Book Image

Mastering Wireshark 2

By : Andrew Crouthamel
Book Image

Mastering Wireshark 2

By: Andrew Crouthamel

Overview of this book

Wireshark, a combination of a Linux distro (Kali) and an open source security framework (Metasploit), is a popular and powerful tool. Wireshark is mainly used to analyze the bits and bytes that flow through a network. It efficiently deals with the second to the seventh layer of network protocols, and the analysis made is presented in a form that can be easily read by people. Mastering Wireshark 2 helps you gain expertise in securing your network. We start with installing and setting up Wireshark2.0, and then explore its interface in order to understand all of its functionalities. As you progress through the chapters, you will discover different ways to create, use, capture, and display filters. By halfway through the book, you will have mastered Wireshark features, analyzed different layers of the network protocol, and searched for anomalies. You’ll learn about plugins and APIs in depth. Finally, the book focuses on pocket analysis for security tasks, command-line utilities, and tools that manage trace files. By the end of the book, you'll have learned how to use Wireshark for network security analysis and configured it for troubleshooting purposes.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
Packt Upsell
Free Chapter
Installing Wireshark 2

Following streams

In the previous section, we went over how to use display filters to limit what you see in a packet capture. In this section, we'll build on that and follow streams. What that means is, in this section, we'll follow TCP and UDP streams to pick out conversations within our packet capture so that we can view the specific communications between each TCP communication or each UDP communication. So, what we have is a packet capture of opening up the home page. And the home page is not encrypted with SSL by default, so we can see all of the HTTP communications within it without having to add in some sort of SSL key to decrypt it:

In the beginning, we can see the DNS query to Cisco and the response, and then the beginnings of the TCP handshake. Then, we start to retrieve some files and some HTTP traffic for retrieving HTML. Now, we could of course apply what we learned in the last section, and go up to the top and create a display filter...