Book Image

Packet Analysis with Wireshark

By : ANISH NATH
Book Image

Packet Analysis with Wireshark

By: ANISH NATH

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Packet Analysis with Wireshark
ANISH NATH
Dec, 2015 | 172 pages
Small book image
Mastering Linux Administration
Alexandru Calcatinge | Julian Balog
Mar, 2024 | 764 pages
Small book image
Linux for System Administrators
Viorel Rudareanu | Daniil Baturin
Sep, 2023 | 294 pages
Small book image
Mastering Linux Administration
Alexandru Calcatinge | Julian Balog
Jun, 2021 | 772 pages
Table of Contents (14 chapters)
Packet Analysis with Wireshark
Packet Analysis with Wireshark
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Packet Analyzers
Packet Analyzers
Uses for packet analyzers
Introducing Wireshark
Other packet analyzer tools
Summary
2
Capturing Packets
Capturing Packets
Guide to capturing packets
Troubleshooting
Wireshark user interface
Wireshark features
Tcpdump and snoop
References
Summary
3
Analyzing the TCP Network
Analyzing the TCP Network
Recapping TCP
TCP connection establishment and clearing
TCP data communication
TCP close sequence
Lab exercise
TCP troubleshooting
TCP latency issues
Wireshark TCP sequence analysis
References
Summary
4
Analyzing SSL/TLS
Analyzing SSL/TLS
An introduction to SSL/TLS
The SSL/TLS handshake
Key exchange
Decrypting SSL/TLS
Debugging issues
Summary
5
Analyzing Application Layer Protocols
Analyzing Application Layer Protocols
DHCPv6
BOOTP/DHCP
DNS
HTTP
References
Summary
6
WLAN Capturing
WLAN Capturing
WLAN capture setup
Analyzing the Wi-Fi networks
Wi-Fi sniffing products
Summary
7
Security Analysis
Security Analysis
Heartbleed bug
The DOS attack
Scanning
ARP duplicate IP detection
DrDoS
BitTorrent
Wireshark protocol hierarchy
Summary
Index
Index

Preface

The purpose of this book is to identify, learn about, and solve issues related to protocol, network, and security, and see how Wireshark helps to analyze these patterns by allowing its features to troubleshoot effectively. This book has lab exercises and contains packet capture files for offline viewing and analyses. Most of the examples contain production-like scenarios and their solutions and steps to reproduce these solutions.

This book also contains effective capturing methods that can be used directly in production without installing Wireshark.

Wireshark is an awesome tool for troubleshooting and learning, and within the scope of this book, we have taken the best use cases for different types of audiences, such as network administrators, security auditors, protocol learners, and troubleshooters.

What this book covers

Chapter 1, Packet Analyzers, covers the definition of packet analyzers and their use cases, network interfaces naming conventions, pcap/pcanpng file extensions, and types of network analyzer tools.

Chapter 2, Capturing Packets, covers how to capture packets using Wireshark, tcpdump, and snoop; how to use Wireshark display filters; and how to use Wireshark's cool features such as Decode-As and protocol preferences. Also, we will cover the TCP stream, exporting images, generating a firewall ACL rule, autocapture setup, and the name resolution feature.

Chapter 3, Analyzing the TCP Network, covers the TCP state machine, TCP connection establishment and closing sequence, practical troubleshooting labs such as (CLOSE_WAIT, TIME_WAIT), how to identify and fix latency issues, and Wireshark TCP sequence analysis flag (zero window, dup-ok, TCP retransmission, and window update) features.

Chapter 4, Analyzing SSL/TLS, covers the TLS/SSL two-way mutual authentication process with Wireshark, SSL/TLS decryption with Wireshark, and the identification of handshake failure with Wireshark.

Chapter 5, Analyzing Application Layer Protocols, covers how to analyze a protocol using the Wireshark display filter, how these protocols work, how to simulate these packets, capture, and display them using tcpdump/Wireshark.

Chapter 6, WLAN Capturing, covers WLAN capture setup and monitor mode, capturing with tcpdump, 802.11 display filters, Layer-2 datagram frames types, Wireshark display filters, and other Wi-Fi Sniffing products available.

Chapter 7, Security Analysis, covers the security aspect with Wireshark and discusses uses cases such as the Heartbleed bug, SYN flood/mitigation, ICMP flood/mitigation, MITM, BitTorrent, and host scanning.

What you need for this book

The topics covered in this book require a basic understanding of TCP/IP. The examples used in this book are independent of an operating system. All the examples are executed in a MAC and Linux OS. Windows users can install Cygwin to use a Linux command-line utility. The following executables are used in this book:

  • Wireshark

  • tcpdump

  • snoop

  • dig

  • nslookup

  • java

  • wget

  • dhclient

  • nmap

Who this book is for

This book provides background information to help readers understand the topics that are discussed. The intended audience for this book includes the following:

  • Network/system administrators

  • Security consultants and IT officers

  • Architects/protocol developers

  • White Hat hackers

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Start Wireshark by clicking on the Wireshark icon or type Wireshark in the command line."

Any command-line input or output is written as follows:

[bash ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout 60

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on Interface List; Wireshark will show a list of available network interfaces in the system."

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at , and we will do our best to address the problem.

Previous Section
Next Chapter