This chapter will teach you how to use Wireshark to analyze network security issues, such as analyzing malware traffic and foot printing attempts. You will learn how to use Wireshark for network security analysis. This chapter will cover the following topics:
Analyzing port scanning, foot printing, and attack activities
Lab up—port scanning with Nmap
Analyzing brute force attacks
Lab up—analyzing brute force attacks
Inspecting malicious traffic
Lab up—inspecting malicious traffic
Solving real-world CTF challenges
Practice questions
Up to this chapter, I have tried to make you aware of how one should use Wireshark to analyze the packets flowing around. We have just focused on how to use this sniffing tool for basic analysis purposes. However, what I am about to tell you is that in most of the places, Wireshark is used for security-analysis purpose, ranging from basic footprinting attacks to advanced Trojan-based attacks.
Using a couple of scenarios in my virtual...