Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Wireshark 2 Quick Start Guide
Wireshark 2 Quick Start Guide

Wireshark 2 Quick Start Guide: Secure your network through protocol analysis

By Charit Mishra
$25.99 $17.99
Book Jun 2018 164 pages 1st Edition
eBook
$25.99 $17.99
Print
$32.99
Subscription
$15.99 Monthly
eBook
$25.99 $17.99
Print
$32.99
Subscription
$15.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details


Publication date : Jun 27, 2018
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781789342789
Languages :
Table of content icon View table of contents Preview book icon Preview Book

Wireshark 2 Quick Start Guide

Chapter 1. Installing Wireshark

This chapter provides you with an introduction to the basics of the TCP/IP model and a step-by-step walkthrough of how to install Wireshark on your favorite operating system. You will be introduced to the following topics:

  • What is Wireshark?
  • A brief overview of the TCP/IP model
  • Installing and running Wireshark on different platforms
  • Troubleshooting common installation errors

Introduction to Wireshark


Wireshark is an advanced network and protocol analyser, it lets you visualize network's activity in graphical form, and assists professionals in debugging network-level issues. Wireshark enhances the ability of network and security professionals by providing detailed insight into the network traffic. However, Wireshark is also used by malicious users to sniff network traffic in order to obtain sensitive data in the form of plain text.

Why use Wireshark?

Many people, including myself, are obsessed with the simplicity of the packet-capturing features that Wireshark provides us with. Let's quickly go through a few of the reasons why most professionals prefer Wireshark to other packet sniffers:

  • User friendly: The interface of Wireshark is easy to use and understand, tools & features are very well organized and represented.
  • Robustness: Wireshark is capable of handling enormous volumes of network traffic with ease.
  • Platform independent: Wireshark is available for different flavors of operating system, whether Windows, Linux, and Macintosh.
  • Filters: There are two kinds of filtering options available in Wireshark:
    • You choose what to capture (capture filters)
    • You choose what to display after you've captured (display filters)
  • Cost: Wireshark is a free and open source packet analyzer that is developed and maintained by a dedicated community of professionals. Wireshark also offers a few paid professional applications as well. For more details, refer to Wireshark's official website https://www.wireshark.org/.
  • Support: Wireshark is being continuously developed  by a group of contributors that are scattered around the globe. We can sign up to Wireshark's mailing list or we can get help from the online documentation, which can be accessed through the GUI itself. Various other online forums are also available for you to get the most effective help; go to Google Paid Wireshark Support to learn more about the available support.

The installation process

The installation of Wireshark is very simple and easy to follow. Go through the following steps to install it on your system:

  1. The recipes and examples in this book will be for use on a Macintosh and Windows PC; for other operating systems, the installation is the same. Some OSes, such as Kali Linux, come with a preinstalled version of Wireshark.
  2. Once you have located the correct version of Wireshark for your platform (Wireshark 2.6.1 Intel 64.dmg), install Wireshark by following the wizard.
  3. Restart the computer after completion of the installation process to commit the changes that were made.
  4. Double-click the Wireshark icon on your desktop to the run the application:

The Wireshark screen

Troubleshooting common installation errors

Go through the following simple checklist to ensure that you are able to run Wireshark successfully (make sure that all of these criterias are met):

  • You have downloaded Wireshark from known and trusted source only
  • You have administrative privileges to run Wireshark
  • The installation of Wireshark and the Winpcap driver has been completed successfully without any exceptions
  • You are connected to the network that you want to capture network traffic from
  • If you are trying to sniff using a virtual machine, ensure that you have set your network adapter to bridged mode
  • Restart your machine to ensure the changes have been applied after successful installation of Wireshark
  • Your NIC card supports promiscuous mode sniffing (when needed)
  • You can see all of the interfaces (wired, wireless, and logical) on the home screen of Wireshark
  • The line graph followed by the interface name shows activity on the Homescreen
  • Also, you have legal permissions to capture network traffic

A brief overview of the TCP/IP model


The world of network communication is governed by a set of protocols (rules and regulations) in order to function as intended. Protocols govern the transmission of network packets/segments/frames over a communication channel between endpoints. In order to understand how network packets stick together, forming a stream of traffic, we need to understand the basics of the networking that is the TCP/IP model. The TCP/IP model was originally known as the DoD model, a project that was regulated by the United States Department of Defense. All of the communication that we witness over the internet and other networks happens only through TCP/IP.

The TCP/IP model takes care of every part of packet's life cycle, namely, how a packet comes to life, how a packet is generated, how information pertaining to packet gets attached data payload (PDU), how it is routed through intermediary nodes, linking with other packets and so on.

It is strongly recommended to do some self-study on TCP/IP and how it functions, before you proceed ahead, as this book requires decent amount of familiarity with protocols.

The layers in the TCP/IP model


The TCP/IP model comprises four layers, as shown in the following diagram. Each layer has a specific purpose to fulfill and utilizes a set of protocols to facilitate communications. Every protocol in every layer has a specific purpose:

The first layer is the Application Layer, which directly interacts with users and subsequent layers and protocols; it is primarily concerned with the representation of the data in a understandable format to the user. The application layer also keeps track of user sessions, monitoring who is connected; it uses a set of protocols that helps to interface with users and other layers in the TCP/IP model. Some popular protocols in the Application Layer are as follows:

  • Hypertext Transfer Protocol (HTTP)
  • File Transfer Protocol (FTP)
  • Simple Network Management Protocol (SNMP)
  • Simple Mail Transfer Protocol (SMTP)

The second layer is the Transport Layer. The purpose of this layer is to create sockets (a combination of the port and IP address) in order to let two endpoints communicate. Sockets facilitate the creation of multiple distinct connections between two or more devices (more than one tab can be opened in Chrome).

An IP address is required for communication between devices in different networks/segments (such as is used between two router interfaces or communication over the internet). It can also be used in local area network (LAN) communication, and is established over physical addresses (MAC). Apart from the restricted range of port numbers, operating systems and applications can choose a random port (other than ports 1 to 1013) for communication.

The transport layer also serves as a backbone for the communication. The two most critical protocols that work in this layer are the TCP and UDP:

  • The TCP is a connection-oriented protocol, also called a reliable protocol. Firstly, a dedicated communication channel is established between the endpoints, which is then followed by data transmission. Equally partitioned chunks are transmitted from the source, and the receiving end sends an acknowledgement for every packet received. The side that is sending the data resends the packet if an acknowledgement is not received within a stated time frame.
  • The UDP is a connectionless protocol and is often called an unreliable communication form. In the UDP, no dedicated channel is established, which also makes it a simpler and faster way of communication. There are also no acknowledgement packets sent by the endpoints. For example, if you are playing an online game, the loss of a few packets over the communication channel is not going to hamper your gaming experience because the number of packets coming through is huge, and a few missing packets will not make much difference to the overall quality of the network stream.

The third layer is the Internet Layer, which is primarily concerned with routing and movement of data between networks. The primary protocol that works in this layer is the IP (Internet Protocol). The IP provides the network packets with the routing capability that they need in order to reach their destination. Other protocols included in this layer are the ICMP and IGMP.

The fourth andfinallayer is the Link Layer(often called the network interface layer). It interfaces with the physical network hardware. There are no protocols specified in this layer by the TCP/IP; however, several protocols are implemented, such as the Address Resolution Protocol(ARP) and thePoint to Point Protocol(PPP). This layer is concerned with how information travels inside the communication channel (wired or wireless). The link layer is responsible for establishing and terminating the connection, as well as converting the signals from analog to digital and vice versa. Devices such as bridges and switches operate in this layer.

As data progresses from the application layer to the link layer, several bits of information are attached to the data in the form of headers or footers, which allow different layers of the TCP/IP to communicate with each other. The process of adding these extra bits is called data encapsulation, and in this process, a protocol data unit (PDU) is created at the end of the networking process (passing through the application to the link layer).

PDU consists of the data along with network addressing and protocol information that gets attached as part of the header or footer. By the time PDU reaches the bottom-most layer, it is embedded with all the required information necessary for transmission. Once the PDU reaches the destination, the attached header and footer PDU elements are ripped off one by one as it passes through each layer of the TCP/IP model and progresses upward in the model.

The following diagram depicts the process of encapsulation:

Summary


In this chapter, we looked at the basic networking concepts that you need to know, along with an introduction to Wireshark. Wireshark is a protocol analyzer that is used worldwide by technology professionals to capture and analyze network-level packets.

We also learned about the TCP/IP model. The TCP/IP model has four layers: the application layer, transport layer, network layer, and the link layer. Data is encapsulated as it passes from one layer to another; the resulting packet at the bottom is called a complete PDU.

The TCP is a reliable protocol because acknowledgements are sent as part of its process, whereas the UDP is an unreliable protocol because no acknowledgements are sent.

To install Wireshark, you just need to visit http://www.wireshark.org and then download the appropriate version for your operating system.

Troubleshooting your Wireshark can be done by ensuring that the network is working fine, that you have the full rights required to install and run the application, and that the installation had completed without any exceptions.

In the next chapter we will run our first Wireshark capture and get to feel the protocol analysis experience.

Left arrow icon Right arrow icon

Key benefits

  • <ul><li>Learn protocol analysis, optimization and troubleshooting using Wireshark, an open source tool</li>
  • <li>Learn the usage of filtering and statistical tools to ease your troubleshooting job</li>
  • <li>Quickly perform root-cause analysis over your network in an event of network failure or a security breach</li>
  • </ul>

Description

<p>Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.</p> <p>This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations.</p> <p>By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.</p>

What you will learn

<ul><li>Learn how TCP/IP works </li> <li>Install Wireshark and understand its GUI</li> <li>Creation and Usage of Filters to ease analysis process</li> <li>Understand the usual and unusual behaviour of Protocols</li> <li>Troubleshoot network anomalies quickly with help of Wireshark</li> <li>Use Wireshark as a diagnostic tool for network security analysis to identify source of malware</li> <li>Decrypting wireless traffic</li> <li>Resolve latencies and bottleneck issues in the network</li> </ul>

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details


Publication date : Jun 27, 2018
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781789342789
Languages :

Table of Contents

14 Chapters
Title Page Chevron down icon Chevron up icon
Packt Upsell Chevron down icon Chevron up icon
Contributors Chevron down icon Chevron up icon
Preface Chevron down icon Chevron up icon
1. Installing Wireshark Chevron down icon Chevron up icon
2. Introduction to Wireshark and Packet Analysis Chevron down icon Chevron up icon
3. Filtering Our Way in Wireshark Chevron down icon Chevron up icon
4. Analyzing Application Layer Protocols Chevron down icon Chevron up icon
5. Analyzing the Transport Layer Protocols TCP/UDP Chevron down icon Chevron up icon
6. Network Security Packet Analysis Chevron down icon Chevron up icon
7. Analyzing Traffic in Thin Air Chevron down icon Chevron up icon
8. Mastering the Advanced Features of Wireshark Chevron down icon Chevron up icon
1. Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Filter icon Filter
Top Reviews
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by


No reviews found
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.