Packet Analysis with Wireshark

Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing improved protocol analysis

About This Book

• Gain hands-on experience of troubleshooting errors in TCP/IP and SSL protocols through practical use cases
• Identify and overcome security flaws in your network to get a deeper insight into security analysis
• This is a fast-paced book that focuses on quick and effective packet captures through practical examples and exercises

Who This Book Is For

If you are a network or system administrator who wants to effectively capture packets, a security consultant who wants to audit packet flows, or a white hat hacker who wants to view sensitive information and remediate it, this book is for you. This book requires decoding skills and a basic understanding of networking.

What You Will Learn

• Utilize Wireshark's advanced features to analyze packet captures
• Locate the vulnerabilities in an application server
• Get to know more about protocols such as DHCPv6, DHCP, DNS, SNMP, and HTTP with Wireshark
• Capture network packets with tcpdump and snoop with examples
• Find out about security aspects such as OS-level ARP scanning
• Set up 802.11 WLAN captures and discover more about the WAN protocol
• Enhance your troubleshooting skills by understanding practical TCP/IP handshake and state diagrams

In Detail

Wireshark provides a very useful way to decode an RFC and examine it. The packet captures displayed in Wireshark give you an insight into the security and flaws of different protocols, which will help you perform the security research and protocol debugging.

The book starts by introducing you to various packet analyzers and helping you find out which one best suits your needs. You will learn how to use the command line and the Wireshark GUI to capture packets by employing filters. Moving on, you will acquire knowledge about TCP/IP communication and its use cases. You will then get an understanding of the SSL/TLS flow with Wireshark and tackle the associated problems with it. Next, you will perform analysis on application-related protocols. We follow this with some best practices to analyze wireless traffic. By the end of the book, you will have developed the skills needed for you to identify packets for malicious attacks, intrusions, and other malware attacks.

利用Wireshark的強大功能，通過使用有效的封包分析技術和改進的協議分析，解決您的網絡問題。

關於本書

- 通過實際案例，獲得在TCP/IP和SSL協議中排除錯誤的實踐經驗。
- 通過識別和克服網絡中的安全漏洞，深入了解安全分析。
- 本書以快節奏的方式進行，重點是通過實例和練習進行快速有效的封包捕獲。

本書適合對象

- 如果您是一名希望有效捕獲封包的網絡或系統管理員，一名希望審計封包流量的安全顧問，或者一名希望查看敏感信息並解決問題的白帽黑客，那麼本書適合您。本書需要解碼技能和對網絡的基本理解。

您將學到什麼

- 利用Wireshark的高級功能進行封包分析。
- 找出應用服務器中的漏洞。
- 通過Wireshark更多了解DHCPv6、DHCP、DNS、SNMP和HTTP等協議。
- 使用tcpdump和snoop捕獲網絡封包，並提供示例。
- 了解操作系統級別的ARP掃描等安全方面。
- 設置802.11 WLAN捕獲，並更多了解WAN協議。
- 通過理解實際的TCP/IP握手和狀態圖來提高故障排除能力。

詳細內容

Wireshark提供了一種非常有用的解碼RFC並對其進行檢查的方法。Wireshark中顯示的封包捕獲可以讓您深入了解不同協議的安全性和缺陷，這將幫助您進行安全研究和協議調試。

本書首先介紹了各種封包分析器，並幫助您找出最適合您需求的分析器。您將學習如何使用命令行和Wireshark GUI通過應用過濾器捕獲封包。接著，您將瞭解TCP/IP通信及其使用案例。然後，您將了解Wireshark中的SSL/TLS流程並解決相關問題。接下來，您將對應用相關協議進行分析。最後，我們將介紹一些分析無線流量的最佳實踐。通過閱讀本書，您將掌握識別惡意攻擊、入侵和其他惡意軟件攻擊的封包的技能。