Table Of ContentNetwork Analysis Using
Wireshark 2 Cookbook
Second Edition
Practical recipes to analyze and secure your network using
Wireshark 2
Nagendra Kumar Nainar
Yogesh Ramdoss
Yoram Orzach
BIRMINGHAM - MUMBAI
Network Analysis Using Wireshark 2
Cookbook
Second Edition
Copyright © 2018 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, without the prior written permission of the publisher, except in the case of brief quotations
embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented.
However, the information contained in this book is sold without warranty, either express or implied. Neither the
authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to
have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products
mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy
of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Rahul Nair
Content Development Editor: Mayur Pawanikar
Technical Editor: Dinesh Pawar
Copy Editor: Vikrant Phadkay, Safis Editing
Project Coordinator: Nidhi Joshi
Proofreader: Safis Editing
Indexer: Priyanka Dhadke
Graphics: Tania Dutta
Production Coordinator: Arvindkumar Gupta
First published: December 2013
Second edition: March 2018
Production reference: 1280318
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-167-4
www.packtpub.com
I would like to dedicate this book to my beloved friend, Suresh Kumar, and his late
wife, Dharshana Suresh.
– Nagendra Kumar Nainar
I would like to dedicate this book to my parents, Ramdoss and Bhavani, who have
dedicated their life for my success.
– Yogesh Ramdoss
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as
well as industry leading tools to help you plan your personal development and advance
your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos
from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
PacktPub.com
Did you know that Packt offers eBook versions of every book published, with PDF and
ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a
print book customer, you are entitled to a discount on the eBook copy. Get in touch with us
at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a
range of free newsletters, and receive exclusive discounts and offers on Packt books and
eBooks.
Contributors
About the authors
Nagendra Kumar Nainar (CCIE#20987) is a senior technical leader with RP escalation team
in Cisco Systems. He is the co-inventor of more than 80 patent applications and the
coauthor of six internet RFCs, various internet drafts and IEEE papers. He is a guest lecturer
in North Carolina State University and a speaker in different network forums.
I would like to thank my dear wife, Lavanya, and lovely daughter, Ananyaa, for their
understanding and support; my parents, Nainar and Amirtham; brother, Natesh, and
family for their support.
Special thanks to my mentor, Carlos Pignataro, and manager, Mike Stallings. Thanks to
Arun, Abayomi for the review. Thanks to all my friends Satish, Poornima, Praveen,
Rethna, Vinodh, Mani, Parthi, and the publishers.
Yogesh Ramdoss (CCIE #16183) is a senior technical leader in the technical services
organization of Cisco Systems. He is a distinguished speaker at CiscoLive, sharing
knowledge and educating customers on enterprise/datacenter technologies and platforms,
troubleshooting and packet capturing tools, and open network programmability. Co-
inventor of patent in machine/behavior learning.
I would like to thank my wife, Vaishnavi, and kids, Janani and Karthik, for their patience
and support.
A special mention of and thanks to Dr. V. Abhaikumar, principal of Thiagarajar College of
Engineering, Madurai. I am very thankful to my coauthor Nagendra Kumar Nainar,
manager Michael Stallings, mentor Carlos Pignataro, and all my friends and family.
Yoram Orzach gained his bachelor's degree in science from the Technion in Haifa, Israel,
and worked in Bezeq as a systems engineer in the fields of transmission and access
networks. From being the technical manager at Netplus, he is now the CTO of NDI
Communications. His experience is with corporate networks, service providers, and
internet service provider's networks, and his client companies are Comverse, Motorola,
Intel, Ceragon networks, Marvel, HP, and others. His experience is in design,
implementation, troubleshooting as well as training for R&D, engineering, and IT groups.
About the reviewer
Abayomi Adefila is a technical leader in services organization of Cisco systems. His array
of accomplishments include B.Tech, M.Sc, CCNA, CCDA, CCNP, CCIP, CCDP, CCIE (R&S)
along with MPLS L3 VPN, VRF, ISIS, IPv6, BGP4, MP-BGP, OSPFv2&3, RIPng, Eigrpv6,
DS1, DS3, Metro-Ethernet, EEM, OER, advanced routing and switching on Cisco network
gears, VPN concentrator, GRE, IPSec, Junipere, and so on. He has been awarded with MCI's
outstanding performance ovation award at Verizon and Multiple CAP awards for
outstanding performances at Cisco.
Jason Morris is a systems and research engineer with 18+ years of experience in system
architecture, research engineering, and large data analysis.
He is a speaker and a consultant for designing large-scale architectures, best security
practices on the cloud, near real-time image detection analytics with deep learning, and
serverless architectures to aid in ETL. His most recent roles include solution architect, big
data engineer, big data specialist, and instructor at Amazon Web Services. He is currently
the chief technology officer of Next Rev Technologies.
I would like to thank the entire editorial and production team at Packt, who work hard to
bring quality books to the public, and also to the readers of this publication. May this book
aid you in your quest for doing great things.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and
apply today. We have worked with thousands of developers and tech professionals, just
like you, to help them share their insight with the global tech community. You can make a
general application, apply for a specific hot topic that we are recruiting an author for, or
submit your own idea.
Table of Contents
Preface 1
Chapter 1: Introduction to Wireshark Version 2 7
Wireshark Version 2 basics 7
Locating Wireshark 8
Getting ready 10
How to do it... 12
Monitoring a server 12
Monitoring a router 13
Monitoring a firewall 14
Test access points and hubs 15
How it works... 16
There's more... 17
See also 18
Capturing data on virtual machines 19
Getting ready 19
How to do it... 19
Packet capture on a VM installed on a single hardware 20
Packet capture on a blade server 23
How it works... 24
Standard and distributed vSwitch 26
See also 26
Starting the capture of data 26
Getting ready 27
How to do it... 28
Capture on multiple interfaces 30
How to configure the interface you capture data from 32
Capture data to multiple files 33
Configure output parameters 34
Manage interfaces (under the Input tab) 35
Capture packets on a remote machine 36
Start capturing data – capture data on Linux/Unix machines 38
Collecting from a remote communication device 39
How it works... 40
There's more... 40
See also 41
Configuring the start window 41
Getting ready 41
The main menu 42
The main toolbar 43
Display filter toolbar 44
Table of Contents
Status bar 44
How to do it... 45
Toolbars configuration 45
Main window configuration 46
Name resolution 46
Colorize packet list 47
Zoom 49
Chapter 2: Mastering Wireshark for Network Troubleshooting 50
Introduction 50
Configuring the user interface, and global and protocol preferences 51
Getting ready 51
How to do it... 52
General appearance preferences 52
Layout preferences 53
Column preferences 53
Font and color preferences 55
Capture preferences 55
Filter expression preferences 56
Name resolution preferences 57
IPv4 preference configuration 59
TCP and UDP configuration 60
How it works... 61
There's more... 62
Importing and exporting files 62
Getting ready 62
How to do it... 62
Exporting an entire or partial file 62
Saving data in various formats 64
Printing data 65
How it works... 66
There's more... 66
Configuring coloring rules and navigation techniques 67
Getting ready 67
How to do it... 69
How it works... 70
See also 70
Using time values and summaries 70
Getting ready 70
How to do it... 71
How it works... 72
Building profiles for troubleshooting 72
Getting ready 73
How to do it... 73
How it works... 75
There's more... 75
See also 76
[ ii ]
