Index
A
- abnormalities, TCP
- examples / Unusual traffic
- Address Resolution Protocol (ARP)
- about / Address Resolution Protocol
- AirPcap Adapters
- about / AirPcap adapters
- Anycast addresses
- about / IPv6 address types
- application layer, OSI
- about / Layer 7 – the application layer
- encapsulation / Encapsulation
- application layer protocols
- about / Application layer protocols
- Dynamic Host Configuration Protocol (DHCP) / Dynamic Host Configuration Protocol
- Dynamic Host Configuration Protocol Version 6 (DHCPv6) / Dynamic Host Configuration Protocol Version 6
- Domain Name Service (DNS) / Domain Name Service
- Hypertext Transfer Protocol (HTTP) / Hypertext Transfer Protocol
- additional information / Additional information
- areas, functional issues troubleshooting
- user credentials / Troubleshooting functional issues
- user machine, application settings / Troubleshooting functional issues
- application reported errors / Troubleshooting functional issues
- web browsers differences / Troubleshooting functional issues
- ARP packet
- significant fields / Address Resolution Protocol
- ARP scans
- about / ARP scans
- ARP sweeps
- about / ARP scans
B
- baselining
- about / The importance of baselining
- importance / The importance of baselining
- traffic aspects / The importance of baselining
- basic network connectivity
- testing / Basic network connectivity
- application services, connecting to / Connecting to the application services
- Berkeley packet filter (BPF) / Installing Wireshark on Mac OS X
- bits-per-second (bps) / Bandwidth congestion
- bits per second (bps) / Filtering out the noise
C
- Capinfos.exe
- about / Wireshark command-line utilities
- Capture Filter field
- capture filters
- about / Capturing interfaces, filters, and options
- using / Using capture filters
- configuring / Configuring capture filters
- reference link / Configuring capture filters
- Capture Interfaces window
- capture options
- Capture Options window
- about / Selecting the correct network interface, Capture options
- filename, configuring / Capturing filenames and locations
- location, configuring / Capturing filenames and locations
- multiple file options / Multiple file options
- Ring buffer option / Ring buffer
- stop capture options / Stop capture options
- display options / Display options
- name resolution options / Name resolution options
- Class Inter-Domain Routing (CIDR) notation / IPv6 addressing
- Classless Inter-Domain Routing (CIDR) designator / IP networks and subnets
- Class of Service (CoS) tagging / Layer 2 – the data-link layer
- command-line tools
- Capinfos.exe / Wireshark command-line utilities
- Dumpcap.exe / Wireshark command-line utilities
- Editcap.exe / Wireshark command-line utilities
- Mergecap.exe / Wireshark command-line utilities
- Rawshark.exe / Wireshark command-line utilities
- Text2pcap.exe / Wireshark command-line utilities
- Tshark.exe / Wireshark command-line utilities
- Command and Control (C&C) servers / Phone home traffic
- Command Prompt (CMD) / Basic network connectivity
- configuration, Wireshark
- packet timestamps, working with / Working with packet timestamps
- packet colorization / Colorization and coloring rules
- preferences / Wireshark preferences
- profiles / Wireshark profiles
- connectivity issues
- troubleshooting / Troubleshooting connectivity issues
- connectivity issues troubleshooting
- about / Troubleshooting connectivity issues
- network interfaces, enabling / Enabling network interfaces
- physical connectivity, confirming / Confirming physical connectivity
- workstation IP configuration, obtaining / Obtaining the workstation IP configuration
- MAC addresses, obtaining / Obtaining MAC addresses
- network service IP addresses, obtaining / Obtaining network service IP addresses
- basic network connectivity / Basic network connectivity
- content addressable memory (CAM) table / Ethernet frames and switches
- Conversations window
- about / Using the Conversations window
- using / Using the Conversations window
- Ethernet tab / The Ethernet tab
- TCP tab / The TCP and UDP tabs
- UDP tab / The TCP and UDP tabs
- WLAN tab / The WLAN tab
D
- DARPA model
- data-link layer, OSI
- about / Layer 2 – the data-link layer
- Media Access Control (MAC) addresses / Layer 2 – the data-link layer
- Type (or EtherType) field / Layer 2 – the data-link layer
- Payload / Layer 2 – the data-link layer
- frame check sequence / Layer 2 – the data-link layer
- Cyclic Redundancy Check (CRC) / Layer 2 – the data-link layer
- Ethernet II frame / Layer 2 – the data-link layer
- Ethernet frame / Layer 2 – the data-link layer
- data transport
- about / Data transport
- TCP StreamGraph / TCP StreamGraph
- time/sequence (Stephens-style) / TCP StreamGraph
- time/sequence (tcptrace) / TCP StreamGraph
- window scaling / TCP StreamGraph
- IO Graph / IO Graph
- Wireshark 2.0 / IO Graph – Wireshark 2.0
- Defense Advanced Research Projects Agency (DARPA) / The OSI model – why it matters
- delays
- prioritizing / Detecting and prioritizing delays
- detecting / Detecting and prioritizing delays
- DHCP message types
- DHCP Discover / Obtaining the workstation IP configuration
- DHCP Reply / Obtaining the workstation IP configuration
- DHCP Request / Obtaining the workstation IP configuration
- DHCP Decline / Obtaining the workstation IP configuration
- DHCP Acknowledgment / Obtaining the workstation IP configuration
- DHCP Negative Acknowledgement / Obtaining the workstation IP configuration
- DHCP Release / Obtaining the workstation IP configuration
- DHCP Informational / Obtaining the workstation IP configuration
- display filters
- about / Wireshark display filters
- ways of creating / Wireshark display filters
- Display Filter window / The Display Filter window
- display filter syntax / The display filter syntax
- reference link / The display filter syntax
- typing in / Typing in a display filter
- creating, from Conversations window / Display filters from a Conversations or Endpoints window
- creating, from Endpoints window / Display filters from a Conversations or Endpoints window
- Display Filter window
- about / The Display Filter window
- Distributed Denial of Service (DDoS) attacks / Phone home traffic
- Domain Name Service (DNS)
- about / Domain Name Service
- Wireshark DNS filters / Wireshark DNS filters
- Domain Name System (DNS) / Ethernet frames and switches
- Dumpcap
- used, for capturing traffic / Capturing traffic with Dumpcap
- Dumpcap.exe
- about / Wireshark command-line utilities
- Dumpcap options
- -D / Capturing traffic with Dumpcap
- -i <interface> / Capturing traffic with Dumpcap
- -f <capture filter> / Capturing traffic with Dumpcap
- -b filesize / Capturing traffic with Dumpcap
- -w <outfile> / Capturing traffic with Dumpcap
- reference link / Capturing traffic with Dumpcap
- Dynamic Host Configuration Protocol (DHCP)
- about / Dynamic Host Configuration Protocol
- Wireshark DHCP filters / Wireshark DHCP filters
- Dynamic Host Configuration Protocol Version 6 (DHCPv6)
- about / Dynamic Host Configuration Protocol Version 6
- Wireshark DHCPv6 filters / Wireshark DHCPv6 filters
E
- Editcap
- about / Editing trace files with Editcap
- used, for editing trace files / Editing trace files with Editcap
- Editcap.exe
- about / Wireshark command-line utilities
- Editcap options
- reference link / Editing trace files with Editcap
- Ethernet frame
- significant fields / Layer 2 – the data-link layer
- working, with switches / Ethernet frames and switches
- Ethernet tab
- about / The Ethernet tab
F
- Fiddler
- URL / HttpWatch
- filtered packets
- saving / Saving the filtered traffic
- Filter Expression Button (FEB) / Obtaining the workstation IP configuration
- Filter Expression Button option
- TCP SYN / Filter Expression Buttons
- SYN/ACK / Filter Expression Buttons
- RST / Filter Expression Buttons
- FIN / Filter Expression Buttons
- filter expression buttons
- about / Filter Expression Buttons
- Expressions window button, using / Using the Expressions window button
- right-click menus, on specific packet fields / Right-click menus on specific packet fields
- Filter Expression Buttons / Identifying unacceptable or suspicious traffic
- Filter Expression window
- First Byte response time / Server processing time events
- Follow SSL Stream window
- about / Following TCP/UDP/SSL streams
- Follow TCP Stream window
- about / Following TCP/UDP/SSL streams
- Follow UDP Stream window
- about / Following TCP/UDP/SSL streams
- functional issues
- troubleshooting / Troubleshooting functional issues
H
- half-split troubleshooting
- about / Half-split troubleshooting and other logic
- advantages / Half-split troubleshooting and other logic
- hop
- about / WAN links
- Host field / Host
- HTTP Methods
- about / HTTP Methods
- GET / HTTP Methods
- HEAD / HTTP Methods
- POST / HTTP Methods
- OPTIONS / HTTP Methods
- PUT / HTTP Methods
- DELETE / HTTP Methods
- CONNECT / HTTP Methods
- HttpWatch
- HyperText Transfer Protocol (HTTP)
- about / Layer 7 – the application layer
- Hypertext Transfer Protocol (HTTP)
- about / Hypertext Transfer Protocol
- features / Hypertext Transfer Protocol
- header / Hypertext Transfer Protocol
- Host field / Host
- Request Modifiers / Request Modifiers
I
- ICMP control message types
- about / ICMP control message types
- ICMP pings
- about / ICMP pings
- ICMP ping sweeps
- about / ICMP ping sweeps
- ICMP redirects
- about / ICMP redirects
- ICMP traceroutes
- about / ICMP traceroutes
- ICMPv6 packet types
- about / Internet Control Message Protocol Version 6
- Echo request / Internet Control Message Protocol Version 6
- Echo response / Internet Control Message Protocol Version 6
- Multicast listener query / Internet Control Message Protocol Version 6
- Multicast listener report / Internet Control Message Protocol Version 6
- Multicast listener done / Internet Control Message Protocol Version 6
- Router solicitation / Internet Control Message Protocol Version 6
- Router advertisement / Internet Control Message Protocol Version 6
- Neighbor solicitation / Internet Control Message Protocol Version 6
- Neighbor advertisement / Internet Control Message Protocol Version 6
- Redirect message / Internet Control Message Protocol Version 6
- IGMP Membership Report
- IGMP protocol header
- significant fields / Internet Group Management Protocol
- installation
- Wireshark / Installing Wireshark
- Wireshark, on Windows / Installing Wireshark on Windows
- Wireshark, on Mac OS X / Installing Wireshark on Mac OS X
- Wireshark, on Linux/Unix / Installing Wireshark on Linux/Unix
- Internet Control Message Protocol (ICMP)
- about / Address Resolution Protocol, Internet Control Message Protocol
- pings / ICMP pings
- traceroutes / ICMP traceroutes
- control message types / ICMP control message types
- redirects / ICMP redirects
- Wireshark ICMP filters / Wireshark ICMP filters
- significant fields / Internet Control Message Protocol Version 6
- Multicast Listener Discovery (MLD) / Multicast Listener Discovery
- Internet Control Message Protocol Version 6 (ICMPv6)
- Internet Engineering Task Force (IETF)
- about / Requests for Comments
- Internet Group Management Protocol (IGMP)
- about / Address Resolution Protocol, Internet Group Management Protocol
- significant fields / Internet Group Management Protocol
- interesting fields / Internet Group Management Protocol
- Wireshark IGMP filters / Internet Group Management Protocol
- Internet Protocol Version 4 (IPv4)
- about / Internet Protocol
- Differentiated Services (DiffServ) / Internet Protocol
- Total length / Internet Protocol
- Identification (IP ID) / Internet Protocol
- Flags / Internet Protocol
- Fragment offset / Internet Protocol
- Time to Live (TTL) / Internet Protocol
- Protocol / Internet Protocol
- Source and destination IP addresses / Internet Protocol
- Internet Protocol Version 6 (IPv6)
- about / Internet Protocol Version 6
- addressing / IPv6 addressing
- address types / IPv6 address types
- header fields / IPv6 header fields
- transition methods / IPv6 transition methods
- Internet Relay Chat (IRC) traffic / The importance of baselining, Identifying unacceptable or suspicious traffic
- Intrusion Detection System (IDS) systems / Security analysis methodology
- IO Graph / IO Graph
- IP addresses
- working, with routers / IP addresses and routers
- IP address ranges / IP networks and subnets
- IP networks
- about / IP networks and subnets
- IPv6 addressing
- about / IPv6 addressing
- rules / IPv6 addressing
- IPv6 address types
- about / IPv6 address types
- Unicast / IPv6 address types
- Multicast / IPv6 address types
- Anycast / IPv6 address types
- IPv6 header fields
- about / IPv6 header fields
- version / IPv6 header fields
- traffic class / IPv6 header fields
- flow label / IPv6 header fields
- payload length / IPv6 header fields
- next header / IPv6 header fields
- hop limit / IPv6 header fields
- source and destination addresses / IPv6 header fields
- IPv6 transition methods
- about / IPv6 transition methods
- 6to4 tunneling / IPv6 transition methods
- Teredo tunneling / IPv6 transition methods
- ISATAP tunneling / IPv6 transition methods
- Wireshark IPv6 filters / Wireshark IPv6 filters
- ISATAP tunneling method
- about / IPv6 transition methods
L
- Linux/Unix
- Wireshark, installing / Installing Wireshark on Linux/Unix
M
- MAC addresses
- MAC or IP address scans
- Mac OS X
- Wireshark, installing / Installing Wireshark on Mac OS X
- malformed packets
- about / Malformed packets
- Mergecap
- about / Merging trace files with Mergecap
- used, for merging trace files / Merging trace files with Mergecap
- batch file / Mergecap batch file
- Mergecap.exe
- about / Wireshark command-line utilities
- Mergecap options
- reference link / Mergecap batch file
- methodology
- troubleshooting / Troubleshooting methodology
- methodology troubleshooting
- packet analysis, reasons / Troubleshooting methodology
- about / Troubleshooting methodology
- right information, gathering / Gathering the right information
- general nature of problem, identifying / Establishing the general nature of the problem
- half-split troubleshooting / Half-split troubleshooting and other logic
- Multicast addresses
- about / IPv6 address types
- Multicast Listener Discovery (MLD)
- about / Multicast Listener Discovery
- Wireshark ICMPv6 filters / Wireshark ICMPv6 filters
- Multiprotocol Label Switching (MPLS)
- about / TCP options
N
- Neighbor Solicitation ICMPv6 packet / Internet Control Message Protocol Version 6
- Network Basic Input/Output System (NetBIOS)
- about / Layer 5 – the session layer
- network interface
- Network Interface Card (NIC) / Installing Wireshark on Windows
- about / Layer 1 – the physical layer
- network interfaces
- enabling / Enabling network interfaces
- network layer, OSI
- about / Layer 3 – the network layer
- Internet Protocol / Internet Protocol
- Address Resolution Protocol (ARP) / Address Resolution Protocol
- network layer protocols
- about / Network layer protocols
- Wireshark IPv4 filters / Network layer protocols
- Internet Group Management Protocol (IGMP) / Internet Group Management Protocol
- Internet Control Message Protocol (ICMP) / Internet Control Message Protocol
- Internet Protocol Version 6 (IPv6) / Internet Protocol Version 6
- Internet Control Message Protocol Version 6 (ICMPv6) / Internet Control Message Protocol Version 6
- Network Mapper (Nmap)
- about / Security assessment tools
- URL / Security assessment tools
- network traffic
- clear text passwords / Identifying unacceptable or suspicious traffic
- clear text data / Identifying unacceptable or suspicious traffic
- password cracking attempts / Identifying unacceptable or suspicious traffic
- maliciously formed packets / Identifying unacceptable or suspicious traffic
- phone home traffic / Identifying unacceptable or suspicious traffic
- flooding or Denial of Service (DOS) attacks / Identifying unacceptable or suspicious traffic
- subversive activities / Identifying unacceptable or suspicious traffic
- Next Header code / IPv6 header fields
O
- OS fingerprinting
- about / OS fingerprinting
- OSI layers
- about / The seven OSI layers
- physical layer / Layer 1 – the physical layer
- data-link layer / Layer 2 – the data-link layer
- network layer / Layer 3 – the network layer
- transport layer / Layer 4 – the transport layer
- session layer / Layer 5 – the session layer
- presentation layer / Layer 6 – the presentation layer
- application layer / Layer 7 – the application layer
- OSI model
- about / The OSI model – why it matters, The OSI and DARPA reference models
- importance / The OSI model – why it matters
- comparing, with DARPA / The OSI model – why it matters
- network protocols / Understanding network protocols
P
- packet capture
- performing / Performing your first packet capture, Performing a packet capture, Performing, verifying, and saving a good packet capture
- noise, filtering / Filtering out the noise
- display filter, applying / Applying a display filter
- packet trace, saving / Saving the packet trace
- capture point, picking / Picking the best capture point
- verifying / Verifying a good capture, Performing, verifying, and saving a good packet capture
- bulk capture file, saving / Saving the bulk capture file
- conversations of interest, isolating / Isolating conversations of interest
- location, determining / Preparing the tools and approach
- saving / Performing, verifying, and saving a good packet capture
- packet capture point
- selecting / Picking the best capture point
- user location / User location
- server location / Server location
- other locations / Other capture locations
- mid-network captures / Mid-network captures
- packet colorization
- about / Colorization and coloring rules, Packet colorization
- coloring rules / Colorization and coloring rules
- Packet Details pane
- data rate / Wireless networking
- channel frequency / Wireless networking
- channel type / Wireless networking
- RF signal and noise levels / Wireless networking
- packets
- switching / Switching and routing packets
- routing / Switching and routing packets
- capturing, on high traffic rate links / Capturing packets on high traffic rate links
- marking / Marking and ignoring packets
- ignoring / Marking and ignoring packets
- filtered traffic, saving / Saving the filtered traffic
- packet timestamps
- working with / Working with packet timestamps
- saving / How Wireshark saves timestamps
- time display options / Wireshark time display options
- time column, adding / Adding a time column
- conversation versus a displayed packet time option / Conversation versus displayed packet time options
- time display option, selecting / Choosing the best Wireshark time display option
- Time Reference option, using / Using the Time Reference option
- packet trace
- saving / Saving the packet trace
- password-cracking traffic
- about / Password-cracking traffic
- performance analysis methodology
- about / Performance analysis methodology
- poor application performance, reasons / Top five reasons for poor application performance
- phone home traffic
- about / Phone home traffic
- physical connectivity
- confirming / Confirming physical connectivity
- physical layer, OSI
- about / Layer 1 – the physical layer
- Ethernet standard / Layer 1 – the physical layer
- RJ-45 standard / Layer 1 – the physical layer
- Cat 5 (Cat 5e or Cat 6) cables standard / Layer 1 – the physical layer
- 100Base-T, 1000Base-T, and 100Base-FX / Layer 1 – the physical layer
- single-mode and multimode fiber optic cables / Layer 1 – the physical layer
- poor performance reasons, application
- about / Top five reasons for poor application performance
- tools, preparing / Preparing the tools and approach
- packet capture / Performing, verifying, and saving a good packet capture
- initial error analysis / Initial error analysis
- delays, detecting / Detecting and prioritizing delays
- delays, prioritizing / Detecting and prioritizing delays
- server processing time events / Server processing time events
- application turns delay / Application turn's delay
- network path latency / Network path latency
- bandwidth congestion / Bandwidth congestion
- data transport / Data transport
- preferences, Wireshark
- about / Wireshark preferences
- layout / Wireshark preferences
- columns / Wireshark preferences
- capture / Wireshark preferences
- filter expressions / Wireshark preferences
- name resolution / Wireshark preferences
- protocols / Wireshark preferences
- options / Wireshark preferences
- presentation layer, OSI
- about / Layer 6 – the presentation layer
- private IP address ranges / IP networks and subnets
- profiles, Wireshark
- about / Wireshark profiles
- creating / Creating a Wireshark profile
- selecting / Selecting a Wireshark profile
- protocol-specific capture filter syntax
- reference link / Configuring capture filters
- protocol-specific display filter syntax
- reference link / The display filter syntax
- protocols, Wireshark preferences
- about / Wireshark preferences
- HTTP / Wireshark preferences
- IEEE 802.11 / Wireshark preferences
- IPv4 / Wireshark preferences
- RTP / Wireshark preferences
- TCP / Wireshark preferences
- validate TCP checksum if possible / Wireshark preferences
- allow subdissector to reassemble TCP streams / Wireshark preferences
- relative sequence numbers / Wireshark preferences
- track number of bytes in flight / Wireshark preferences
- calculate conversation timestamps / Wireshark preferences
- protocols on Wikipedia
- about / Protocols on Wikipedia
- URL / Protocols on Wikipedia
R
- Rawshark.exe
- about / Wireshark command-line utilities
- Request Modifiers
- Connection / Request Modifiers
- Accept / Request Modifiers
- User-agent / Request Modifiers
- Accept-encoding / Request Modifiers
- Accept-language / Request Modifiers
- Cookie / Request Modifiers
- Accept-charset / Request Modifiers
- Accept-ranges / Request Modifiers
- Authorization / Request Modifiers
- Cache-control / Request Modifiers
- Content-length / Request Modifiers
- Content-type / Request Modifiers
- Date / Request Modifiers
- Expect / Request Modifiers
- If-match / Request Modifiers
- If-modified-since / Request Modifiers
- If-range / Request Modifiers
- IF-unmodified-since / Request Modifiers
- Max-forwards / Request Modifiers
- Proxy-authorization / Request Modifiers
- Range / Request Modifiers
- TE / Request Modifiers
- Via / Request Modifiers
- Wireshark HTTP filters / Wireshark HTTP filters
- Requests for Comment (RFC)
- about / Requests for Comments
- Riverbed AirPcap adapter
- about / AirPcap adapters
- reference link / AirPcap adapters
- round trip time (RTT) / ICMP pings, Gathering the right information, Application turn's delay
S
- scans, security analysis
- about / Scans and sweeps
- ARP scans / ARP scans
- TCP port scans / TCP port scans
- UDP port scans / UDP port scans
- Secure FTP (sftp) / Unusual traffic
- Secure Shell (SSH) / Unusual traffic
- security analysis
- about / Security analysis methodology
- baselining / The importance of baselining
- security assessment tools / Security assessment tools
- suspicious traffic, identifying / Identifying unacceptable or suspicious traffic
- scans / Scans and sweeps
- sweeps / Scans and sweeps
- OS fingerprinting / OS fingerprinting
- malformed packets / Malformed packets
- phone home traffic / Phone home traffic
- password-cracking traffic / Password-cracking traffic
- unusual traffic / Unusual traffic
- security assessment tools
- about / Security assessment tools
- Network Mapper (Nmap) / Security assessment tools
- Server Message Block (SMB) protocols / Application turn's delay
- session layer, OSI
- about / Layer 5 – the session layer
- SteelCentral Packet Analyzer
- about / SteelCentral Packet Analyzer Personal Edition
- standard / SteelCentral Packet Analyzer Personal Edition
- Personal Edition / SteelCentral Packet Analyzer Personal Edition
- reference link / SteelCentral Packet Analyzer Personal Edition
- subnets
- about / IP networks and subnets
- sweeps, security analysis
- about / Scans and sweeps
- ARP sweeps / ARP scans
- ICMP ping sweeps / ICMP ping sweeps, TCP port scans
- Switched Port Analyzer (SPAN)
- about / Switch port mirroring
- switch port mirroring
- about / Switch port mirroring
- advantage / Switch port mirroring
- diagrammatic representation / Switch port mirroring
T
- 6to4 tunneling method
- about / IPv6 transition methods
- TAP
- about / Test Access Ports and switch port mirroring
- diagrammatic representation / Test Access Port
- TCP
- about / Transmission Control Protocol
- flagsTopicnabout / TCP flags
- options / TCP options
- Wireshark TCP filters / Wireshark TCP filters
- TCP header
- about / Transmission Control Protocol
- source and Destination ports (2 bytes each) / Transmission Control Protocol
- sequence number (4 bytes) / Transmission Control Protocol
- acknowledgment number (4 bytes) / Transmission Control Protocol
- flags (9 bits) / Transmission Control Protocol
- Window size (2 bytes) / Transmission Control Protocol
- significant fields / Transmission Control Protocol, Transmission Control Protocol
- source and destination ports / Transmission Control Protocol
- sequence number / Transmission Control Protocol
- acknowledgment number / Transmission Control Protocol
- flags / Transmission Control Protocol
- window size / Transmission Control Protocol
- TCP port scans
- TCP StreamGraph
- about / TCP StreamGraph
- round-trip time / TCP StreamGraph
- throughput / TCP StreamGraph
- TCP tab
- about / The TCP and UDP tabs
- TCP Window Update packet / Initial error analysis
- Teredo tunneling method
- about / IPv6 transition methods
- Test Access Point (TAP) / Half-split troubleshooting and other logic
- Text2pcap.exe
- about / Wireshark command-line utilities
- Time-to-Live (TTL) field / ICMP traceroutes
- tools
- about / Other helpful tools
- HttpWatch / HttpWatch
- SteelCentral Packet Analyzer / SteelCentral Packet Analyzer Personal Edition
- AirPcap Adapters / AirPcap adapters
- trace files
- editing, with Editcap / Editing trace files with Editcap
- managing, with Mergecap / Merging trace files with Mergecap
- traffic
- capturing, with Dumpcap / Capturing traffic with Dumpcap
- capturing, with Tshark / Capturing traffic with Tshark
- Transmission Control Protocol (TCP)
- about / Transmission Control Protocol
- transport layer, OSI
- about / Layer 4 – the transport layer
- User Datagram Protocol (UDP) / User Datagram Protocol
- Transmission Control Protocol / Transmission Control Protocol
- transport layer protocols
- Trivial File Transfer Protocol (TFTP) traffic / The importance of baselining
- Tshark
- about / Capturing traffic with Tshark
- used, for capturing traffic / Capturing traffic with Tshark
- Tshark.exe
- about / Wireshark command-line utilities
- Tshark options
- reference link / Capturing traffic with Tshark
U
- UDP
- about / User Datagram Protocol
- Wireshark UDP filters / Wireshark UDP filters
- UDP header
- source and destination port number / User Datagram Protocol, User Datagram Protocol
- length / User Datagram Protocol, User Datagram Protocol
- checksum / User Datagram Protocol, User Datagram Protocol
- fields / User Datagram Protocol, User Datagram Protocol
- UDP port scans
- UDP tab
- about / The TCP and UDP tabs
- Unicast addresses
- about / IPv6 address types
- Global Unicast / IPv6 address types
- Link-local / IPv6 address types
- Unique local / IPv6 address types
- Uniform Resource Identifier (URI) / HTTP Methods
- unusual traffic
- about / Unusual traffic
- User Datagram Protocol (UDP)
- about / User Datagram Protocol
- user interface essentials
- about / Wireshark user interface essentials
- title / Wireshark user interface essentials
- menu / Wireshark user interface essentials
- main toolbar (icons) / Wireshark user interface essentials
- display filter toolbar / Wireshark user interface essentials
- packet list pane / Wireshark user interface essentials
- packet details pane / Wireshark user interface essentials
- packet bytes pane / Wireshark user interface essentials
- status bar / Wireshark user interface essentials
V
- Views / SteelCentral Packet Analyzer Personal Edition
- Virtual LAN (VLAN) / Layer 2 – the data-link layer
W
- WAN links
- wide area networks (WANs) / Layer 1 – the physical layer
- Windows
- Wireshark, installing / Installing Wireshark on Windows
- wireless frame types
- management frames / Wireless networking
- control frames / Wireless networking
- wireless networking
- about / Wireless networking
- Wireshark
- installing / Installing Wireshark
- URL / Installing Wireshark, Performing a packet capture, The TCP and UDP tabs
- installing, on Windows / Installing Wireshark on Windows
- installing, on Mac OS X / Installing Wireshark on Mac OS X
- installing, on Linux/Unix / Installing Wireshark on Linux/Unix
- URL for documentation / Installing Wireshark on Linux/Unix
- packet capture, performing / Performing your first packet capture, Performing a packet capture
- network interface, selecting / Selecting a network interface
- user interface essentials / Wireshark user interface essentials
- display filters / Wireshark display filters
- command-line utilities / Wireshark command-line utilities
- Wireshark.exe file
- about / Wireshark command-line utilities
- Wireshark 2.0 (Wireshark Qt) / IO Graph – Wireshark 2.0
- Wireshark ARP filters
- about / Wireshark ARP filters
- Wireshark DHCP filters
- about / Wireshark DHCP filters
- Wireshark DHCPv6 filters
- about / Wireshark DHCPv6 filters
- Wireshark DNS filters
- about / Wireshark DNS filters
- Wireshark IGMP filters
- about / Wireshark IGMP filters
- Wireshark IPv4 filters
- about / Wireshark IPv4 filters
- Wireshark TCP filters
- about / TCP options
- Wireshark UDP filters
- about / User Datagram Protocol
- Wireshark wiki
- about / Wireshark wiki
- URL / Wireshark wiki
- WLAN tab
- about / The WLAN tab
- workstation IP configuration
- obtaining / Obtaining the workstation IP configuration
Z
- Zenmap / Security assessment tools