Network Analysis using Wireshark 2 Cookbook - Second Edition

Over 100 recipes to analyze and troubleshoot network problems using Wireshark 2
Preview in Mapt
Code Files

Network Analysis using Wireshark 2 Cookbook - Second Edition

Nagendra Kumar Nainar, Yogesh Ramdoss, Yoram Orzach
New Release!

Over 100 recipes to analyze and troubleshoot network problems using Wireshark 2
Mapt Subscription
FREE
$29.99/m after trial
eBook
$20.00
RRP $39.99
Save 49%
Print + eBook
$54.99
RRP $54.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$20.00
$54.99
$29.99 p/m after trial
RRP $39.99
RRP $54.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Network Analysis using Wireshark 2 Cookbook - Second Edition Book Cover
Network Analysis using Wireshark 2 Cookbook - Second Edition
$ 39.99
$ 20.00
Linux: Powerful Server Administration Book Cover
Linux: Powerful Server Administration
$ 79.99
$ 40.00
Buy 2 for $35.00
Save $84.98
Add to Cart

Book Details

ISBN 139781786461674
Paperback626 pages

Book Description

This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. The book expands on some of the subjects explored in the first version, including TCP performance, network security, Wireless LAN, and how to use Wireshark for cloud and virtual system monitoring. You will learn how to analyze end-to-end IPv4 and IPv6 connectivity failures for Unicast and Multicast traffic using Wireshark. It also includes Wireshark capture files so that you can practice what you’ve learned in the book. You will understand the normal operation of E-mail protocols and learn how to use Wireshark for basic analysis and troubleshooting. Using Wireshark, you will be able to resolve and troubleshoot common applications that are used in an enterprise network, like NetBIOS and SMB protocols. Finally, you will also be able to measure network parameters, check for network problems caused by them, and solve them effectively. By the end of this book, you’ll know how to analyze traffic, find patterns of various offending traffic, and secure your network from them.

Table of Contents

Chapter 1: Introduction to Wireshark Version 2
Wireshark Version 2 basics
Locating Wireshark
Capturing data on virtual machines
Starting the capture of data
Configuring the start window
Chapter 2: Mastering Wireshark for Network Troubleshooting
Introduction
Configuring the user interface, and global and protocol preferences
Importing and exporting files
Configuring coloring rules and navigation techniques
Using time values and summaries
Building profiles for troubleshooting
Chapter 3: Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring hosts and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
Chapter 4: Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
Chapter 5: Using Basic Statistics Tools
Introduction
Using the statistics – capture file properties menu
Using the statistics – resolved addresses
Using the statistics – protocol hierarchy menu
Using the statistics – conversations menu
Using the statistics – endpoints menu
Using the statistics – HTTP menu
Configuring a flow graph for viewing TCP flows
Creating IP-based statistics
Chapter 6: Using Advanced Statistics Tools
Introduction
Configuring I/O graphs with filters for measuring network performance issues
Throughput measurements with I/O graphs
Advanced I/O graph configurations with y axis parameters
Getting information through TCP stream graphs – time/sequence (Steven's) window
Getting information through TCP stream graphs – time/sequences (TCP-trace) window
Getting information through TCP stream graphs – throughput window
Getting information through TCP stream graphs – round-trip-time window
Getting information through TCP stream graphs – window-scaling window
Chapter 7: Using the Expert System
Introduction
The expert system window and how to use it for network troubleshooting
Error events and what we can understand from them
Warning events and what we can understand from them
Note events and what we can understand from them
Chapter 8: Ethernet and LAN Switching
Introduction
Discovering broadcast and error storms
Analyzing spanning tree problems
Analyzing VLANs and VLAN tagging issues
Chapter 9: Wireless LAN
Skills learned
Introduction to wireless networks and standards
Wireless radio issues, analysis, and troubleshooting
Capturing wireless LAN traffic
Chapter 10: Network Layer Protocols and Operations
Introduction
IPv4 address resolution protocol operation and troubleshooting
ICMP – protocol operation, analysis, and troubleshooting
Analyzing IPv4 unicast routing operations
Analyzing IP fragmentation failures
IPv4 multicast routing operations
IPv6 principle of operations
IPv6 extension headers
ICMPv6 – protocol operations, analysis, and troubleshooting
IPv6 auto configuration
DHCPv6-based address assignment
IPv6 neighbor discovery protocol operation and analysis
Chapter 11: Transport Layer Protocol Analysis
Introduction
UDP principle of operation
UDP protocol analysis and troubleshooting
TCP principle of operation
Troubleshooting TCP connectivity problems
Troubleshooting TCP retransmission issues
TCP sliding window mechanism
TCP enhancements – selective ACK and timestamps
Troubleshooting TCP throughput
Chapter 12: FTP, HTTP/1, and HTTP/2
Introduction
Analyzing FTP problems
Filtering HTTP traffic
Configuring HTTP preferences
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis
Analyzing HTTPS traffic – SSL/TLS basics
Chapter 13: DNS Protocol Analysis
Introduction
Analyzing DNS record types
Analyzing regular DNS operations
Analyzing DNSSEC regular operations
Troubleshooting DNS performance
Chapter 14: Analyzing Mail Protocols
Introduction
Normal operation of mail protocols
Analyzing POP, IMAP, and SMTP problems
Filtering and analyzing different error codes
Malicious and spam email analysis
Chapter 15: NetBIOS and SMB Protocol Analysis
Introduction
Understanding the NetBIOS protocol
Understanding the SMB protocol
Analyzing problems in the NetBIOS/SMB protocols
Analyzing the database traffic and common problems
Exporting SMB objects
Chapter 16: Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing Microsoft Terminal Server and Citrix communications problems
Analyzing the database traffic and common problems
Analyzing SNMP
Chapter 17: Troubleshooting SIP, Multimedia, and IP Telephony
Introduction
IP telephony principle and normal operation
SIP principle of operation, messages, and error codes
Video over IP and RTSP
Wireshark features for RTP stream analysis and filtering
Wireshark feature for VoIP call replay
Chapter 18: Troubleshooting Bandwidth and Delay Issues
Introduction
Measuring network bandwidth and application traffic
Measurement of jitter and delay using Wireshark
Analyzing network bottlenecks, issues, and troubleshooting
Chapter 19: Security and Network Forensics
Introduction
Discovering unusual traffic patterns
Discovering MAC-based and ARP-based attacks
Discovering ICMP and TCP SYN/port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute force and application attacks

What You Will Learn

  • Configure Wireshark 2 for effective network analysis and troubleshooting
  • Set up various display and capture filters
  • Understand networking layers, including IPv4 and IPv6 analysis
  • Explore performance issues in TCP/IP
  • Get to know about Wi-Fi testing and how to resolve problems related to wireless LANs
  • Get information about network phenomena, events, and errors
  • Locate faults in detecting security failures and breaches in networks

Authors

Table of Contents

Chapter 1: Introduction to Wireshark Version 2
Wireshark Version 2 basics
Locating Wireshark
Capturing data on virtual machines
Starting the capture of data
Configuring the start window
Chapter 2: Mastering Wireshark for Network Troubleshooting
Introduction
Configuring the user interface, and global and protocol preferences
Importing and exporting files
Configuring coloring rules and navigation techniques
Using time values and summaries
Building profiles for troubleshooting
Chapter 3: Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring hosts and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
Chapter 4: Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
Chapter 5: Using Basic Statistics Tools
Introduction
Using the statistics – capture file properties menu
Using the statistics – resolved addresses
Using the statistics – protocol hierarchy menu
Using the statistics – conversations menu
Using the statistics – endpoints menu
Using the statistics – HTTP menu
Configuring a flow graph for viewing TCP flows
Creating IP-based statistics
Chapter 6: Using Advanced Statistics Tools
Introduction
Configuring I/O graphs with filters for measuring network performance issues
Throughput measurements with I/O graphs
Advanced I/O graph configurations with y axis parameters
Getting information through TCP stream graphs – time/sequence (Steven's) window
Getting information through TCP stream graphs – time/sequences (TCP-trace) window
Getting information through TCP stream graphs – throughput window
Getting information through TCP stream graphs – round-trip-time window
Getting information through TCP stream graphs – window-scaling window
Chapter 7: Using the Expert System
Introduction
The expert system window and how to use it for network troubleshooting
Error events and what we can understand from them
Warning events and what we can understand from them
Note events and what we can understand from them
Chapter 8: Ethernet and LAN Switching
Introduction
Discovering broadcast and error storms
Analyzing spanning tree problems
Analyzing VLANs and VLAN tagging issues
Chapter 9: Wireless LAN
Skills learned
Introduction to wireless networks and standards
Wireless radio issues, analysis, and troubleshooting
Capturing wireless LAN traffic
Chapter 10: Network Layer Protocols and Operations
Introduction
IPv4 address resolution protocol operation and troubleshooting
ICMP – protocol operation, analysis, and troubleshooting
Analyzing IPv4 unicast routing operations
Analyzing IP fragmentation failures
IPv4 multicast routing operations
IPv6 principle of operations
IPv6 extension headers
ICMPv6 – protocol operations, analysis, and troubleshooting
IPv6 auto configuration
DHCPv6-based address assignment
IPv6 neighbor discovery protocol operation and analysis
Chapter 11: Transport Layer Protocol Analysis
Introduction
UDP principle of operation
UDP protocol analysis and troubleshooting
TCP principle of operation
Troubleshooting TCP connectivity problems
Troubleshooting TCP retransmission issues
TCP sliding window mechanism
TCP enhancements – selective ACK and timestamps
Troubleshooting TCP throughput
Chapter 12: FTP, HTTP/1, and HTTP/2
Introduction
Analyzing FTP problems
Filtering HTTP traffic
Configuring HTTP preferences
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis
Analyzing HTTPS traffic – SSL/TLS basics
Chapter 13: DNS Protocol Analysis
Introduction
Analyzing DNS record types
Analyzing regular DNS operations
Analyzing DNSSEC regular operations
Troubleshooting DNS performance
Chapter 14: Analyzing Mail Protocols
Introduction
Normal operation of mail protocols
Analyzing POP, IMAP, and SMTP problems
Filtering and analyzing different error codes
Malicious and spam email analysis
Chapter 15: NetBIOS and SMB Protocol Analysis
Introduction
Understanding the NetBIOS protocol
Understanding the SMB protocol
Analyzing problems in the NetBIOS/SMB protocols
Analyzing the database traffic and common problems
Exporting SMB objects
Chapter 16: Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing Microsoft Terminal Server and Citrix communications problems
Analyzing the database traffic and common problems
Analyzing SNMP
Chapter 17: Troubleshooting SIP, Multimedia, and IP Telephony
Introduction
IP telephony principle and normal operation
SIP principle of operation, messages, and error codes
Video over IP and RTSP
Wireshark features for RTP stream analysis and filtering
Wireshark feature for VoIP call replay
Chapter 18: Troubleshooting Bandwidth and Delay Issues
Introduction
Measuring network bandwidth and application traffic
Measurement of jitter and delay using Wireshark
Analyzing network bottlenecks, issues, and troubleshooting
Chapter 19: Security and Network Forensics
Introduction
Discovering unusual traffic patterns
Discovering MAC-based and ARP-based attacks
Discovering ICMP and TCP SYN/port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute force and application attacks

Book Details

ISBN 139781786461674
Paperback626 pages
Read More

Read More Reviews

Recommended for You

Linux: Powerful Server Administration Book Cover
Linux: Powerful Server Administration
$ 79.99
$ 40.00
Applied Network Security Book Cover
Applied Network Security
$ 35.99
$ 18.00
Penetration Testing Bootcamp Book Cover
Penetration Testing Bootcamp
$ 35.99
$ 18.00
Kali Linux Network Scanning Cookbook - Second Edition Book Cover
Kali Linux Network Scanning Cookbook - Second Edition
$ 39.99
$ 20.00
Penetration Testing Bootcamp Book Cover
Penetration Testing Bootcamp
$ 35.99
$ 18.00
Building Modern Networks Book Cover
Building Modern Networks
$ 35.99
$ 18.00