Instant Traffic Analysis with Tshark How-to [Instant]

This title is available as an eBook only
Instant Traffic Analysis with Tshark How-to [Instant]
eBook: $14.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print & eBook also available on:
Learn in an Instant - Short, Fast, Focused
Table of Contents
Sample Chapters
  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results.
  • Terminal-based version of Wireshark for dealing with network security incidents
  • Useful filters to quickly identify and limit network problems derived from malware and a variety of network attacks
  • Decoding capabilities to investigate suspicious traffic and detect network anomalies

Book Details

Language : English
eBook : 68 pages
Release Date : April 2013
ISBN : 178216538X
ISBN 13 : 9781782165385
Author(s) : Borja Merino
Topics and Technologies : All Books, Instant, Networking and Servers, Open Source

Table of Contents

Instant Traffic Analysis with Tshark How-to
  • Instant Traffic Analysis with Tshark How-to
    • Capturing data with Tshark (Must know)
    • Capturing traffic (Must know)
    • Delimiting network problems (Should know)
    • Implementing useful filters (Should know)
    • Decoding protocols (Become an expert)
    • Auditing network attacks (Become an expert)
    • Analyzing network forensic data (Become an expert)
    • Auditing network applications (Must know)
    • Analyzing malware traffic (Must know)
    • Automating tasks (Must know)

Borja Merino

Borja Merino is a security researcher from Leon (Spain). He studied computer science at the Pontificia University of Salamanca and he is certified in OSCP, OSWP, OSCE, CCNA Security, CCSP, Cisco Firewall, SMFE, CISSP and NSTISSI 4011. He has published several papers about pentesting and exploiting, is a Metasploit community contributor and one of the authors of the blog where he regularly writes security articles. You can follow him on Twitter: @BorjaMerino
Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sorry, there are currently no downloads available for this title.

Frequently bought together

Instant Traffic Analysis with Tshark How-to [Instant] +    Getting Started with oVirt 3.3 =
50% Off
the second eBook
Price for both: $26.20

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Basic use of the tool and theoretical concepts of operation and dependence with other tools
  • Find the root of many problems related to the performance of your network
  • Decode SSL to inspect network attacks that attempt to evade IDS
  • Identify well-known networks attacks and get evidence of suspicious network traffic
  • Limit security incidents to locate network intrusions
  • Audit applications that make use of sockets
  • Automate tasks with the help of scripts
  • Use Tshark in a clever way to detect traffic anomalies

In Detail

Malware, DoS attacks, SQLi, and data exfiltration are some of the problems that many security officers have to face every day. Having advanced knowledge in communications and protocol analysis is therefore essential to investigate and detect any of these attacks. Tshark is the ideal tool for professionals who wish to meet these needs, or students who want to delve into the world of networking.

Instant Traffic Analysis with Tshark How-to is a practical, hands-on guide for network administrators and security officers who want to take advantage of the filtering features provided by Tshark, the command-line version of Wireshark. With this guide you will learn how to get the most out of Tshark from environments lacking GUI, ideal for example in Unix/Linux servers, offering you much flexibility to identify and display network traffic.

The book begins by explaining the basic theoretical concepts of Tshark and the process of data collection. Subsequently, you will see several alternatives to capture traffic based on network infrastructure and the goals of the network administrator. The rest of the book will focus on explaining the most interesting parameters of the tool from a totally practical standpoint.

You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters of Tshark that identify malware-infected computers and lots of network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. Finally, you will see some tricks to automate certain tasks with Tshark and python scripts.

You will learn everything you need to get the most out of Tshark and overcome a wide range of network problems. In addition you will learn a variety of concepts related to networking and network attacks currently exploited.


Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This How-to guide will explore TShark. As this is the terminal version, it will show the user all commands and syntax as well as all options for Tshark and its common uses through small recipes.

Who this book is for

This book is intended for network administrators and security officers who have to deal daily with a variety of network problems and security incidents. It will also be a good learning aid for Cisco students wishing to implement and understand the many theoretical concepts related to traffic data and communications in greater depth.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software