ebook img

Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark PDF

607 Pages·2022·17.852 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark

Learn Wireshark Second Edition A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark Lisa Bock BIRMINGHAM—MUMBAI Learn Wireshark Second Edition Copyright © 2022 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Group Product Manager: Vijin Boricha Publishing Product Manager: Prachi Sawant Content Development Editor: Romy Dias Technical Editor: Rajat Sharma Copy Editor: Safis Editing Project Coordinator: Ashwin Dinesh Kharwa Proofreader: Safis Editing Indexer: Sejal Dsilva Production Designer: Roshan Kawale Marketing Coordinator: Sanjana Gupta First Published: August 2019 Second Edition: June 2022 Production reference: 1010722 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80323-167-9 www.packt.com To all dreamers, know that there isn't always a clear path to achieving your dream. In addition to celebrating and rejoicing each milestone, there will be times of great sorrow and despair along the way. Nonetheless, keep moving toward your dream while being authentic, harmonious, and true to yourself. One day you'll see a sign, and you'll say to yourself with a smile, "I have arrived." Contributors About the author Lisa Bock is an experienced author with a demonstrated history of working in the e-learning industry. She is a security ambassador with a broad range of IT skills and knowledge, including Cisco security, CyberOps, Wireshark, biometrics, ethical hacking, and the IoT. Lisa is an author for LinkedIn Learning and an award-winning speaker who has presented at several national conferences. She holds an MS in computer information systems/information assurance from UMGC. Lisa was an associate professor in the IT department at Pennsylvania College of Technology (Williamsport, PA) from 2003 until her retirement in 2020. She is involved with various volunteer activities, and she and her husband, Mike, enjoy bike riding, watching movies, and traveling. I want to thank my friends and family for their ongoing support. I am also grateful to the entire Packt team, who work very hard to create an exceptional product. Finally, I'd like to thank my students, who push me to deliver the very best educational content. About the reviewer Nick Parlow is a Fujitsu Fellow and Distinguished Engineer, and has been an escalation engineer for Fujitsu in the UK for nearly 20 years, specializing in messaging technologies and networks. He has fixed stuff for central government, the Ministry of Defence, and his local school. He has master's degrees in network engineering from Sheffield Hallam University and software engineering from the University of Northumbria. Nick is a Microsoft Certified Trainer and holds many other credentials, but is most proud of being a Raspberry Pi Certified Educator and Code Club volunteer. When he's not working, writing books, reviewing books, soldering things, or taking blurry photos of the night sky, he likes to play with chainsaws. I'd like to thank the author, Lisa Bock, and the team at Packt for giving me the opportunity to do something that has been wholly enjoyable – reviewing this great book. Most thanks, however, go to my long-suffering family and colleagues for giving me the time and support to do so. Thank you, Chris, Bryn, Jon, Caroline, Craig, and everybody else. You're brilliant. Table of Contents Preface Part 1 Traffic Capture Overview 1 Appreciating Traffic Analysis Reviewing packet analysis 4 Identifying where to use packet analysis 17 Exploring early packet sniffers  5 Evaluating devices that Analyzing traffic on a LAN 17 use packet analysis 6 Outlining when to Capturing network traffic 7 use packet analysis 19 Recognizing who benefits Troubleshooting latency issues 19 from using packet analysis 8 Testing IoT devices 20 Assisting developers 8 Monitoring for threats 20 Helping network administrators Baselining the network 21 monitor the network 9 Getting to know Wireshark 22 Educating students on protocols 12 Alerting security analysts to threats 13 Summary  23 Arming hackers with information 14 Questions 24 2 Using Wireshark Examining the Finding information 34 Wireshark interface 28 Understanding the phases of Streamlining the interface 28 packet analysis 34 Discovering keyboard shortcuts 31 Gathering network traffic 34 Recognizing the Wireshark authors 32 Decoding the raw bits 37 viii Table of Contents Displaying the captured data 38 Dissecting protocols 44 Analyzing the packet capture 41 Summary 45 Using CLI tools with Wireshark 42 Questions 46 Exploring tshark 42 3 Installing Wireshark Discovering support for Beginning the installation 58 different OSes 50 Choosing components 58 Using Wireshark on Windows 50 Creating shortcuts and selecting an install location 62 Running Wireshark on Unix  50 Capturing packets and completing Installing Wireshark on macOS 51 the installation 63 Deploying Wireshark on Linux 51 Working with Wireshark Reviewing available resources 65 on other systems 52 Viewing news and help topics 65 Comparing different Evaluating download options 67 capture engines 54 Summary 69 Understanding libpcap 54 Questions 69 Examining WinPcap 54 Further reading 71 Grasping Npcap 55 Performing a standard Windows installation 58 4 Exploring the Wireshark Interface Opening the Wireshark Printing packets and closing Wireshark 82 welcome screen 74 Discovering the Edit menu 84 Selecting a file 74 Copying items and finding packets 84 Capturing traffic 75 Marking or ignoring packets 88 Exploring the File menu 76 Setting a time reference 89 Opening a file, closing, and saving 77 Personalizing your work area 90 Exporting packets, bytes, and objects 78 Exploring the View menu 91 Table of Contents ix Enhancing the interface 91 Refreshing the view 98 Formatting time and name resolution 93 Summary 101 Modifying the display 96 Questions 101 Part 2 Getting Started with Wireshark 5 Tapping into the Data Stream Reviewing network Comparing conversations and architectures 108 endpoints 119 Comparing different types of networks 108 Realizing the importance Exploring various types of media 110 of baselining 123 Learning various Planning the baseline 123 capture methods 113 Capturing traffic 123 Analyzing the captured traffic 124 Providing input 114 Saving the baselines 125 Directing output 114 Selecting options 116 Summary 126 Tapping into the stream 118 Questions 127 6 Personalizing the Interface Personalizing the layout 130 Adding, editing, and deleting columns 141 Altering the appearance 130 Refining the font and colors 145 Changing the layout 132 Adding comments 148 Creating a tailored Attaching comments to files 148 configuration profile 136 Entering packet comments 148 Customizing a profile 136 Viewing and saving comments 149 Crafting buttons 139 Summary 150 Adjusting columns, Questions 151 font, and colors 141

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.