSL/TLS
    • versions / SSL/TLS versions
    • components / The SSL/TLS component
    • handshake / The SSL/TLS handshake
    • decrypting / Decrypting SSL/TLS
    • RSA traffic, decrypting / Decrypting RSA traffic
    • DHE/ECHDE traffic, decrypting / Decrypting DHE/ECHDE traffic
  • SSL/TLS handshake
    • about / The SSL/TLS handshake
    • types / Types of handshake message
    • Client Hello message / Client Hello
    • Server Hello / Server Hello
    • server certificate / Server certificate
    • Server Key Exchange message / Server Key Exchange
    • client certificate request / Client certificate request
    • Server Hello Done message / Server Hello Done
    • client certificate / Client certificate
    • Client Key Exchange message / Client Key Exchange
    • Client Certificate Verify message / Client Certificate Verify
    • Change Cipher Spec record type / Change Cipher Spec
    • Finished message / Finished
    • Application Data message / Application Data
    • Alert Protocol / Alert Protocol
  • SSL flood, DOS attack
    • about / SSL flood
  • SSL testing
    • references / Debugging issues
  • Start options
    • packets, capturing with / Capturing packets with Start options
  • Stumbler
    • URL / Wi-Fi sniffing products
  • Switch Port Analyzer (SPAN) port / The Wireshark packet capture process
  • SYN flood, DOS attack
    • about / SYN flood
    • mitigation / SYN flood mitigation

T

  • TAP (Test Access Point) / The Wireshark packet capture process
  • TCP analyze sequence numbers
    • URL / References
  • TCP CLOSE_STATE
    • about / How to resolve TCP CLOSE_STATE
  • TCP CLOSE_WAIT
    • about / TCP CLOSE_WAIT
  • TCP display filter
    • reference link / Filter examples
  • tcpdump tool
    • about / Tcpdump and snoop
  • TCP Dup-ACK
    • about / TCP Dup-ACK
  • Tcpreplay
    • URL / Other packet analyzer tools
  • TCP stream
    • following / Following the TCP stream
  • TCP TIME_WAIT
    • about / TCP TIME_WAIT
  • TCP Window Update
    • about / TCP Window Update
  • three-way handshake, Transmission Control Protocol (TCP)
    • about / TCP three-way handshake
    • first step [SYN] / Handshake message – first step [SYN]
    • second step [SYN, ACK] / Handshake message – second step [SYN, ACK]
    • third step [ACK] / Handshake message – third step [ACK]
  • TLS extensions
    • reference list / Client Hello
  • Transmission Control Protocol (TCP)
    • about / Recapping TCP
    • header fields / TCP header fields
    • states / TCP states
    • connection establishment / TCP connection establishment and clearing
    • three-way handshake / TCP three-way handshake
    • data communication / TCP data communication
    • close sequence / TCP close sequence
    • Wiki, URL / References
    • TCP/IP guide, URL / References
  • Transmission Control Protocol (TCP), latency
    • issues / TCP latency issues
    • identifying / Identifying latency
    • server latency example / Server latency example
    • wire latency / Wire latency
  • Transmission Control Protocol (TCP), latency issues
    • causes / Cause of latency
  • Transmission Control Protocol (TCP), troubleshooting
    • about / TCP troubleshooting
    • reset sequence / TCP reset sequence
    • CLOSE_WAIT / TCP CLOSE_WAIT
    • TIME_WAIT / TCP TIME_WAIT
  • troubleshooting
    • packets, capturing / Troubleshooting

U

  • US-CERT
    • alert TA14-017A, URL / DrDoS
  • user interface, Wireshark
    • about / Wireshark user interface
    • Filter toolbar / The Filter toolbar
    • Packet List pane / The Packet List pane
    • Packet Details pane / The Packet Details pane
    • Packet Bytes pane / The Packet Bytes pane

W

  • Wi-Fi networks
    • analyzing / Analyzing the Wi-Fi networks
    • frames / Frames
    • 802.11 auth process / 802.11 auth process
    • 802.1X EAPOL / 802.1X EAPOL
    • 802.11 protocol stack / The 802.11 protocol stack
  • Wi-Fi sniffing products
    • about / Wi-Fi sniffing products
    • Kismet / Wi-Fi sniffing products
    • Riverbed AirPcap / Wi-Fi sniffing products
    • KisMac / Wi-Fi sniffing products
    • Stumbler / Wi-Fi sniffing products
    • NetStumbler / Wi-Fi sniffing products
  • WireEdit
    • URL / Other packet analyzer tools
  • Wireshark
    • about / Introducing Wireshark
    • URL / Introducing Wireshark, References
    • features / Wireshark features, Wireshark features
    • dumpcap / Wireshark's dumpcap and tshark
    • tshark / Wireshark's dumpcap and tshark
    • packet capture process / The Wireshark packet capture process
    • wiki link / 802.1X EAPOL
  • Wireshark community
    • URL / Troubleshooting
  • Wireshark protocol hierarchy
    • about / Wireshark protocol hierarchy
  • Wireshark TCP sequence analysis
    • about / Wireshark TCP sequence analysis
    • retransmission / TCP retransmission
    • TCP ZeroWindow / TCP ZeroWindow
  • WLAN capture setup
    • about / WLAN capture setup
    • multi-channel captures, URL / WLAN capture setup
    • wireless network interface controller (WNIC) / WLAN capture setup
    • AP (Access Point) / WLAN capture setup
    • monitor mode / The monitor mode

X

  • 802.1X EAPOL / 802.1X EAPOL
Previous Section
End of Chapter
Next Chapter