ebook img

Practical Packet Analysis PDF

372 Pages·2017·14.846 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Practical Packet Analysis

E 3 D R I DDOONN’’TT JJUUSSTT SSTTAARREE T D I PPRR AACCTTIICCAALL AATT CCAAPPTTUURREEDD Download the capture files O N used in this book from PPAACCKKEETTSS.. E nostarch.com/packetanalysis3/ D AANNAALLYYZZEE TTHHEEMM.. IT3R PPAACCKKEE TT AANNAALLYYSSIISS IOD N U S I NG W I R E S HA R K T O S O L V E R E A L - W O R L D PP N E T W O R K PR O B L E M S RR It’s easy to capture packets with Wireshark, the world’s • Extract files sent across a network from packet most popular network sniffer, whether off the wire or captures AA from the air. But how do you use those packets to CC • Graph traffic patterns to visualize the data flowing understand what’s happening on your network? C H R I S S A N D E R S across your network TT Updated to cover Wireshark 2.x, the third edition II of Practical Packet Analysis will teach you to make • Use advanced Wireshark features to understand CC confusing captures sense of your packet captures so that you can better AA troubleshoot network problems. You’ll find added • Build statistics and reports to help you better explain LL coverage of IPv6 and SMTP, a new chapter on the technical network information to non-techies powerful command line packet analyzers tcpdump PP No matter what your level of experience is, Practical and TShark, and an appendix on how to read and AA Packet Analysis will show you how to use Wireshark to reference packet values using a packet map. CC make sense of any network and get things done. Practical Packet Analysis will show you how to: KK ABOUT THE AUTHOR • Monitor your network in real time and tap live EE Chris Sanders is a computer security consultant, network communications TT researcher, and educator. He is the author of Applied • Build customized capture and display filters Network Security Monitoring and blogs regularly at AA ChrisSanders.org. Chris uses packet analysis daily to NN • Use packet analysis to troubleshoot and resolve catch bad guys and find evil. common network problems, like loss of connectivity, AA DNS issues, and slow speeds LL The author’s royalties from this book YY • Explore modern exploits and malware at the packet will be donated to the Rural Technology Fund level (http://ruraltechfund.org/). SS II SS COVERS WIR ESHARK 2.X S THE FINEST IN GEEK ENTERTAINMENT™ A N www.nostarch.com D $49.95 ($57.95 CDN) ER “ThIi sL bIoEo kF LuAseTs. ”a durable binding that won’t snap shut. NETWORKINSHELVE IN: S FSC LOGO G/SECURITY Praise for Practical Packet analysis “A wealth of information. Smart, yet very readable, and honestly made me excited to read about packet analysis.” —TechRepublic “I’d recommend this book to junior network analysts, software developers, and the newly minted CSE/CISSP/etc.—folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems.” —GunTeR Ollmann, fORmeR chief Technical OfficeR Of iOacTive “The next time I investigate a slow network, I’ll turn to Practical Packet Analysis. And that’s perhaps the best praise I can offer on any technical book.” —michael W. lucas, auThOR Of Absolute FreebsD and Network Flow ANAlysis “An essential book if you are responsible for network administration on any level.” —linux pRO maGazine “A wonderful, simple-to-use, and well-laid-out guide.” —aRsGeek.cOm “If you need to get the basics of packet analysis down pat, this is a very good place to start.” —sTaTeOfsecuRiTy.cOm “Very informative and held up to the key word in its title, practical. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real-life examples of what to do with Wireshark.” —linuxsecuRiTy.cOm “Are there unknown hosts chatting away with each other? Is my machine talk- ing to strangers? You need a packet sniffer to really find the answers to these questions. Wireshark is one of the best tools to do this job, and this book is one of the best ways to learn about that tool.” —fRee sOfTWaRe maGazine “Perfect for the beginner to intermediate.” —daemOn neWs P r a c t i c a l P a c k e t a n a l y s i s 3rd e dition Using Wireshark to solve real-World network Problems by Chris sanders San Francisco Practical Packet analysis, 3rd edition. Copyright © 2017 by Chris Sanders. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 21 20 19 18 17 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-802-0 ISBN-13: 978-1-59327-802-1 Publisher: William Pollock Production Editor: Serena Yang Cover Illustration: Octopod Studios Interior Design: Octopod Studios Developmental Editor: William Pollock and Jan Cash Technical Reviewer: Tyler Reguly Copyeditor: Paula L. Fleming Compositor: Janelle Ludowise Proofreader: James Fraleigh Indexer: BIM Creatives, LLC. For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 1.415.863.9900; [email protected] www.nostarch.com The Library of Congress has catalogued the first edition as follows: Sanders, Chris, 1986- Practical packet analysis : using Wireshark to solve real-world network problems / Chris Sanders. p. cm. ISBN-13: 978-1-59327-149-7 ISBN-10: 1-59327-149-2 1. Computer network protocols. 2. Packet switching (Data transmission) I. Title. TK5105.55.S265 2007 004.6'6--dc22 2007013453 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. “Amazing grace, how sweet the sound That saved a wretch like me. I once was lost but now I’m found. Was blind but now I see.” Brief contents Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii Chapter 1: Packet Analysis and Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 2: Tapping into the Wire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 3: Introduction to Wireshark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Chapter 4: Working with Captured Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Chapter 5: Advanced Wireshark Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Chapter 6: Packet Analysis on the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Chapter 7: Network Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Chapter 8: Transport Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Chapter 9: Common Upper-Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Chapter 10: Basic Real-World Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Chapter 11: Fighting a Slow Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Chapter 12: Packet Analysis for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Chapter 13: Wireless Packet Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Appendix A: Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Appendix B: Navigating Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.