Book Image

Wireshark 2 Quick Start Guide

By : Charit Mishra
Book Image

Wireshark 2 Quick Start Guide

By: Charit Mishra

Overview of this book

<p>Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.</p> <p>This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations.</p> <p>By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.</p>
Table of Contents (14 chapters)
Title Page
Packt Upsell
Contributors
Preface
8
Mastering the Advanced Features of Wireshark
Index

Information gathering


The probability and success factor of every attack depends on information gained through passive and active scanning of the network. Footprinting and reconnaissance are synonyms for the term information gathering.

The following diagram depicts the virtual/physical infrastructure we will be using for our analysis and for replicating the attacks:

The access point is located at 192.168.1.1 and it allocates the IP address to connected devices using DHCP; the attacking box (Kali) is configured with a manual IP address 192.168.1.106.

PING sweep

Let's begin with our first scenario, where an attacker is trying to perform a ping sweep attack over the subnet his machine is a part of (assumption: The attacker is an internal employee). Refer to the following screenshot, which displays displays the traffic captured as a result of running a bash script (ping sweep scan); the script pings each IP, starting from 192.168.1.100 to 192.168.1.110:

Ping sweep

Starting from packets 1-4, ARP requests...