eBook - ePub

Wireshark Essentials

Name: Wireshark Essentials
Author: James H. Baxter

James H. Baxter,

194 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Wireshark Essentials

James H. Baxter,

Book details

Book preview

Table of contents

Citations

About This Book

This book introduces the Wireshark network analyzer to IT professionals across multiple disciplines.

It starts off with the installation of Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. The subsequent chapters will build on this foundation by covering essential topics on the application of the right Wireshark features for analysis, network protocols essentials, troubleshooting, and analyzing performance issues. Finally, the book focuses on packet analysis for security tasks, command-line utilities, and tools that manage trace files.

Upon finishing this book, you will have successfully added strong Wireshark skills to your technical toolset and significantly increased your value as an IT professional.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Yes, you can access Wireshark Essentials by James H. Baxter in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2014

ISBN

9781783554638

Edition

Topic

Computer Science

Subtopic

Cyber Security

Index

Computer Science

Wireshark Essentials

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Getting Acquainted with Wireshark

Installing Wireshark

Installing Wireshark on Windows

Installing Wireshark on Mac OS X

Installing Wireshark on Linux/Unix

Performing your first packet capture

Selecting a network interface

Performing a packet capture

Wireshark user interface essentials

Filtering out the noise

Applying a display filter

Saving the packet trace

Summary

2. Networking for Packet Analysts

The OSI model – why it matters

Understanding network protocols

The seven OSI layers

Layer 1 – the physical layer

Layer 2 – the data-link layer

Layer 3 – the network layer

Internet Protocol

Address Resolution Protocol

Layer 4 – the transport layer

User Datagram Protocol

Transmission Control Protocol

Layer 5 – the session layer

Layer 6 – the presentation layer

Layer 7 – the application layer

Encapsulation

IP networks and subnets

Switching and routing packets

Ethernet frames and switches

IP addresses and routers

WAN links

Wireless networking

Summary

3. Capturing All the Right Packets

Picking the best capture point

User location

Server location

Other capture locations

Mid-network captures

Both sides of specialized network devices

Test Access Ports and switch port mirroring

Test Access Port

Switch port mirroring

Capturing packets on high traffic rate links

Capturing interfaces, filters, and options

Selecting the correct network interface

Using capture filters

Configuring capture filters

Capture options

Capturing filenames and locations

Multiple file options

Ring buffer

Stop capture options

Display options

Name resolution options

Verifying a good capture

Saving the bulk capture file

Isolating conversations of interest

Using the Conversations window

The Ethernet tab

The TCP and UDP tabs

The WLAN tab

Wireshark display filters

The Display Filter window

The display filter syntax

Typing in a display filter

Display filters from a Conversations or Endpoints window

Filter Expression Buttons

Using the Expressions window button

Right-click menus on specific packet fields

Following TCP/UDP/SSL streams

Marking and ignoring packets

Saving the filtered traffic

Summary

4. Configuring Wireshark

Working with packet timestamps

How Wireshark saves timestamps

Wireshark time display options

Adding a time column

Conversation versus displayed packet time options

Choosing the best Wireshark time display option

Using the Time Reference option

Colorization and coloring rules

Packet colorization

Wireshark preferences

Wireshark profiles

Creating a Wireshark profile

Selecting a Wireshark profile

Summary

5. Network Protocols

The OSI and DARPA reference models

Network layer protocols

Wireshark IPv4 filters

Wireshark ARP filters

Internet Group Management Protocol

Wireshark IGMP filters

Internet Control Message Protocol

ICMP pings

ICMP traceroutes

ICMP control message types

ICMP redirects

Wireshark ICMP filters

Internet Protocol Version 6

IPv6 addressing

IPv6 address types

IPv6 header fields

IPv6 transition methods

Wireshark IPv6 filters

Internet Control Message Protocol Version 6

Multicast Listener Discovery

Wireshark ICMPv6 filters

Transport layer protocols

User Datagram Protocol

Wireshark UDP filters

Transmission Control Protocol

TCP flags

TCP options

Wireshark TCP filters

Application layer protocols

Dynamic Host Configuration Protocol

Wireshark DHCP filters

Dynamic Host Configuration Protocol Version 6

Wireshark DHCPv6 filters

Domain Name Service

Wireshark DNS filters

Hypertext Transfer Protocol

HTTP Methods

Host

Request Modifiers

Wireshark HTTP filters

Additional information

Wireshark wiki

Protocols on Wikipedia

Requests for Comments

Summary

6. Troubleshooting and Performance Analysis

Troubleshooting methodology

Gathering the right information

Establishing the general nature of the problem

Half-split troubleshooting and other logic

Troubleshooting connectivity issues

Enabling network interfaces

Confirming physical connectivity

Obtaining the workstation IP configuration

Obtaining MAC addresses

Obtaining network service IP addresses

Basic network connectivity

Connecting to the application services

Troubleshooting functional issues

Performance analysis methodology

Top five reasons for poor application performance

Preparing the tools and approach

Performing, verifying, and saving a good packet capture

Initial error analysis

Detecting and prioritizing delays

Server processing time events

Application turn's delay

Network path latency

Bandwidth congestion

Data transport

TCP StreamGraph

IO Graph

IO Graph – Wireshark 2.0

Summary

7. Packet Analysis for Security Tasks

Security analysis methodology

The importance of baselining

Security assessment tools

Identifying unacceptable o...