Mastering Wireshark

Mastering Wireshark

Overview of this book

Wireshark is a popular and powerful tool used to analyze the amount of bits and bytes that are flowing through a network. Wireshark deals with the second to seventh layer of network protocols, and the analysis made is presented in a human readable form. Mastering Wireshark will help you raise your knowledge to an expert level. At the start of the book, you will be taught how to install Wireshark, and will be introduced to its interface so you understand all its functionalities. Moving forward, you will discover different ways to create and use capture and display filters. Halfway through the book, you’ll be mastering the features of Wireshark, analyzing different layers of the network protocol, looking for any anomalies. As you reach to the end of the book, you will be taught how to use Wireshark for network security analysis and configure it for troubleshooting purposes.

Mastering Wireshark

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Welcome to the World of Packet Analysis with Wireshark

Introduction to Wireshark

A brief overview of the TCP/IP model

The layers in the TCP/IP model

An introduction to packet analysis with Wireshark

Capturing methodologies

Summary

Practice questions

Filtering Our Way in Wireshark

An introduction to filters

Capture filters

Display filters

Searching for packets using the Find dialog

Create new Wireshark profiles

Summary

Practice questions

Mastering the Advanced Features of Wireshark

The Statistics menu

Conversations

Endpoints

Working with IO, Flow, and TCP stream graphs

Summary

Inspecting Application Layer Protocols

Domain name system

File transfer protocol

Hyper Text Transfer Protocol

Simple Mail Transfer Protocol

Summary

Practice questions:

Analyzing Transport Layer Protocols

The transmission control protocol

The User Datagram Protocol

Summary

Practice questions

Analyzing Traffic in Thin Air

Understanding IEEE 802.11

Usual and unusual WEP – open/shared key communication

Decrypting WEP and WPA traffic

Summary

Practice questions

Network Security Analysis

Information gathering

ARP poisoning

Analyzing brute force attacks

Summary

Practice questions

Troubleshooting

Recovery features

Summary

Practice questions

Introduction to Wireshark v2

The intelligent scroll bar

Translation

Graph improvements

TCP streams

USBPcap

Summary

Practice questions

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Decrypting WEP and WPA traffic

The technique to decrypt WEP and WPA traffic is available with the use of Wireshark. As we know, WEP is the weakest security encryption protocol and it has been exploited for a long time. Once you have the key for the wireless network, it becomes a matter of a few clicks to decrypt the traffic.

To demonstrate the same, I have sanitized the wireless traffic between my access point and a client that is connected to it. Refer to the following screenshot where the normal IEEE802.11 traffic is captured using Wireshark:

Figure 5: WLAN traffic before decryption

I hope that by now you must be aware of the kind of packets that we see in the list pane, but still, it does not make much sense in terms of network-activity-related traffic. This is why you need to learn the technique to make the entire traffic more readable. Before you proceed, you need to make some changes in the preferences section of the IEEE 802.11 protocol.

Go to Edit | Preferences, expand protocol section...

Mastering Wireshark

Mastering Wireshark

Overview of this book

Related Content you might be interested in

Current Title:

Mastering Wireshark

Decrypting WEP and WPA traffic