Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark, 2nd Edition
- Length: 606 pages
- Edition: 2
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-08-05
- ISBN-10: 180323167X
- ISBN-13: 9781803231679
- Sales Rank: #210337 (See Top 100 Books)
Expertly analyze common protocols such as TCP, IP, and ICMP, along with learning how to use display and capture filters, save and export captures, create IO and stream graphs, and troubleshoot latency issues
Key Features
- Gain a deeper understanding of common protocols so you can easily troubleshoot network issues
- Explore ways to examine captures to recognize unusual traffic and possible network attacks
- Learn advanced techniques, create display and capture filters, and generate IO and stream graphs
Book Description
Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and potential attacks. Over the years, there have been many enhancements to Wireshark’s functionality. This book will guide you through essential features so you can capture, display, and filter data with ease. In addition to this, you’ll gain valuable tips on lesser-known configuration options, which will allow you to complete your analysis in an environment customized to suit your needs.
This updated second edition of Learn Wireshark starts by outlining the benefits of traffic analysis. You’ll discover the process of installing Wireshark and become more familiar with the interface. Next, you’ll focus on the Internet Suite and then explore deep packet analysis of common protocols such as DNS, DHCP, HTTP, and ARP. The book also guides you through working with the expert system to detect network latency issues, create I/O and stream graphs, subset traffic, and save and export captures. Finally, you’ll understand how to share captures using CloudShark, a browser-based solution for analyzing packet captures.
By the end of this Wireshark book, you’ll have the skills and hands-on experience you need to conduct deep packet analysis of common protocols and network troubleshooting as well as identify security issues.
What you will learn
- Master network analysis and troubleshoot anomalies with Wireshark
- Discover the importance of baselining network traffic
- Correlate the OSI model with frame formation in Wireshark
- Narrow in on specific traffic by using display and capture filters
- Conduct deep packet analysis of common protocols: IP, TCP, and ARP
- Understand the role and purpose of
- ICMP, DNS, HTTP, and DHCP
- Create a custom configuration profile and personalize the interface
- Create I/O and stream graphs to better visualize traffic
Who this book is for
If you are a network administrator, security analyst, student, or teacher and want to learn about effective packet analysis using Wireshark, then this book is for you. In order to get the most from this book, you should have basic knowledge of network fundamentals, devices, and protocols along with an understanding of different topologies.
Learn Wireshark Second Edition Contributors About the author About the reviewer Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Share Your Thoughts Part 1 Traffic Capture Overview Chapter 1: Appreciating Traffic Analysis Reviewing packet analysis Exploring early packet sniffers Evaluating devices that use packet analysis Capturing network traffic Recognizing who benefits from using packet analysis Assisting developers Helping network administrators monitor the network Educating students on protocols Alerting security analysts to threats Arming hackers with information Identifying where to use packet analysis Analyzing traffic on a LAN Outlining when to use packet analysis Troubleshooting latency issues Testing IoT devices Monitoring for threats Baselining the network Getting to know Wireshark Summary Questions Chapter 2: Using Wireshark Examining the Wireshark interface Streamlining the interface Discovering keyboard shortcuts Recognizing the Wireshark authors Finding information Understanding the phases of packet analysis Gathering network traffic Decoding the raw bits Displaying the captured data Analyzing the packet capture Using CLI tools with Wireshark Exploring tshark Dissecting protocols Summary Questions Chapter 3: Installing Wireshark Discovering support for different OSes Using Wireshark on Windows Running Wireshark on Unix Installing Wireshark on macOS Deploying Wireshark on Linux Working with Wireshark on other systems Comparing different capture engines Understanding libpcap Examining WinPcap Grasping Npcap Performing a standard Windows installation Beginning the installation Choosing components Creating shortcuts and selecting an install location Capturing packets and completing the installation Reviewing available resources Viewing news and help topics Evaluating download options Summary Questions Further reading Chapter 4: Exploring the Wireshark Interface Opening the Wireshark welcome screen Selecting a file Capturing traffic Exploring the File menu Opening a file, closing, and saving Exporting packets, bytes, and objects Printing packets and closing Wireshark Discovering the Edit menu Copying items and finding packets Marking or ignoring packets Setting a time reference Personalizing your work area Exploring the View menu Enhancing the interface Formatting time and name resolution Modifying the display Refreshing the view Summary Questions Part 2 Getting Started with Wireshark Chapter 5: Tapping into the Data Stream Reviewing network architectures Comparing different types of networks Exploring various types of media Learning various capture methods Providing input Directing output Selecting options Tapping into the stream Comparing conversations and endpoints Realizing the importance of baselining Planning the baseline Capturing traffic Analyzing the captured traffic Saving the baselines Summary Questions Chapter 6: Personalizing the Interface Personalizing the layout Altering the appearance Changing the layout Creating a tailored configuration profile Customizing a profile Crafting buttons Adjusting columns, font, and colors Adding, editing, and deleting columns Refining the font and colors Adding comments Attaching comments to files Entering packet comments Viewing and saving comments Summary Questions Chapter 7: Using Display and Capture Filters Filtering network traffic Analyzing traffic Comparing the filters' files Comprehending display filters Editing display filters Using bookmarks Creating capture filters Modifying capture filters Bookmarking a filter Understanding the expression builder Building an expression Discovering shortcuts and handy filters Embracing filter shortcuts Applying useful filters Summary Questions Further reading Chapter 8: Outlining the OSI Model An overview of the OSI model Developing the framework Using the framework Discovering the purpose of each layer, the protocols, and the PDUs Evaluating the Application layer Dissecting the Presentation layer Learning about the Session layer Appreciating the Transport layer Explaining the Network layer Examining the Data Link layer Traveling over the Physical layer Exploring the encapsulation process Viewing the data Identifying the segment Characterizing the packet Forming the frame Demonstrating frame formation in Wireshark Examining the network bindings Summary Questions Part 3 The Internet Suite TCP/IP Chapter 9: Decoding TCP and UDP Reviewing the transport layer Describing TCP Establishing and maintaining a connection Exploring a single TCP frame Examining the 11-field TCP header Exploring TCP ports Sequencing bytes Acknowledging data Following the flags Dissecting the window size Viewing additional header values Understanding UDP Studying a single UDP frame Discovering the four-field UDP header Analyzing the UDP header fields Summary Questions Further reading Chapter 10: Managing TCP Connections Dissecting the three-way handshake Isolating a single stream Identifying the handshake packets Learning TCP options Grasping the EOL option Using NOP Defining the MSS Scaling the WS Permitting SACK Using timestamps Understanding TCP protocol preferences Modifying TCP preferences Tearing down a connection Summary Questions Further reading Chapter 11: Analyzing IPv4 and IPv6 Reviewing the network layer Understanding the purpose of IP Outlining IPv4 Dissecting the IPv4 header Modifying options for IPv4 Exploring IPv6 Navigating the IPv6 header fields Editing protocol preferences Reviewing IPv4 preferences Adjusting preferences for IPv6 Discovering tunneling protocols Summary Questions Further reading Chapter 12: Discovering ICMP Understanding the purpose of ICMP Understanding the ICMP header Investigating the data payload Dissecting ICMP and ICMPv6 Reviewing ICMP Outlining ICMPv6 Sending ICMP messages Reporting errors on the network Issuing query messages Providing information using ICMPv6 Evaluating type and code values Reviewing ICMP type and code values Defining ICMPv6 type and code values Configuring firewall rules Acting maliciously Allowing only necessary types Summary Questions Further reading Part 4 Deep Packet Analysis of Common Protocols Chapter 13: Diving into DNS Recognizing the purpose of DNS Mapping an IP address Types of DNS servers Transporting DNS Comparing types and classes of RRs Breaking down DNS types Examining the RR structure Reviewing the DNS packet Examining the header Dissecting the packet structure Outlining the query section Evaluating queries and responses Caching a response Calculating response times Testing using nslookup Securing DNS Summary Questions Further reading Chapter 14: Examining DHCP Recognizing the purpose of DHCP Configuring the client's IP address Using a DHCP relay agent Working with IPv6 addresses Addressing security issues Stepping through the DORA process Moving through DHCP states Obtaining an IP address Leasing an IP address Dissecting a DHCP header Examining DHCP field values Understanding DHCP messages Comparing DHCP options Following a DHCP example Releasing an IP address Broadcasting a discover packet Delivering an offer Requesting an IP address Acknowledging the offer Summary Questions Further reading Chapter 15: Decoding HTTP Describing HTTP Dissecting a web page Understanding HTTP versions Recognizing HTTP methods Keeping track of the connection Evaluating connection types Maintaining state with cookies Comparing request and response messages Viewing an HTTP request Responding to the client Following an HTTP stream Beginning the conversation Requesting data Responding to the client Ending the conversation Summary Questions Further reading Chapter 16: Understanding ARP Understanding the role and purpose of ARP Resolving MAC addresses Investigating an ARP cache Replacing ARP with NDP in IPv6 Exploring ARP headers and fields Identifying a standard ARP request/reply Breaking down the ARP header fields Examining different types of ARP Reversing ARP Evaluating InARP Issuing a gratuitous ARP Working on behalf of ARP Comparing ARP attacks and defense methods Comparing ARP attacks and tools Defending against ARP attacks Summary Questions Further reading Part 5 Working with Packet Captures Chapter 17: Determining Network Latency Issues Analyzing latency issues Grasping latency, throughput, and packet loss Learning the importance of time values Understanding coloring rules Exploring the Intelligent Scrollbar Common transmission errors Discovering expert information Viewing the column headers Assessing the severity Organizing the information Summary Questions Chapter 18: Subsetting, Saving, and Exporting Captures Discovering ways to subset traffic Dissecting by an IP address Narrowing down by conversations Minimizing by port number Breaking down by protocol Subsetting by stream Understanding options to save a file Using Save as Recognizing ways to export components Selecting specified packets Exporting various objects Identifying why and how to add comments Providing file and packet comments Saving and viewing comments Summary Questions Chapter 19: Discovering I/O and Stream Graphs Discovering the Statistics menu Viewing general information Assessing protocol effectiveness Graphing capture issues Creating I/O graphs Examining errors Graphing duplicate ACKs Modifying the settings Exploring other options Comparing TCP stream graphs Using time sequence graphs Determining throughput Assessing Round Trip Time Evaluating window scaling Summary Questions Chapter 20: Using CloudShark for Packet Analysis Discovering CloudShark Modifying the preferences Uploading captures Working with capture files Outlining the various filters and graphs Displaying data using filters Viewing data using graphs Evaluating the different analysis tools Following the stream and viewing conversations Viewing packet lengths and VoIP activity Exploring HTTP analysis and wireless traffic Monitoring possible threats Locating sample captures Examining captures Finding more captures Summary Questions Further reading Assessments Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.