Book Image

Network Analysis using Wireshark 2 Cookbook - Second Edition

By : Nagendra Kumar Nainar, Yoram Orzach, Yogesh Ramdoss
Book Image

Network Analysis using Wireshark 2 Cookbook - Second Edition

By: Nagendra Kumar Nainar, Yoram Orzach, Yogesh Ramdoss

Overview of this book

This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. The book expands on some of the subjects explored in the first version, including TCP performance, network security, Wireless LAN, and how to use Wireshark for cloud and virtual system monitoring. You will learn how to analyze end-to-end IPv4 and IPv6 connectivity failures for Unicast and Multicast traffic using Wireshark. It also includes Wireshark capture files so that you can practice what you’ve learned in the book. You will understand the normal operation of E-mail protocols and learn how to use Wireshark for basic analysis and troubleshooting. Using Wireshark, you will be able to resolve and troubleshoot common applications that are used in an enterprise network, like NetBIOS and SMB protocols. Finally, you will also be able to measure network parameters, check for network problems caused by them, and solve them effectively. By the end of this book, you’ll know how to analyze traffic, find patterns of various offending traffic, and secure your network from them.
Table of Contents (20 chapters)

Introduction

Information security is one of the most fascinating areas in information systems, and its purpose is to secure the organization's systems against internal and external attacks, which can come in various patterns. These attacks can come from the internet or from the internal network, and as such, they all come through the network; therefore, they can be monitored with Wireshark (and other similar tools).

To monitor the network against malicious traffic, we must first understand what constitutes normal traffic and define the base line of the traffic rate, it's pattern, and so on. We can then try to find out how malicious traffic is short of being normal traffic according to it. Among unusual traffic, we might see an ARP, IP, or TCP scanning; DNS responses without queries; unusual TCP flags; unknown IP addresses or port numbers whose purpose is not known to...