Instant Traffic Analysis with Tshark How-to
eBook - ePub

Instant Traffic Analysis with Tshark How-to

  1. 68 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Instant Traffic Analysis with Tshark How-to

Book details
Book preview
Table of contents
Citations

About This Book

In Detail

Malware, DoS attacks, SQLi, and data exfiltration are some of the problems that many security officers have to face every day. Having advanced knowledge in communications and protocol analysis is therefore essential to investigate and detect any of these attacks. Tshark is the ideal tool for professionals who wish to meet these needs, or students who want to delve into the world of networking.

Instant Traffic Analysis with Tshark How-to is a practical, hands-on guide for network administrators and security officers who want to take advantage of the filtering features provided by Tshark, the command-line version of Wireshark. With this guide you will learn how to get the most out of Tshark from environments lacking GUI, ideal for example in Unix/Linux servers, offering you much flexibility to identify and display network traffic.

The book begins by explaining the basic theoretical concepts of Tshark and the process of data collection. Subsequently, you will see several alternatives to capture traffic based on network infrastructure and the goals of the network administrator. The rest of the book will focus on explaining the most interesting parameters of the tool from a totally practical standpoint.

You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters of Tshark that identify malware-infected computers and lots of network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. Finally, you will see some tricks to automate certain tasks with Tshark and python scripts.

You will learn everything you need to get the most out of Tshark and overcome a wide range of network problems. In addition you will learn a variety of concepts related to networking and network attacks currently exploited.

Approach

Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This How-to guide will explore TShark. As this is the terminal version, it will show the user all commands and syntax as well as all options for Tshark and its common uses through small recipes.

Who this book is for

This book is intended for network administrators and security officers who have to deal daily with a variety of network problems and security incidents. It will also be a good learning aid for Cisco students wishing to implement and understand the many theoretical concepts related to traffic data and communications in greater depth.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Instant Traffic Analysis with Tshark How-to by Borja Merino in PDF and/or ePUB format, as well as other popular books in Informatica & Reti di computer. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2013
ISBN
9781782165385
Edition
1
Topic
Informatica
Subtopic
Reti di computer

Instant Traffic Analysis with Tshark How-to

Instant Traffic Analysis with Tshark How-to

Copyright Š 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2013
Production Reference: 1170413
Livery Place
35 Livery Street
Birmingham B3 2PB, UK
ISBN 978-1-78216-538-5
www.packtpub.com

Credits

Author
Borja Merino
Reviewer
Nelo Belda Atoche
IT Content Commissioning Editor
James Jones
Commissioning Editor
Ameya Sawant
Technical Editor
Varun Pius Rodrigues
Project Coordinator
Sneha Modi
Proofreader
Stephen Copestake
Graphics
Ronak Dhruv
Production Coordinator
Shantanu Zagade
Cover Work
Shantanu Zagade
Cover Image
Conidon Miranda

About the Author

Borja Merino is a security researcher from LeĂłn, Spain. He studied Computer Science at the Pontificia University of Salamanca and he is certified in OSCP, OSWP, OSCE, CCNA Security, CCSP, Cisco Firewall, SMFE, CISSP, and NSTISSI 4011. He has published several papers about pentesting and exploiting. He is also a Metasploit community contributor and one of the authors of the blog www.securityartwork.com, where he regularly writes security articles. You can follow him on Twitter at @BorjaMerino.
I would like to dedicate this book (my first mini book) to my family, especially my parents and my brother, the most important people to me. Of course, I also dedicate it to my girlfriend and my best colleagues although some of them do not even know what a protocol analyzer is.
Finally, I would like to give special thanks to the Technical Reviewer Nelo and my friend Alfon who, without hesitation, offered to help me with the review of the book. Thank you guys!

About the Reviewer

Nelo Belda Atoche is a Security Analyst in S2 Grupo. He received a Technical Engineering degree in Telecommunication from the Universitat Politècnica de València and a Master’s degree in Information Systems and Technology Management and Administration from the Universitat Oberta de Catalunya. Since his early student years, he has been focused on Computer Security.
He currently works as an Incident Handler (GIAC Certified on Incident Handler, GCIH) in a Computer Security Incident Response Team, at the Spanish company S2 Grupo. He performs tasks of network and computer analysis and forensics, incident response, and IDS/IPS management, among others. He also has collaborated on various technical reports, about critical infrastructure protection, as well as in the blog SecurityArtWork.

www.PacktPub.com

Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and, as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Support files, eBooks, discount offers and more
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packts online digital book library. Here, you can access, read, and search across Packts entire library of books.

Why Subscribe?

  • Fully searchable across every book published by Packt
  • Copy and paste, print and bookmark content
  • On-demand and accessible via web browsers

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

One of the main tasks of any network administrator or security officer is traffic analysis. Skill in the use of protocol analysis tools will be essential to locate and limit network problems, resolve security incidents, check the correct operation of routing protocols, test applications using sockets, and so on. Tshark, the command-line version of Wireshark, is the ideal tool for professionals who wish to meet those needs or students who want to delve into the world of networking and understand in more depth the operation of TCP/IP network protocols. With Tshark, you could take advantage of all filtering features provided by Wireshark from lacking GUI environments, ideal for example in Unix/Linux servers, offering you great flexibility to identify and display network traffic. This book will develop the full potential of this tool from a completely practical standpoint, using real examples that represent the everyday life of many professionals dedicated to the world of security and communications.

What this book covers

Capturing data with Tshark (Must know) explains basic theoretical concepts about Tshark and the process of data collection. It also explains how to configure Tshark to capture traffic with the appropriate permissions without exposing the system for possible vulnerabilities.
Capturing traffic (Must know) explains some of the options for data collection. Each of the alternatives depends on the network infrastructure and the objectives of the analyst.
Delimiting network problems (Should know) offers practical examples to help us define and identify specific network traffic, in order to quickly identify the source of many problems of networking.
Implementing useful filters (Should know) presents useful examples that...

Table of contents

  1. Instant Traffic Analysis with Tshark How-to