Wireshark 2 Quick Start Guide

Wireshark 2 Quick Start Guide

By : Charit Mishra

Buy this Book

Wireshark 2 Quick Start Guide

By: Charit Mishra

Buy this Book

Overview of this book

Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies. This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations. By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.

Title Page

Packt Upsell

Contributors

Preface

Free Chapter

Installing Wireshark

Introduction to Wireshark

A brief overview of the TCP/IP model

The layers in the TCP/IP model

Summary

Introduction to Wireshark and Packet Analysis

What is Wireshark?

An introduction to packet analysis with Wireshark

Capturing methodologies

Summary

Filtering Our Way in Wireshark

Introducing filters

Capture filters

Create new Wireshark profiles

Summary

Analyzing Application Layer Protocols

Domain Name System (DNS)

File transfer protocol

Hypertext Transfer Protocol (HTTP)

Simple Mail Transfer Protocol (SMTP)

Summary

Analyzing the Transport Layer Protocols TCP/UDP

The transmission control protocol

The User Datagram Protocol

Summary

Network Security Packet Analysis

Information gathering

ARP poisoning

Analysing brute force attacks

Summary

Analyzing Traffic in Thin Air

Understanding IEEE 802.11

Usual and unusual wireless traffic

Decrypting wireless network traffic

Summary

Mastering the Advanced Features of Wireshark

The Statistics menu

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Chapter 6. Network Security Packet Analysis

Wireshark is an efficient utility packed with an advanced set of features that assist security professionals in performing passive analysis of network traffic to identify and point out malicious packets and anomalies.

This chapter will guide you through how to use Wireshark to analyze security issues, such as analyzing malware traffic and footprinting attempts. We will cover the following topics:

Analyzing port scanning, footprinting, and attack/exploitation network traffic
Dissecting malicious ARP traffic
Analyzing brute force attacks
Inspecting malicious traffic
Creating display and capture filter signatures for malicious traffic

Using real-life scenarios simulated in a virtual network infrastructure, we will capture and understand malicious traffic patterns and replicate attacks such as information gathering and exploitation attempts. We will start from information gathering activity followed by an exploitation through a malicious .exe file. Then we...

Wireshark 2 Quick Start Guide

By : Charit Mishra

Wireshark 2 Quick Start Guide

By: Charit Mishra

Overview of this book

Related Content you might be interested in

Current Title:

Wireshark 2 Quick Start Guide

Mastering Wireshark 2

Network Analysis using Wireshark 2 Cookbook

Learn Wireshark - Fundamentals of Wireshark

Chapter 6. Network Security Packet Analysis