Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Packet Analysis with Wireshark
Packet Analysis with Wireshark

Packet Analysis with Wireshark: Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing improved protocol analysis

By ANISH NATH
$29.99 $20.98
Book Dec 2015 172 pages 1st Edition
eBook
$29.99 $20.98
Print
$38.99
Subscription
$15.99 Monthly
eBook
$29.99 $20.98
Print
$38.99
Subscription
$15.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details


Publication date : Dec 4, 2015
Length 172 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785887819
Languages :
Table of content icon View table of contents Preview book icon Preview Book

Packet Analysis with Wireshark

Chapter 1. Packet Analyzers

A packet analyzer is also known as a packet sniffer or a network protocol analyzer. Packet analyzer has the ability to grab the raw packet from the wire, wireless, Bluetooth, VLAN, PPP, and other network types, without getting processed by the application. By doing so it brings the whole science and innovation to this field. In this chapter we will see a few use cases of the packet analyzer by covering the following topics:

  • Uses for packet analyzers

  • Introducing Wireshark

  • Other packet analyzer tools

  • Mobile packet capturing

Uses for packet analyzers


More practically, packet analyzers are employed in network security and to analyze raw traffic so as to detect scans and attacks, and for sniffing, network troubleshooting, and many more uses, as shown in the following image:

Packet analyzers can be used as follows:

  • Network administrators can diagnose problems on a network

  • Security architects can perform a security audit on a packet

  • Protocol developers can diagnose/learn protocol-related issues

  • White-hat hackers can find vulnerabilities in the application and fix them before black-hat hacker find them

The use is not limited to these bullet point, there are lots of new tools and innovations happening in this area. Find a use case and build your own packet analyzer; the best example is Wireshark.

Introducing Wireshark


Wireshark is perhaps one of the best open source packet analyzers available today. Wireshark is a powerful packet analyzer tool, with an easy-to-use, rich GUI and a command-line utility with very active community support: http://ask.wireshark.org.

Wireshark uses pcap (libpcap) to capture packets, which means it can capture packets in offline mode—to view the captured packets—and online mode (live traffic) to capture and display the traffic in the Wireshark GUI. Once open, the Wireshark GUI looks like this:

Wireshark features

We will see some of the important features that are available in Wireshark in the following figure:

Wireshark has the following cool built-in features, few of them are listed as follows:

  • Available in both UNIX and Windows

  • Ability to capture live packets from various types of interface

  • Filters packets with many criteria

  • Ability to decode larger sets of protocols

  • Can save and merge captured packets

  • Can create various statistics

  • User-friendly GUI and command-line interface

  • Active community support (http://ask.wireshark.org)

Wireshark's dumpcap and tshark

The Wireshark installation provides some command-line tools such as dumpcap and tshark. Wireshark and tshark rely on dumpcap to capture traffic; more advanced functionality is performed by tshark. Also note that dumpcap can be run as its own standalone utility. tshark is a command-line version of Wireshark and can be used in the remote terminal.

The Wireshark packet capture process

The user must be aware of where Wireshark is installed and it should be obliged with your organization policy before start capturing on the TAP (Test Access Point) or Switch Port Analyzer (SPAN) port.

Usually developers install Wireshark on their personal laptop/desktop and capture packets, which goes in-out from the box.

Certain guidelines should be followed to perform this:

  1. Make sure you're allowed to do what you're going to do; check your corporate policies before capturing a packet.

  2. The operating system must support packet capturing:

    • Linux packet socket support is enabled in the kernel by default

    • Windows requires WinPCap to be installed

  3. Choose the interface and enable the promiscuous mode on it. Promiscuous mode accepts all packets whether they are addressed to the interface or not.

  4. If using a Wi-Fi interface, enable the monitor mode for WLAN capturing.

  5. Start capturing and use Wireshark's different features like (filters/statistics/IO/save) for further analysis

Other packet analyzer tools


Wireshark is a packet analysis tool to use features such as packet editing/replaying, performing MITM, ARPspoof, IDS, and HTTP proxy, and there are other packet analyzer tools available and can be used as well.

The following is a list (not limited) of notable packet analyzer tools on the market; many others are commercially available. The table lists tools and their features:

Tools

Packet editing

Packet replay

ARPspoof/MITM

Password sniffing

Intrusion detection

HTTP debugger

WireEdit (https://wireedit.com/)

Y

N

N

N

N

N

Scapy (http://www.secdev.org/)

Y

Y

Y

Y

N

Y

Ettercap (https://ettercap.github.io/ettercap/)

Y

N

Y

Y

N

N

Tcpreplay (http://tcpreplay.synfin.net/)

N

Y

N

N

N

N

Bit-Twist (http://bittwist.sourceforge.net/)

Y

N

N

N

N

N

Cain (http://www.oxid.it/cain.html)

N

N

Y

Y

N

N

Snort (https://www.snort.org/)

N

N

N

N

Y

N

Mobile packet capture

Wireshark is not available on mobile platforms such as Android, iOS, or Windows. In order to capture mobile traffic the following tools are suggested based on the platform:

Platform

Packet capture tool used

URL

Windows

Microsoft Network Analyzers

http://www.microsoft.com/en-in/download/details.aspx?id=19484

iOS

Paros

http://sourceforge.net/projects/paros/

Android

Shark for Root

http://www.appbrain.com/app/shark-for-root/lv.n3o.shark

Kismet Android PCAP

http://www.kismetwireless.net/android-pcap/

Various other techniques are used to capture mobile traffic using Wireshark. One such technique is creating a Wi-Fi hotspot on the laptop, allowing the mobile phone to use this Wi-Fi, and sniffing traffic on your Wi-Fi interface using Wireshark.

Summary


In this chapter we learned what packet analyzers are and what their use cases are. After a quick introduction to Wireshark, we covered what goes on behind-the-scenes when Wireshark captures packets; Wireshark benefits and important features; the necessary prerequisites before capturing packets; and other packet analyzer tools for packet editing/sniffing/replaying and so on. We also provided a brief overview of mobile packet capturing.

The next chapter will be more specific to Wireshark and its tips and tricks. After that we will explore TCP troubleshooting, then plunge into SSL, and other application protocols such as DHCPv6, DHCP, DNS, and HTTP. We will also analyze Wi-Fi capturing and carry out some security analyses with the help of Wireshark and tcpdump.

Left arrow icon Right arrow icon

Key benefits

What you will learn

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details


Publication date : Dec 4, 2015
Length 172 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785887819
Languages :

Table of Contents

14 Chapters
Packet Analysis with Wireshark Chevron down icon Chevron up icon
Credits Chevron down icon Chevron up icon
About the Author Chevron down icon Chevron up icon
About the Reviewers Chevron down icon Chevron up icon
www.PacktPub.com Chevron down icon Chevron up icon
Preface Chevron down icon Chevron up icon
1. Packet Analyzers Chevron down icon Chevron up icon
2. Capturing Packets Chevron down icon Chevron up icon
3. Analyzing the TCP Network Chevron down icon Chevron up icon
4. Analyzing SSL/TLS Chevron down icon Chevron up icon
5. Analyzing Application Layer Protocols Chevron down icon Chevron up icon
6. WLAN Capturing Chevron down icon Chevron up icon
7. Security Analysis Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Filter icon Filter
Top Reviews
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by


No reviews found
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.