Book Image

Learn Wireshark, - Second Edition

By : Lisa Bock
5 (1)
Book Image

Learn Wireshark, - Second Edition

5 (1)
By: Lisa Bock

Overview of this book

Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and potential attacks. Over the years, there have been many enhancements to Wireshark’s functionality. This book will guide you through essential features so you can capture, display, and filter data with ease. In addition to this, you’ll gain valuable tips on lesser-known configuration options, which will allow you to complete your analysis in an environment customized to suit your needs. This updated second edition of Learn Wireshark starts by outlining the benefits of traffic analysis. You’ll discover the process of installing Wireshark and become more familiar with the interface. Next, you’ll focus on the Internet Suite and then explore deep packet analysis of common protocols such as DNS, DHCP, HTTP, and ARP. The book also guides you through working with the expert system to detect network latency issues, create I/O and stream graphs, subset traffic, and save and export captures. Finally, you’ll understand how to share captures using CloudShark, a browser-based solution for analyzing packet captures. By the end of this Wireshark book, you’ll have the skills and hands-on experience you need to conduct deep packet analysis of common protocols and network troubleshooting as well as identify security issues.
Table of Contents (28 chapters)
1
Part 1 Traffic Capture Overview
6
Part 2 Getting Started with Wireshark
11
Part 3 The Internet Suite TCP/IP
16
Part 4 Deep Packet Analysis of Common Protocols
21
Part 5 Working with Packet Captures

Learning TCP options

While TCP is already an amazing protocol, it also permits various options that can be added to the TCP header to extend the functionality. The complete list, last updated in February 2021, can be found at https://www.iana.org/assignments/tcp-parameters/tcp-parameters.txt.

Keep in mind the following about TCP options:

  • Not all options are used.
  • Some of the options are experimental.
  • Some are used for specific reasons and do not have an associated Request for Comment (RFC).
  • Some have been developed and used without the proper Internet Assigned Numbers Authority (IANA) assignment.

The seven most common options are listed in the following table:

Table 10.1 – TCP options

The first three, EOL, NOP, and MSS, are from the original TCP RFC 793. The others were developed over time. Any options will follow the TCP header and are in multiples of 8 bits (or 1 byte). The entire header must be a multiple of 32 bits...