Wireshark Revealed: Essential Skills for IT Professionals

Master Wireshark and discover how to analyze network packets and protocols effectively, along with engaging recipes to troubleshoot network problems
Preview in Mapt
Code Files

Wireshark Revealed: Essential Skills for IT Professionals

James H Baxter, Yoram Orzach, Charit Mishra

1 customer reviews
Master Wireshark and discover how to analyze network packets and protocols effectively, along with engaging recipes to troubleshoot network problems

Quick links: > What will you learn?> Table of content> Product reviews

eBook
$56.00
RRP $79.99
Save 29%
Print + eBook
$99.99
RRP $99.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$56.00
$99.99
RRP $79.99
RRP $99.99
eBook
Print + eBook

Frequently bought together


Wireshark Revealed: Essential Skills for IT Professionals Book Cover
Wireshark Revealed: Essential Skills for IT Professionals
$ 79.99
$ 56.00
Tensorflow Solutions for Data [Video] Book Cover
Tensorflow Solutions for Data [Video]
$ 124.99
$ 106.25
Buy 2 for $35.00
Save $169.98
Add to Cart

Book Details

ISBN 139781788833226
Paperback912 pages

Book Description

This Learning Path starts off installing Wireshark, before gradually taking you through your first packet capture, identifying and filtering out just the packets of interest, and saving them to a new file for later analysis. You will then discover different ways to create and use capture and display filters. By halfway through the book, you'll be mastering Wireshark features, analyzing different layers of the network protocol, and looking for any anomalies.We then start Ethernet and LAN switching, through IP, and then move on to TCP/UDP with a focus on TCP performance problems. It also focuses on WLAN security. Then, we go through application behavior issues including HTTP, mail, DNS, and other common protocols. This book finishes with a look at network forensics and how to locate security problems that might harm the network.This course provides you with highly practical content explaining Metasploit from the following books:

  1. Wireshark Essentials
  2. Network Analysis Using Wireshark Cookbook
  3. Mastering Wireshark

Table of Contents

Chapter 1: Getting Acquainted with Wireshark
Installing Wireshark
Performing your first packet capture
Summary
Chapter 2: Networking for Packet Analysts
The OSI model – why it matters
IP networks and subnets
Switching and routing packets
WAN links
Wireless networking
Summary
Chapter 3: Capturing All the Right Packets
Picking the best capture point
Test Access Ports and switch port mirroring
Capturing interfaces, filters, and options
Verifying a good capture
Saving the bulk capture file
Isolating conversations of interest
Using the Conversations window
Wireshark display filters
Filter Expression Buttons
Following TCP/UDP/SSL streams
Marking and ignoring packets
Saving the filtered traffic
Summary
Chapter 4: Configuring Wireshark
Working with packet timestamps
Colorization and coloring rules
Wireshark preferences
Wireshark profiles
Summary
Chapter 5: Network Protocols
The OSI and DARPA reference models
Transport layer protocols
Application layer protocols
Summary
Chapter 6: Troubleshooting and Performance Analysis
Troubleshooting methodology
Troubleshooting connectivity issues
Troubleshooting functional issues
Performance analysis methodology
Summary
Chapter 7: Packet Analysis for Security Tasks
Security analysis methodology
Security assessment tools
Identifying unacceptable or suspicious traffic
Scans and sweeps
OS fingerprinting
Malformed packets
Phone home traffic
Password-cracking traffic
Unusual traffic
Summary
Chapter 8: Command-line and Other Utilities
Wireshark command-line utilities
Capturing traffic with Dumpcap
Capturing traffic with Tshark
Editing trace files with Editcap
Merging trace files with Mergecap
Other helpful tools
Summary
Chapter 9: Introducing Wireshark
Introduction
Locating Wireshark
Starting the capture of data
Configuring the start window
Using time values and summaries
Configuring coloring rules and navigation techniques
Saving, printing, and exporting data
Configuring the user interface in the Preferences menu
Configuring protocol preferences
Chapter 10: Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring host and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
Chapter 11: Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
Chapter 12: Using Basic Statistics Tools
Introduction
Using the Summary tool from the Statistics menu
Using the Protocol Hierarchy tool from the Statistics menu
Using the Conversations tool from the Statistics menu
Using the Endpoints tool from the Statistics menu
Using the HTTP tool from the Statistics menu
Configuring Flow Graph for viewing TCP flows
Creating IP-based statistics
Chapter 13: Using Advanced Statistics Tools
Introduction
Configuring IO Graphs with filters for measuring network performance issues
Throughput measurements with IO Graph
Advanced IO Graph configurations with advanced Y-Axis parameters
Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
Getting information through TCP stream graphs – the Throughput Graph window
Getting information through TCP stream graphs – the Round Trip Time window
Getting information through TCP stream graphs – the Window Scaling Graph window
Chapter 14: Using the Expert Infos Window
Introduction
The Expert Infos window and how to use it for network troubleshooting
Error events and understanding them
Warning events and understanding them
Notes events and understanding them
Chapter 15: Ethernet, LAN Switching, and Wireless LAN
Introduction
Discovering broadcast and error storms
Analyzing Spanning Tree Protocols
Analyzing VLANs and VLAN tagging issues
Analyzing wireless (Wi-Fi) problems
Chapter 16: ARP and IP Analysis
Introduction
Analyzing connectivity problems with ARP
Using IP traffic analysis tools
Using GeoIP to look up physical locations of the IP address
Finding fragmentation problems
Analyzing routing problems
Finding duplicate IPs
Analyzing DHCP problems
Chapter 17: UDP/TCP Analysis
Introduction
Configuring TCP and UDP preferences for troubleshooting
TCP connection problems
TCP retransmission – where do they come from and why
Duplicate ACKs and fast retransmissions
TCP out-of-order packet events
TCP Zero Window, Window Full, Window Change, and other Window indicators
TCP resets and why they happen
Chapter 18: HTTP and DNS
Introduction
Filtering DNS traffic
Analyzing regular DNS operations
Analysing DNS problems
Filtering HTTP traffic
Configuring HTTP preferences
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis and the Follow TCP Stream window
Analyzing HTTPS traffic – SSL/TLS basics
Chapter 19: Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing FTP problems
Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
Analyzing MS-TS and Citrix communications problems
Analyzing problems in the NetBIOS protocols
Analyzing database traffic and common problems
Chapter 20: SIP, Multimedia, and IP Telephony
Introduction
Using Wireshark's features for telephony and multimedia analysis
Analyzing SIP connectivity
Analyzing RTP/RTCP connectivity
Troubleshooting scenarios for video and surveillance applications
Troubleshooting scenarios for IPTV applications
Troubleshooting scenarios for video conferencing applications
Troubleshooting RTSP
Chapter 21: Troubleshooting Bandwidth and Delay Problems
Introduction
Measuring total bandwidth on a communication link
Measuring bandwidth and throughput per user and per application over a network connection
Monitoring jitter and delay using Wireshark
Discovering delay/jitter-related application problems
Chapter 22: Understanding Network Security
Introduction
Discovering unusual traffic patterns
Discovering MAC- and ARP-based attacks
Discovering ICMP and TCP SYN/Port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute-force and application attacks
Chapter 23: Welcome to the World of Packet Analysis with Wireshark
Introduction to Wireshark
A brief overview of the TCP/IP model
The layers in the TCP/IP model
An introduction to packet analysis with Wireshark
Capturing methodologies
Summary
Practice questions
Chapter 24: Filtering Our Way in Wireshark
An introduction to filters
Capture filters
Display filters
Searching for packets using the Find dialog
Create new Wireshark profiles
Summary
Practice questions
Chapter 25: Mastering the Advanced Features of Wireshark
The Statistics menu
Conversations
Endpoints
Working with IO, Flow, and TCP stream graphs
IO graphs
Flow graphs
TCP stream graphs
Follow TCP streams
Expert Infos
Command Line-fu
Summary
Exercise
Chapter 26: Inspecting Application Layer Protocols
Domain name system
File transfer protocol
Hyper Text Transfer Protocol
Simple Mail Transfer Protocol
Summary
Practice questions
Chapter 27: Analyzing Transport Layer Protocols
The transmission control protocol
The User Datagram Protocol
Summary
Practice questions
Chapter 28: Analyzing Traffic in Thin Air
Understanding IEEE 802.11
Usual and unusual WEP – open/shared key communication
Decrypting WEP and WPA traffic
Summary
Practice questions
Chapter 29: Network Security Analysis
Information gathering
ARP poisoning
Analyzing brute force attacks
Summary
Practice questions
Chapter 30: Troubleshooting
Recovery features
Summary
Practice questions
Chapter 31: Introduction to Wireshark v2
The intelligent scroll bar
Translation
Graph improvements
TCP streams
USBPcap
Summary
Practice questions

What You Will Learn

  • Discover how packet analysts view networks and the role of protocols at the packet level
  • Capture and isolate all the right packets to perform a thorough analysis using Wireshark’s extensive capture and display filtering capabilities
  • Decrypt encrypted wireless traffic
  • Use Wireshark as a diagnostic tool and also for network security analysis to keep track of malware
  • Find and resolve problems due to bandwidth, throughput, and packet loss
  • Identify and locate faults in communication applications including HTTP, FTP, mail, and various other applications – Microsoft OS problems, databases, voice, and video over IP
  • Identify and locate faults in detecting security failures and security breaches in the network

Authors

Table of Contents

Chapter 1: Getting Acquainted with Wireshark
Installing Wireshark
Performing your first packet capture
Summary
Chapter 2: Networking for Packet Analysts
The OSI model – why it matters
IP networks and subnets
Switching and routing packets
WAN links
Wireless networking
Summary
Chapter 3: Capturing All the Right Packets
Picking the best capture point
Test Access Ports and switch port mirroring
Capturing interfaces, filters, and options
Verifying a good capture
Saving the bulk capture file
Isolating conversations of interest
Using the Conversations window
Wireshark display filters
Filter Expression Buttons
Following TCP/UDP/SSL streams
Marking and ignoring packets
Saving the filtered traffic
Summary
Chapter 4: Configuring Wireshark
Working with packet timestamps
Colorization and coloring rules
Wireshark preferences
Wireshark profiles
Summary
Chapter 5: Network Protocols
The OSI and DARPA reference models
Transport layer protocols
Application layer protocols
Summary
Chapter 6: Troubleshooting and Performance Analysis
Troubleshooting methodology
Troubleshooting connectivity issues
Troubleshooting functional issues
Performance analysis methodology
Summary
Chapter 7: Packet Analysis for Security Tasks
Security analysis methodology
Security assessment tools
Identifying unacceptable or suspicious traffic
Scans and sweeps
OS fingerprinting
Malformed packets
Phone home traffic
Password-cracking traffic
Unusual traffic
Summary
Chapter 8: Command-line and Other Utilities
Wireshark command-line utilities
Capturing traffic with Dumpcap
Capturing traffic with Tshark
Editing trace files with Editcap
Merging trace files with Mergecap
Other helpful tools
Summary
Chapter 9: Introducing Wireshark
Introduction
Locating Wireshark
Starting the capture of data
Configuring the start window
Using time values and summaries
Configuring coloring rules and navigation techniques
Saving, printing, and exporting data
Configuring the user interface in the Preferences menu
Configuring protocol preferences
Chapter 10: Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring host and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
Chapter 11: Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
Chapter 12: Using Basic Statistics Tools
Introduction
Using the Summary tool from the Statistics menu
Using the Protocol Hierarchy tool from the Statistics menu
Using the Conversations tool from the Statistics menu
Using the Endpoints tool from the Statistics menu
Using the HTTP tool from the Statistics menu
Configuring Flow Graph for viewing TCP flows
Creating IP-based statistics
Chapter 13: Using Advanced Statistics Tools
Introduction
Configuring IO Graphs with filters for measuring network performance issues
Throughput measurements with IO Graph
Advanced IO Graph configurations with advanced Y-Axis parameters
Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
Getting information through TCP stream graphs – the Throughput Graph window
Getting information through TCP stream graphs – the Round Trip Time window
Getting information through TCP stream graphs – the Window Scaling Graph window
Chapter 14: Using the Expert Infos Window
Introduction
The Expert Infos window and how to use it for network troubleshooting
Error events and understanding them
Warning events and understanding them
Notes events and understanding them
Chapter 15: Ethernet, LAN Switching, and Wireless LAN
Introduction
Discovering broadcast and error storms
Analyzing Spanning Tree Protocols
Analyzing VLANs and VLAN tagging issues
Analyzing wireless (Wi-Fi) problems
Chapter 16: ARP and IP Analysis
Introduction
Analyzing connectivity problems with ARP
Using IP traffic analysis tools
Using GeoIP to look up physical locations of the IP address
Finding fragmentation problems
Analyzing routing problems
Finding duplicate IPs
Analyzing DHCP problems
Chapter 17: UDP/TCP Analysis
Introduction
Configuring TCP and UDP preferences for troubleshooting
TCP connection problems
TCP retransmission – where do they come from and why
Duplicate ACKs and fast retransmissions
TCP out-of-order packet events
TCP Zero Window, Window Full, Window Change, and other Window indicators
TCP resets and why they happen
Chapter 18: HTTP and DNS
Introduction
Filtering DNS traffic
Analyzing regular DNS operations
Analysing DNS problems
Filtering HTTP traffic
Configuring HTTP preferences
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis and the Follow TCP Stream window
Analyzing HTTPS traffic – SSL/TLS basics
Chapter 19: Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing FTP problems
Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
Analyzing MS-TS and Citrix communications problems
Analyzing problems in the NetBIOS protocols
Analyzing database traffic and common problems
Chapter 20: SIP, Multimedia, and IP Telephony
Introduction
Using Wireshark's features for telephony and multimedia analysis
Analyzing SIP connectivity
Analyzing RTP/RTCP connectivity
Troubleshooting scenarios for video and surveillance applications
Troubleshooting scenarios for IPTV applications
Troubleshooting scenarios for video conferencing applications
Troubleshooting RTSP
Chapter 21: Troubleshooting Bandwidth and Delay Problems
Introduction
Measuring total bandwidth on a communication link
Measuring bandwidth and throughput per user and per application over a network connection
Monitoring jitter and delay using Wireshark
Discovering delay/jitter-related application problems
Chapter 22: Understanding Network Security
Introduction
Discovering unusual traffic patterns
Discovering MAC- and ARP-based attacks
Discovering ICMP and TCP SYN/Port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute-force and application attacks
Chapter 23: Welcome to the World of Packet Analysis with Wireshark
Introduction to Wireshark
A brief overview of the TCP/IP model
The layers in the TCP/IP model
An introduction to packet analysis with Wireshark
Capturing methodologies
Summary
Practice questions
Chapter 24: Filtering Our Way in Wireshark
An introduction to filters
Capture filters
Display filters
Searching for packets using the Find dialog
Create new Wireshark profiles
Summary
Practice questions
Chapter 25: Mastering the Advanced Features of Wireshark
The Statistics menu
Conversations
Endpoints
Working with IO, Flow, and TCP stream graphs
IO graphs
Flow graphs
TCP stream graphs
Follow TCP streams
Expert Infos
Command Line-fu
Summary
Exercise
Chapter 26: Inspecting Application Layer Protocols
Domain name system
File transfer protocol
Hyper Text Transfer Protocol
Simple Mail Transfer Protocol
Summary
Practice questions
Chapter 27: Analyzing Transport Layer Protocols
The transmission control protocol
The User Datagram Protocol
Summary
Practice questions
Chapter 28: Analyzing Traffic in Thin Air
Understanding IEEE 802.11
Usual and unusual WEP – open/shared key communication
Decrypting WEP and WPA traffic
Summary
Practice questions
Chapter 29: Network Security Analysis
Information gathering
ARP poisoning
Analyzing brute force attacks
Summary
Practice questions
Chapter 30: Troubleshooting
Recovery features
Summary
Practice questions
Chapter 31: Introduction to Wireshark v2
The intelligent scroll bar
Translation
Graph improvements
TCP streams
USBPcap
Summary
Practice questions

Book Details

ISBN 139781788833226
Paperback912 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Tensorflow Solutions for Data [Video] Book Cover
Tensorflow Solutions for Data [Video]
$ 124.99
$ 106.25
Kubernetes for Serverless Applications Book Cover
Kubernetes for Serverless Applications
$ 35.99
$ 25.20
Webpack for React Applications [Video] Book Cover
Webpack for React Applications [Video]
$ 124.99
$ 106.25
Data Visualization Solutions for Beginners [Video] Book Cover
Data Visualization Solutions for Beginners [Video]
$ 124.99
$ 106.25
Computer Vision with OpenCV 3 and Qt5 Book Cover
Computer Vision with OpenCV 3 and Qt5
$ 39.99
$ 28.00
Designing Purpose-Built Drones for Ardupilot Pixhawk 2.1 Book Cover
Designing Purpose-Built Drones for Ardupilot Pixhawk 2.1
$ 27.99
$ 19.60