Wireshark is the world's most popular free and open source protocol analyzer, and it is commonly used by networking and security professionals for troubleshooting, analysis, protocol development, and forensics. The primary objective of Wireshark is to capture network traffic and display the packet data in, as detailed a way as possible. It helps professionals view the content of network traffic on a microscopic level.
This book is written from the standpoint of using Wireshark and learning how network protocols function and provides a practical approach to conducting protocol analysis,troubleshooting network anomalies, and examining security issues. I have tried to depict common scenarios that you may come across in day-to-day operations through practical demonstration wherever possible to help you understandthe concepts better.By reading this book, you will learn how to install Wireshark, work with Wireshark GUI elements, and learn some advanced features behind the scenes, such as the filtering options, the statistics menu, and decrypting wireless and encrypting traffic. You can bethe superhero of your team who helps resolve connectivity issues, network administration tasks, and computer forensics because Packets Are Life. If your routine job requiresdealing with computer networks and security, then this book will give you a strong head start.Happy sniffing!
This book is for students/professionals who have basic experience and knowledge of the networking and who want to get up to speed with Wireshark in no time. This book will take you from the installation to the usage of commonly used tools/tricks. The book will get you comfortable with the GUI elements of Wireshark and explain the fundamentals of the science behind protocol analysis.
Chapter 1, Installing Wireshark, will provide you with an introduction to the basics of the TCP/IP model and a step-by-step walk-through of the installation of Wireshark on your favorite operating system.
Chapter 2, Introduction to Wireshark and Packet Analysis, will help you understand the basics and science behind packet analysis, as Wireshark come in handy and proves to be a Swiss Army knife for professionals dealing with network, security, and digital forensics. In this chapter, you will also understand the trick of placing the sniffer in a strategic location to get most out of your network.
Chapter 3, Filtering Our Way in Wireshark, will help you identify and apply the Wireshark filters, namely the capturing and displaying filters. Filtering provides a powerful way to capture or see the traffic you desire; it's an effective way to remove the noise from the stream of packets we desire to analyze.
Chapter 4, Analyzing Application Layer Protocols, will help you understand the approach and methodology for analyzing application layer protocols such as HTTP, SMTP, FTP, and DNS through Wireshark. As we know, application layer protocols typically interface between a client and a server. It is critical to understand the structure and behavior of application layer protocols packets in order to identify anomalies with efficiency.
Chapter 5, Analyzing the Transport Layer Protocols TCP/UDP, will help you understand the underlying network technology, enabling the movement of network packets across routing infrastructures through the analysis of transport layer protocols such as TCP and UDP. TCP and UDP are the basis of networking protocol, and it is important to understand their structure and behavior.
Chapter 6, Network Security Packet Analysis, will guide you through using Wireshark to analyze security issues, such as analyzing malware traffic and footprinting attempts in your network.
Chapter 7, Analyzing Traffic in Thin Air, will help you in understand the methodology and approach involved in performing wireless packet analysis. This chapter shows you how to analyze wireless traffic and pinpoint any problems that may follow. We will also learn the cool trick of decrypting wireless traffic using Wireshark.
Chapter 8, Mastering the Advanced Features of Wireshark, will provide you with insight into the advanced options and elements available in Wireshark, such as a statistics menu, and will also provide a brief and summarized approach on how to work with command-line packet sniffing applications, such as Tshark.
- Basic understanding of networking protocols, OSI and TCP/IP model
- A computer system with a basic internet connection to follow the depicted scenarios
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/Wireshark2QuickStartGuide_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.