Book Image

Mastering Wireshark

Book Image

Mastering Wireshark

Overview of this book

Wireshark is a popular and powerful tool used to analyze the amount of bits and bytes that are flowing through a network. Wireshark deals with the second to seventh layer of network protocols, and the analysis made is presented in a human readable form. Mastering Wireshark will help you raise your knowledge to an expert level. At the start of the book, you will be taught how to install Wireshark, and will be introduced to its interface so you understand all its functionalities. Moving forward, you will discover different ways to create and use capture and display filters. Halfway through the book, you’ll be mastering the features of Wireshark, analyzing different layers of the network protocol, looking for any anomalies. As you reach to the end of the book, you will be taught how to use Wireshark for network security analysis and configure it for troubleshooting purposes.
Table of Contents (16 chapters)
Mastering Wireshark
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Index

Chapter 7. Network Security Analysis

This chapter will teach you how to use Wireshark to analyze network security issues, such as analyzing malware traffic and foot printing attempts. You will learn how to use Wireshark for network security analysis. This chapter will cover the following topics:

  • Analyzing port scanning, foot printing, and attack activities

  • Lab up—port scanning with Nmap

  • Analyzing brute force attacks

  • Lab up—analyzing brute force attacks

  • Inspecting malicious traffic

  • Lab up—inspecting malicious traffic

  • Solving real-world CTF challenges

  • Practice questions

Up to this chapter, I have tried to make you aware of how one should use Wireshark to analyze the packets flowing around. We have just focused on how to use this sniffing tool for basic analysis purposes. However, what I am about to tell you is that in most of the places, Wireshark is used for security-analysis purpose, ranging from basic footprinting attacks to advanced Trojan-based attacks.

Using a couple of scenarios in my virtual...