Network Analysis Using Wireshark 2 Cookbook Second Edition Practical recipes to analyze and secure your network using Wireshark 2 Nagendra Kumar Nainar Yogesh Ramdoss Yoram Orzach BIRMINGHAM - MUMBAI Network Analysis Using Wireshark 2 Cookbook Second Edition Copyright © 2018 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Vijin Boricha Acquisition Editor: Rahul Nair Content Development Editor: Mayur Pawanikar Technical Editor: Dinesh Pawar Copy Editor: Vikrant Phadkay, Safis Editing Project Coordinator: Nidhi Joshi Proofreader: Safis Editing Indexer: Priyanka Dhadke Graphics: Tania Dutta Production Coordinator: Arvindkumar Gupta First published: December 2013 Second edition: March 2018 Production reference: 1280318 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78646-167-4 www.packtpub.com I would like to dedicate this book to my beloved friend, Suresh Kumar, and his late wife, Dharshana Suresh. – Nagendra Kumar Nainar I would like to dedicate this book to my parents, Ramdoss and Bhavani, who have dedicated their life for my success. – Yogesh Ramdoss mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Mapt is fully searchable Copy and paste, print, and bookmark content PacktPub.com Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the authors Nagendra Kumar Nainar (CCIE#20987) is a senior technical leader with RP escalation team in Cisco Systems. He is the co-inventor of more than 80 patent applications and the coauthor of six internet RFCs, various internet drafts and IEEE papers. He is a guest lecturer in North Carolina State University and a speaker in different network forums. I would like to thank my dear wife, Lavanya, and lovely daughter, Ananyaa, for their understanding and support; my parents, Nainar and Amirtham; brother, Natesh, and family for their support. Special thanks to my mentor, Carlos Pignataro, and manager, Mike Stallings. Thanks to Arun, Abayomi for the review. Thanks to all my friends Satish, Poornima, Praveen, Rethna, Vinodh, Mani, Parthi, and the publishers. Yogesh Ramdoss (CCIE #16183) is a senior technical leader in the technical services organization of Cisco Systems. He is a distinguished speaker at CiscoLive, sharing knowledge and educating customers on enterprise/datacenter technologies and platforms, troubleshooting and packet capturing tools, and open network programmability. Co- inventor of patent in machine/behavior learning. I would like to thank my wife, Vaishnavi, and kids, Janani and Karthik, for their patience and support. A special mention of and thanks to Dr. V. Abhaikumar, principal of Thiagarajar College of Engineering, Madurai. I am very thankful to my coauthor Nagendra Kumar Nainar, manager Michael Stallings, mentor Carlos Pignataro, and all my friends and family. Yoram Orzach gained his bachelor's degree in science from the Technion in Haifa, Israel, and worked in Bezeq as a systems engineer in the fields of transmission and access networks. From being the technical manager at Netplus, he is now the CTO of NDI Communications. His experience is with corporate networks, service providers, and internet service provider's networks, and his client companies are Comverse, Motorola, Intel, Ceragon networks, Marvel, HP, and others. His experience is in design, implementation, troubleshooting as well as training for R&D, engineering, and IT groups. About the reviewer Abayomi Adefila is a technical leader in services organization of Cisco systems. His array of accomplishments include B.Tech, M.Sc, CCNA, CCDA, CCNP, CCIP, CCDP, CCIE (R&S) along with MPLS L3 VPN, VRF, ISIS, IPv6, BGP4, MP-BGP, OSPFv2&3, RIPng, Eigrpv6, DS1, DS3, Metro-Ethernet, EEM, OER, advanced routing and switching on Cisco network gears, VPN concentrator, GRE, IPSec, Junipere, and so on. He has been awarded with MCI's outstanding performance ovation award at Verizon and Multiple CAP awards for outstanding performances at Cisco. Jason Morris is a systems and research engineer with 18+ years of experience in system architecture, research engineering, and large data analysis. He is a speaker and a consultant for designing large-scale architectures, best security practices on the cloud, near real-time image detection analytics with deep learning, and serverless architectures to aid in ETL. His most recent roles include solution architect, big data engineer, big data specialist, and instructor at Amazon Web Services. He is currently the chief technology officer of Next Rev Technologies. I would like to thank the entire editorial and production team at Packt, who work hard to bring quality books to the public, and also to the readers of this publication. May this book aid you in your quest for doing great things. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Chapter 1: Introduction to Wireshark Version 2 7 Wireshark Version 2 basics 7 Locating Wireshark 8 Getting ready 10 How to do it... 12 Monitoring a server 12 Monitoring a router 13 Monitoring a firewall 14 Test access points and hubs 15 How it works... 16 There's more... 17 See also 18 Capturing data on virtual machines 19 Getting ready 19 How to do it... 19 Packet capture on a VM installed on a single hardware 20 Packet capture on a blade server 23 How it works... 24 Standard and distributed vSwitch 26 See also 26 Starting the capture of data 26 Getting ready 27 How to do it... 28 Capture on multiple interfaces 30 How to configure the interface you capture data from 32 Capture data to multiple files 33 Configure output parameters 34 Manage interfaces (under the Input tab) 35 Capture packets on a remote machine 36 Start capturing data – capture data on Linux/Unix machines 38 Collecting from a remote communication device 39 How it works... 40 There's more... 40 See also 41 Configuring the start window 41 Getting ready 41 The main menu 42 The main toolbar 43 Display filter toolbar 44 Table of Contents Status bar 44 How to do it... 45 Toolbars configuration 45 Main window configuration 46 Name resolution 46 Colorize packet list 47 Zoom 49 Chapter 2: Mastering Wireshark for Network Troubleshooting 50 Introduction 50 Configuring the user interface, and global and protocol preferences 51 Getting ready 51 How to do it... 52 General appearance preferences 52 Layout preferences 53 Column preferences 53 Font and color preferences 55 Capture preferences 55 Filter expression preferences 56 Name resolution preferences 57 IPv4 preference configuration 59 TCP and UDP configuration 60 How it works... 61 There's more... 62 Importing and exporting files 62 Getting ready 62 How to do it... 62 Exporting an entire or partial file 62 Saving data in various formats 64 Printing data 65 How it works... 66 There's more... 66 Configuring coloring rules and navigation techniques 67 Getting ready 67 How to do it... 69 How it works... 70 See also 70 Using time values and summaries 70 Getting ready 70 How to do it... 71 How it works... 72 Building profiles for troubleshooting 72 Getting ready 73 How to do it... 73 How it works... 75 There's more... 75 See also 76 [ ii ]