Book Image

Network Analysis using Wireshark 2 Cookbook - Second Edition

By : Nagendra Kumar Nainar, Yoram Orzach, Yogesh Ramdoss
Book Image

Network Analysis using Wireshark 2 Cookbook - Second Edition

By: Nagendra Kumar Nainar, Yoram Orzach, Yogesh Ramdoss

Overview of this book

This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. The book expands on some of the subjects explored in the first version, including TCP performance, network security, Wireless LAN, and how to use Wireshark for cloud and virtual system monitoring. You will learn how to analyze end-to-end IPv4 and IPv6 connectivity failures for Unicast and Multicast traffic using Wireshark. It also includes Wireshark capture files so that you can practice what you’ve learned in the book. You will understand the normal operation of E-mail protocols and learn how to use Wireshark for basic analysis and troubleshooting. Using Wireshark, you will be able to resolve and troubleshoot common applications that are used in an enterprise network, like NetBIOS and SMB protocols. Finally, you will also be able to measure network parameters, check for network problems caused by them, and solve them effectively. By the end of this book, you’ll know how to analyze traffic, find patterns of various offending traffic, and secure your network from them.

Related Content you might be interested in

Current Title:

Small book image
Network Analysis using Wireshark 2 Cookbook - Second Edition
Nagendra Kumar Nainar | Yoram Orzach | Yogesh Ramdoss
Mar, 2018 | 626 pages
Small book image
Mastering Wireshark 2
Andrew Crouthamel
May, 2018 | 326 pages
Small book image
Wireshark 2 Quick Start Guide
Charit Mishra
Jun, 2018 | 164 pages
Small book image
Learn Wireshark
Lisa Bock
Aug, 2022 | 606 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
Introduction to Wireshark Version 2
Introduction to Wireshark Version 2
Wireshark Version 2 basics
Locating Wireshark
Capturing data on virtual machines
Starting the capture of data
Configuring the start window
2
Mastering Wireshark for Network Troubleshooting
Mastering Wireshark for Network Troubleshooting
Introduction
Configuring the user interface, and global and protocol preferences
Importing and exporting files
Configuring coloring rules and navigation techniques
Using time values and summaries
Building profiles for troubleshooting
3
Using Capture Filters
Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring hosts and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
4
Using Display Filters
Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
5
Using Basic Statistics Tools
Using Basic Statistics Tools
Introduction
Using the statistics – capture file properties menu
Using the statistics – resolved addresses
Using the statistics – protocol hierarchy menu
Using the statistics – conversations menu
Using the statistics – endpoints menu
Using the statistics – HTTP menu
Configuring a flow graph for viewing TCP flows
Creating IP-based statistics
6
Using Advanced Statistics Tools
Using Advanced Statistics Tools
Introduction
Configuring I/O graphs with filters for measuring network performance issues
Throughput measurements with I/O graphs
Advanced I/O graph configurations with y axis parameters
Getting information through TCP stream graphs – time/sequence (Steven's) window
Getting information through TCP stream graphs – time/sequences (TCP-trace) window
Getting information through TCP stream graphs – throughput window
Getting information through TCP stream graphs – round-trip-time window
Getting information through TCP stream graphs – window-scaling window
7
Using the Expert System
Using the Expert System
Introduction
The expert system window and how to use it for network troubleshooting
Error events and what we can understand from them
Warning events and what we can understand from them
Note events and what we can understand from them
8
Ethernet and LAN Switching
Ethernet and LAN Switching
Introduction
Discovering broadcast and error storms
Analyzing spanning tree problems
Analyzing VLANs and VLAN tagging issues
9
Wireless LAN
Wireless LAN
Skills learned
Introduction to wireless networks and standards
Wireless radio issues, analysis, and troubleshooting
Capturing wireless LAN traffic
10
Network Layer Protocols and Operations
Network Layer Protocols and Operations
Introduction
IPv4 address resolution protocol operation and troubleshooting
ICMP – protocol operation, analysis, and troubleshooting
Analyzing IPv4 unicast routing operations
Analyzing IP fragmentation failures
IPv4 multicast routing operations
IPv6 principle of operations
IPv6 extension headers
ICMPv6 – protocol operations, analysis, and troubleshooting
IPv6 auto configuration
DHCPv6-based address assignment
IPv6 neighbor discovery protocol operation and analysis
11
Transport Layer Protocol Analysis
Transport Layer Protocol Analysis
Introduction
UDP principle of operation
UDP protocol analysis and troubleshooting
TCP principle of operation
Troubleshooting TCP connectivity problems
Troubleshooting TCP retransmission issues
TCP sliding window mechanism
TCP enhancements – selective ACK and timestamps
Troubleshooting TCP throughput
12
FTP, HTTP/1, and HTTP/2
FTP, HTTP/1, and HTTP/2
Introduction
Analyzing FTP problems
Filtering HTTP traffic
Configuring HTTP preferences
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis
Analyzing HTTPS traffic – SSL/TLS basics
13
DNS Protocol Analysis
DNS Protocol Analysis
Introduction
Analyzing DNS record types
Analyzing regular DNS operations
Analyzing DNSSEC regular operations
Troubleshooting DNS performance
14
Analyzing Mail Protocols
Analyzing Mail Protocols
Introduction
Normal operation of mail protocols
Analyzing POP, IMAP, and SMTP problems
Filtering and analyzing different error codes
Malicious and spam email analysis
15
NetBIOS and SMB Protocol Analysis
NetBIOS and SMB Protocol Analysis
Introduction
Understanding the NetBIOS protocol
Understanding the SMB protocol
Analyzing problems in the NetBIOS/SMB protocols
Analyzing the database traffic and common problems
Exporting SMB objects
16
Analyzing Enterprise Applications' Behavior
Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing Microsoft Terminal Server and Citrix communications problems
Analyzing the database traffic and common problems
Analyzing SNMP
17
Troubleshooting SIP, Multimedia, and IP Telephony
Troubleshooting SIP, Multimedia, and IP Telephony
Introduction
IP telephony principle and normal operation
SIP principle of operation, messages, and error codes
Video over IP and RTSP
Wireshark features for RTP stream analysis and filtering
Wireshark feature for VoIP call replay
18
Troubleshooting Bandwidth and Delay Issues
Troubleshooting Bandwidth and Delay Issues
Introduction
Measuring network bandwidth and application traffic
Measurement of jitter and delay using Wireshark
Analyzing network bottlenecks, issues, and troubleshooting
19
Security and Network Forensics
Security and Network Forensics
Introduction
Discovering unusual traffic patterns
Discovering MAC-based and ARP-based attacks
Discovering ICMP and TCP SYN/port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute force and application attacks

Configuring TCP/UDP filters

TCP and UDP are the main protocols in layer 4 that provide connectivity between end applications. Whenever you start an application from one side to another, you start the session from a source port, usually a random number equal to or higher than 1,024, and connect to a destination port, which is a well-known or registered port that waits for the session on the other side. These are the port numbers that identify the application that works over the session.

Other types of filters refer to other fields in the UDP and TCP headers. In UDP, we have a very simple header with very basic data, while in TCP we have a more complex header that we can get much more information from.

In this recipe, we will concentrate on the possibilities while configuring TCP and UDP display filters.

...
Previous Section
End of Section 5
Next Section