Mastering Wireshark

Book Image

Mastering Wireshark

Book Image

Mastering Wireshark

Overview of this book

Wireshark is a popular and powerful tool used to analyze the amount of bits and bytes that are flowing through a network. Wireshark deals with the second to seventh layer of network protocols, and the analysis made is presented in a human readable form. Mastering Wireshark will help you raise your knowledge to an expert level. At the start of the book, you will be taught how to install Wireshark, and will be introduced to its interface so you understand all its functionalities. Moving forward, you will discover different ways to create and use capture and display filters. Halfway through the book, you’ll be mastering the features of Wireshark, analyzing different layers of the network protocol, looking for any anomalies. As you reach to the end of the book, you will be taught how to use Wireshark for network security analysis and configure it for troubleshooting purposes.

Mastering Wireshark

Mastering Wireshark

Credits

About the Author

About the Author

About the Reviewer

About the Reviewer

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Welcome to the World of Packet Analysis with Wireshark

Welcome to the World of Packet Analysis with Wireshark

Introduction to Wireshark

A brief overview of the TCP/IP model

The layers in the TCP/IP model

An introduction to packet analysis with Wireshark

Capturing methodologies

Practice questions

Filtering Our Way in Wireshark

Filtering Our Way in Wireshark

An introduction to filters

Capture filters

Display filters

Searching for packets using the Find dialog

Create new Wireshark profiles

Practice questions

Mastering the Advanced Features of Wireshark

Mastering the Advanced Features of Wireshark

The Statistics menu

Working with IO, Flow, and TCP stream graphs

TCP stream graphs

Follow TCP streams

Command Line-fu

Inspecting Application Layer Protocols

Inspecting Application Layer Protocols

Domain name system

File transfer protocol

Hyper Text Transfer Protocol

Simple Mail Transfer Protocol

Practice questions:

Analyzing Transport Layer Protocols

Analyzing Transport Layer Protocols

The transmission control protocol

The User Datagram Protocol

Practice questions

Analyzing Traffic in Thin Air

Analyzing Traffic in Thin Air

Understanding IEEE 802.11

Usual and unusual WEP – open/shared key communication

Decrypting WEP and WPA traffic

Practice questions

Network Security Analysis

Network Security Analysis

Information gathering

Analyzing brute force attacks

Practice questions

Troubleshooting

Troubleshooting

Recovery features

Practice questions

Introduction to Wireshark v2

Introduction to Wireshark v2

The intelligent scroll bar

Graph improvements

Practice questions

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Practice questions

Q.1 Explain the difference between display filters and capture filters, and which is more efficient in terms of system resource utilization.

Q.2 Explain the difference between Find Utility and Filters. Use the Find utility to search using hex values.

Q.3 Create a capture filter to capture only ARP broadcast packets.

Q.4 Create a capture filter to capture all packets except the packet destined to and originated from your physical address.

Q.5 Create a capture filter to capture only TCP SYN packets and TCP ACK packets.

Q.6 Create a capture filter to capture HTTP traffic sent only from you machine.

Q.7 Create a display filter to show packets originating only from your IP.

Q.8 Create a display filter to see packets that are only related to the protocol Secure Socket layer.

Q.9 Create a display filter to see only the ICMP destination host's unreachable packets.

Q.10 Create a display filter to see only TCP packets with a FIN and ACK flags set.

Q.11 Create a display filter to show TCP...