Wireshark, a combination of Kali and Metasploit, deals with the second to the seventh layers of network protocols. The book will introduce you to various protocol analysis methods and teach you how to analyze them. You will discover and work with some advanced features, which will enhance the capabilities of your application. By the end of this book, you will be able to secure your network using Wireshark 2.
If you are a security professional or a network enthusiast who is interested in understanding the internal working of networks and have some prior knowledge of using Wireshark, then this book is for you.
Chapter 1, Installing Wireshark 2, teaches you how to install Wireshark on Windows, macOS, and Linux.
Chapter 2, Getting Started with Wireshark, tells you about what's new in Wireshark 2. It will also teach you how to capture traffic and how to save, export, annotate, and print packages.
Chapter 3, Filtering Traffic, teaches you about BPF syntax and how to create one. It further explains how to use BPF to apply it as a capture filter and reduce the packets, how to create and use display filters, and how to follow streams—both TCP and UDP.
Chapter 4, Customizing Wireshark, explains how to apply preferences in Wireshark and customize them. You will learn how to create profiles for different analysis requirements.
Chapter 5, Statistics, provides an overview of TCP/IP and time values and summaries. You will also take a look at the expert system usage feature of Wireshark.
Chapter 6, Introductory Analysis, explains the basics of DNS and some DNS query examples. You will also learn about ARP resolution and how to resolve an IP address to a physical MAC address on an Ethernet bus. You will also acquire knowledge about IPv4 and IPv6 headers, the flags within them, and the fragmentation.
Chapter 7, Network Protocol Analysis, teaches you about UDP analysis: the connectionless protocol, TCP analysis: the connection-oriented protocol, and finally, graphing I/O rates and TCP trends: visualization of the data analyzed.
Chapter 8, Application Protocol Analysis I, talks about HTTP, both in an unencrypted fashion and an encrypted fashion, and how to decrypt that. You will also look into FTP in all of its many flavors, including active mode, passive mode, and the encrypted flavors of FTPS and SFTP.
Chapter 9, Application Protocol Analysis II, teaches you email analysis using POP and SMTP. We will also look at VoIP analysis using SIP and RTP.
Chapter 10, Command-Line Tools, teaches you how to run Wireshark from the command line, tshark, tcpdump, and running dumpcap.
Chapter 11, A Troubleshooting Scenario, covers troubleshooting a specific issue within Wireshark.
You will need to have Wireshark installed in a Windows/Linux/macOS system.
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/MasteringWireshark2_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "So,
pcapng is the next generation of the
pcap file extension."
Any command-line input or output is written as follows:
nslookup wireshark.org 188.8.131.52
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "We can see the target in the
Address Resolution Protocol (request) option."
Feedback from our readers is always welcome.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at
[email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.