Book Image

Wireshark Network Security

By : Piyush Verma
Book Image

Wireshark Network Security

By: Piyush Verma

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Wireshark Network Security
Piyush Verma
Jul, 2015 | 138 pages
No titles found
Table of Contents (14 chapters)
Wireshark Network Security
Wireshark Network Security
Credits
Credits
About the Author
About the Author
Acknowledgment
Acknowledgment
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Wireshark – What, Why, and How?
Getting Started with Wireshark – What, Why, and How?
Sniffing
The tools of the trade
What is Wireshark?
The Wireshark interface – Before starting the capture
First packet capture
Summary
2
Tweaking Wireshark
Tweaking Wireshark
Filtering our way through Wireshark
Wireshark profiles
Essential techniques in Wireshark
Wireshark command-line fu
Summary
3
Analyzing Threats to LAN Security
Analyzing Threats to LAN Security
Analyzing clear-text traffic
Examining sniffing attacks
Analyzing network reconnaissance techniques
Detect password cracking attempts
Miscellaneous attacks
Complementary tools to Wireshark
Important display filters
Nailing the CTF challenge
Summary
4
Probing E-mail Communications
Probing E-mail Communications
E-mail forensics challenges
Analyzing attacks on e-mail communications
Important filters
Summary
5
Inspecting Malware Traffic
Inspecting Malware Traffic
Gearing up Wireshark
Malicious traffic analysis
IRC botnet(s)
Summary
6
Network Performance Analysis
Network Performance Analysis
Creating a custom profile for troubleshooting
Optimization before analysis
TCP-based issues
Case study 1 – Slow Internet
Case study 2 – Sluggish downloads
Case study 3 – Denial of Service
Summary
Index
Index

The tools of the trade

There are numerous free and commercial packet sniffers, very often named network analyzers, in the market, and selecting the one that best meets your need is a matter of choice. There are several factors to determine this, such as the operating system in use, supported set of protocols, ease of use, customizability, and of course budget. The following are the popular ones:

  • Tcpdump: Tcpdump is a free and popular command-line packet capture utility, which can come in very handy in the absence of a GUI-based tool. However, even after capturing traffic via tcpdump, one can analyze and interpret the traffic using any GUI-based free or commercial tool, as it is visually easy. Refer to TCPDUMP Overview at http://www.tcpdump.org/manpages/tcpdump.1.html.

  • Nagios Network Analyzer and OmniPeek: These are commercial-grade network analyzers that provide organizations with packet analysis capabilities with some unique features of their own. The pricing for these products can be seen on their individual websites.

  • Wireshark: Wireshark, formerly known as Ethereal, is free and open source, and is the most popular packet analyzer out there. It works across multiple platforms and supports a huge set of protocol families with an easy-to-use GUI. Refer to http://wiki.wireshark.org/ProtocolReference/.

Apart from the dedicated sniffer tools we just introduced, packet sniffing capability and modules come integrated in many of the popular security-related tools, such as Snort, Metasploit, and Scapy, to name a few. Snort started off as a sniffer and later used its sniffing capabilities to develop into what we know today as the popular network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) solution.

Another example is the presence of the sniffer module in Metasploit. After successfully compromising a machine using Metasploit, one can execute this module and start sniffing traffic on that compromised box for further enumeration. Sniffing options available with Metasploit are shown as follows:

Another excellent option is using sniff() in Scapy. Scapy is a packet manipulation tool written in Python and can be used to generate, craft, and decode packets and capture them. It is helpful in many security testing-related activities.

The focus of this book is "Wireshark". So, let's get started.

Previous Section
End of Section 3
Next Section