Book Image

Learn Wireshark, - Second Edition

By : Lisa Bock
5 (1)
Book Image

Learn Wireshark, - Second Edition

5 (1)
By: Lisa Bock

Overview of this book

Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and potential attacks. Over the years, there have been many enhancements to Wireshark’s functionality. This book will guide you through essential features so you can capture, display, and filter data with ease. In addition to this, you’ll gain valuable tips on lesser-known configuration options, which will allow you to complete your analysis in an environment customized to suit your needs. This updated second edition of Learn Wireshark starts by outlining the benefits of traffic analysis. You’ll discover the process of installing Wireshark and become more familiar with the interface. Next, you’ll focus on the Internet Suite and then explore deep packet analysis of common protocols such as DNS, DHCP, HTTP, and ARP. The book also guides you through working with the expert system to detect network latency issues, create I/O and stream graphs, subset traffic, and save and export captures. Finally, you’ll understand how to share captures using CloudShark, a browser-based solution for analyzing packet captures. By the end of this Wireshark book, you’ll have the skills and hands-on experience you need to conduct deep packet analysis of common protocols and network troubleshooting as well as identify security issues.

Related Content you might be interested in

Current Title:

Small book image
Learn Wireshark, - Second Edition
Lisa Bock
Aug, 2022 | 606 pages
Small book image
Mastering Wireshark 2
Andrew Crouthamel
May, 2018 | 326 pages
Small book image
Network Analysis using Wireshark 2 Cookbook
Yoram Orzach | Nagendra Kumar Nainar | Yogesh Ramdoss
Mar, 2018 | 626 pages
Small book image
Wireshark 2 Quick Start Guide
Charit Mishra
Jun, 2018 | 164 pages
Table of Contents (28 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Part 1 Traffic Capture Overview
Part 1 Traffic Capture Overview
Free Chapter
2
Chapter 1: Appreciating Traffic Analysis
Chapter 1: Appreciating Traffic Analysis
Reviewing packet analysis
Recognizing who benefits from using packet analysis
Identifying where to use packet analysis
Outlining when to use packet analysis
Getting to know Wireshark
Summary
Questions
3
Chapter 2: Using Wireshark
Chapter 2: Using Wireshark
Examining the Wireshark interface
Understanding the phases of packet analysis
Using CLI tools with Wireshark
Summary
Questions
4
Chapter 3: Installing Wireshark
Chapter 3: Installing Wireshark
Discovering support for different OSes
Comparing different capture engines
Performing a standard Windows installation
Reviewing available resources
Summary
Questions
Further reading
5
Chapter 4: Exploring the Wireshark Interface
Chapter 4: Exploring the Wireshark Interface
Opening the Wireshark welcome screen
Exploring the File menu
Discovering the Edit menu
Exploring the View menu
Summary
Questions
6
Part 2 Getting Started with Wireshark
Part 2 Getting Started with Wireshark
7
Chapter 5: Tapping into the Data Stream
Chapter 5: Tapping into the Data Stream
Reviewing network architectures
Learning various capture methods
Tapping into the stream
Realizing the importance of baselining
Summary
Questions
8
Chapter 6: Personalizing the Interface
Chapter 6: Personalizing the Interface
Personalizing the layout
Creating a tailored configuration profile
Adjusting columns, font, and colors
Adding comments
Summary
Questions
9
Chapter 7: Using Display and Capture Filters
Chapter 7: Using Display and Capture Filters
Filtering network traffic
Comprehending display filters
Creating capture filters
Understanding the expression builder
Discovering shortcuts and handy filters
Summary
Questions
Further reading
10
Chapter 8: Outlining the OSI Model
Chapter 8: Outlining the OSI Model
An overview of the OSI model
Discovering the purpose of each layer, the protocols, and the PDUs
Exploring the encapsulation process
Demonstrating frame formation in Wireshark
Summary
Questions
11
Part 3 The Internet Suite TCP/IP
Part 3 The Internet Suite TCP/IP
12
Chapter 9: Decoding TCP and UDP
Chapter 9: Decoding TCP and UDP
Reviewing the transport layer
Describing TCP
Examining the 11-field TCP header
Understanding UDP
Discovering the four-field UDP header
Summary
Questions
Further reading
13
Chapter 10: Managing TCP Connections
Chapter 10: Managing TCP Connections
Dissecting the three-way handshake
Learning TCP options
Understanding TCP protocol preferences
Tearing down a connection
Summary
Questions
Further reading
14
Chapter 11: Analyzing IPv4 and IPv6
Chapter 11: Analyzing IPv4 and IPv6
Reviewing the network layer
Outlining IPv4
Exploring IPv6
Editing protocol preferences
Discovering tunneling protocols
Summary
Questions
Further reading
15
Chapter 12: Discovering ICMP
Chapter 12: Discovering ICMP
Understanding the purpose of ICMP
Dissecting ICMP and ICMPv6
Sending ICMP messages
Evaluating type and code values
Configuring firewall rules
Summary
Questions
Further reading
16
Part 4 Deep Packet Analysis of Common Protocols
Part 4 Deep Packet Analysis of Common Protocols
17
Chapter 13: Diving into DNS
Chapter 13: Diving into DNS
Recognizing the purpose of DNS
Comparing types and classes of RRs
Reviewing the DNS packet
Evaluating queries and responses
Summary
Questions
Further reading
18
Chapter 14: Examining DHCP
Chapter 14: Examining DHCP
Recognizing the purpose of DHCP
Stepping through the DORA process
Dissecting a DHCP header
Following a DHCP example
Summary
Questions
Further reading
19
Chapter 15: Decoding HTTP
Chapter 15: Decoding HTTP
Describing HTTP
Keeping track of the connection
Comparing request and response messages
Following an HTTP stream
Summary
Questions
Further reading
20
Chapter 16: Understanding ARP
Chapter 16: Understanding ARP
Understanding the role and purpose of ARP
Exploring ARP headers and fields
Examining different types of ARP
Comparing ARP attacks and defense methods
Summary
Questions
Further reading
21
Part 5 Working with Packet Captures
Part 5 Working with Packet Captures
22
Chapter 17: Determining Network Latency Issues
Chapter 17: Determining Network Latency Issues
Analyzing latency issues
Understanding coloring rules
Exploring the Intelligent Scrollbar
Discovering expert information
Summary
Questions
23
Chapter 18: Subsetting, Saving, and Exporting Captures
Chapter 18: Subsetting, Saving, and Exporting Captures
Discovering ways to subset traffic
Understanding options to save a file
Recognizing ways to export components
Identifying why and how to add comments
Summary
Questions
24
Chapter 19: Discovering I/O and Stream Graphs
Chapter 19: Discovering I/O and Stream Graphs
Discovering the Statistics menu
Creating I/O graphs
Comparing TCP stream graphs
Summary
Questions
25
Chapter 20: Using CloudShark for Packet Analysis
Chapter 20: Using CloudShark for Packet Analysis
Discovering CloudShark
Outlining the various filters and graphs
Evaluating the different analysis tools
Locating sample captures
Summary
Questions
Further reading
26
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Why subscribe?
27
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

Chapter 1, Appreciating Traffic Analysis, describes the countless places and reasons to conduct packet analysis. In addition, we'll cover the many benefits of using Wireshark, an open source protocol analyzer that includes many rich features.

Chapter 2, Using Wireshark, starts with an overview of the beginnings of today's Wireshark. We'll examine the interface and review the phases of packet analysis. Finally, we'll cover the built-in tools, with a closer look at tshark (or terminal-based Wireshark), a lightweight alternative to Wireshark.

Chapter 3, Installing Wireshark, illustrates how Wireshark provides support for different operating systems. We'll compare the different capture engines, such as WinPCap, LibPcap, and Npcap, walk through a standard Windows installation, and then review the resources available at https://www.wireshark.org/.

Chapter 4, Exploring the Wireshark Interface, provides a deeper dive into some of the common elements of Wireshark to improve your workflow. We'll investigate the welcome screen and common menu choices, such as File, Edit, and View, so that you can easily navigate the interface during an analysis.

Chapter 5, Tapping into the Data Stream, starts with a comparison of the different network architectures and then moves on to the various capture options. You'll discover the conversations and endpoints you'll see when tapping into the stream, and then learn about the importance of baselining network traffic.

Chapter 6, Personalizing the Interface, helps you to realize all the ways you can customize the many aspects of the interface. You'll learn how to personalize the layout and general appearance, create a tailored configuration profile, adjust the columns, font, and color, and create buttons.

Chapter 7, Using Display and Capture Filters, helps you to make examining a packet capture less overwhelming. We'll take a look at how to narrow your scope by filtering network traffic. We'll compare and contrast display and capture filters, discover the shortcuts used to build filters, and conclude with a review of the expression builder.

Chapter 8, Outlining the OSI Model, provides an overview of the Open Systems Interconnection (OSI) model, a seven-layer framework that outlines how the OS prepares data for transport on the network. We'll review the purpose, protocols, and Protocol Data Units (PDUs) of each layer, explore the encapsulation process, and demonstrate the frame formation in Wireshark.

Chapter 9, Decoding TCP and UDP, is a deep dive into two of the key protocols in the transport layer – the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). We'll review the purpose of the transport layer and then evaluate the header and field values of both the TCP and the UDP.

Chapter 10, Managing TCP Connections, begins by examining the three-way handshake. We'll discover the TCP options, get a better understanding of the TCP protocol preferences, and then conclude with an overview of the TCP teardown process.

Chapter 11, Analyzing IPv4 and IPv6, provides a breakdown of the purpose of the Internet Protocol (IP). We'll outline IPv4 and the header fields and then explore the streamlined header of IPv6. We'll summarize with a discussion of the protocol preferences and see how IPv4 and IPv6 can coexist by using tunneling protocols.

Chapter 12, Discovering ICMP, details the purpose of the Internet Control Message Protocol (ICMP). We'll dissect ICMP and ICMPv6, compare query and error messages, and discuss the ICMP type and code values. We'll cover how ICMP can be used in malicious ways and outline the importance of configuring firewall rules.

Chapter 13, Diving into DNS, outlines the significance of the Domain Name System (DNS). You'll learn how DNS works when resolving a hostname to an IP address. We'll compare the different types of records, step through a query and response, review the DNS header, and calculate the DNS response time using Wireshark.

Chapter 14, Examining DHCP, begins by explaining the need for the Dynamic Host Configuration Protocol (DHCP). We'll then outline the DORA process – Discover Offer Request Acknowledge. We'll dissect a DHCP header and review all the field values, flags, and port numbers, and then finish by stepping through a DHCP example.

Chapter 15, Decoding HTTP, highlights the Hypertext Transfer Protocol (HTTP), an application layer protocol used when browsing the web. We'll learn the details of HTTP, explore common methods of transport, and dissect the header and fields. We'll then compare request and response messages, and then summarize by following an HTTP stream.

Chapter 16, Understanding ARP, takes a closer look at the Address Resolution Protocol (ARP), which is a significant protocol in delivering data. We'll outline the role and purpose of ARP, explore the header and fields, describe the different types of ARP, and take a brief look at ARP attacks.

Chapter 17, Determining Network Latency Issues, outlines how even a beginner can diagnose network problems. We'll explore coloring rules and the Intelligent Scrollbar, and then conclude with an overview of the expert information, which divides the alerts into categories and guides you through a more targeted evaluation.

Chapter 18, Subsetting, Saving, and Exporting Captures, helps you to explore the many different ways in which to break down a packet capture into smaller files for analysis. We'll cover the different options when saving a file, discover ways to export components such as objects, session keys, and packet bytes, and then outline why and how to add comments.

Chapter 19, Discovering I/O and Stream Graphs, begins by covering the many ways the statistics menu can help us when analyzing a capture file. We'll create basic I/O graphs to help visualize network issues and summarize by comparing how the different TCP stream graphs provide a visual representation of the streams.

Chapter 20, Using CloudShark for Packet Analysis, covers CloudShark, an online application that is similar to Wireshark. You'll learn how to filter traffic and generate graphs. We'll then review how you can share captures with colleagues and outline where you can find sample captures so that you can continue improving your skills.

Previous Section
Next Section