Learn Wireshark - Second Edition

Expertly analyze common protocols such as TCP, IP, and ICMP, along with learning how to use display and capture filters, save and export captures, create IO and stream graphs, and troubleshoot latency issues

Key Features

- Gain a deeper understanding of common protocols so you can easily troubleshoot network issues
- Explore ways to examine captures to recognize unusual traffic and possible network attacks
- Learn advanced techniques, create display and capture filters, and generate IO and stream graphs

Book Description

Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and potential attacks. Over the years, there have been many enhancements to Wireshark's functionality. This book will guide you through essential features so you can capture, display, and filter data with ease. In addition to this, you'll gain valuable tips on lesser-known configuration options, which will allow you to complete your analysis in an environment customized to suit your needs.

This updated second edition of Learn Wireshark starts by outlining the benefits of traffic analysis. You'll discover the process of installing Wireshark and become more familiar with the interface. Next, you'll focus on the Internet Suite and then explore deep packet analysis of common protocols such as DNS, DHCP, HTTP, and ARP. The book also guides you through working with the expert system to detect network latency issues, create I/O and stream graphs, subset traffic, and save and export captures. Finally, you'll understand how to share captures using CloudShark, a browser-based solution for analyzing packet captures.

By the end of this Wireshark book, you'll have the skills and hands-on experience you need to conduct deep packet analysis of common protocols and network troubleshooting as well as identify security issues.

What you will learn

- Master network analysis and troubleshoot anomalies with Wireshark
- Discover the importance of baselining network traffic
- Correlate the OSI model with frame formation in Wireshark
- Narrow in on specific traffic by using display and capture filters
- Conduct deep packet analysis of common protocols: IP, TCP, and ARP
- Understand the role and purpose of
- ICMP, DNS, HTTP, and DHCP
- Create a custom configuration profile and personalize the interface
- Create I/O and stream graphs to better visualize traffic

Who this book is for

If you are a network administrator, security analyst, student, or teacher and want to learn about effective packet analysis using Wireshark, then this book is for you. In order to get the most from this book, you should have basic knowledge of network fundamentals, devices, and protocols along with an understanding of different topologies.

Wireshark是一個受歡迎且功能強大的封包分析工具，可幫助網路管理員調查延遲問題和潛在攻擊。多年來，Wireshark的功能有許多增強。本書將引導您了解基本功能，以便輕鬆捕獲、顯示和過濾數據。此外，您還將獲得有關較少知名配置選項的寶貴提示，這將使您能夠在符合您需求的自定義環境中完成分析。

《學習Wireshark》第二版首先概述了流量分析的好處。您將了解安裝Wireshark的過程，並更加熟悉界面。接下來，您將專注於Internet套件，然後探索常見協議（如DNS、DHCP、HTTP和ARP）的深度封包分析。本書還指導您使用專家系統來檢測網路延遲問題、創建I/O和流圖形、子集流量以及保存和導出捕獲。最後，您將了解如何使用CloudShark共享捕獲，這是一個基於瀏覽器的解決方案，用於分析封包捕獲。

通過閱讀本書，您將具備進行常見協議的深度封包分析和網路故障排除的技能和實踐經驗，並能夠識別安全問題。

本書的學習重點包括：
- 掌握使用Wireshark進行網路分析並排除異常
- 發現基準網路流量的重要性
- 將OSI模型與Wireshark中的幀形成相關聯
- 通過使用顯示和捕獲過濾器來縮小特定流量範圍
- 進行常見協議（IP、TCP和ARP）的深度封包分析
- 了解ICMP、DNS、HTTP和DHCP的角色和目的
- 創建自定義配置文件並個性化界面
- 創建I/O和流圖形以更好地可視化流量

本書適合網路管理員、安全分析師、學生或教師，並希望使用Wireshark進行有效的封包分析。為了從本書中獲得最大效益，您應該具備網路基礎知識、設備和協議的基本知識，以及對不同拓撲的理解。

Lisa Bock is an experienced author with a demonstrated history of working in the e-learning industry. She is a security ambassador with a broad range of IT skills and knowledge, including on Cisco Security, CyberOps, Wireshark, biometrics, ethical hacking, and IoT. Lisa is an author for LinkedIn Learning and an award-winning speaker who has presented at several national conferences. She holds an MS in computer information systems/information assurance from UMGC. Lisa was an associate professor in the IT department at Pennsylvania College of Technology (Williamsport, PA) from 2003 until her retirement in 2020. She is involved with various volunteer activities, and she and her husband Mike enjoy bike riding, watching movies, and traveling.

Lisa Bock是一位有豐富經驗的作者，擁有在電子學習行業工作的經歷。她是一位安全大使，具備廣泛的IT技能和知識，包括Cisco Security、CyberOps、Wireshark、生物識別、道德黑客和物聯網等。Lisa是LinkedIn Learning的作者，也是一位屢獲殊榮的演講者，曾在多個國家級會議上發表演講。她擁有馬里蘭大學全球校園的計算機信息系統/信息保護碩士學位。Lisa從2003年到2020年退休前一直擔任賓夕法尼亞科技學院（威廉斯波特，賓夕法尼亞州）IT系的副教授。她參與了各種志願活動，她和丈夫Mike喜歡騎自行車、看電影和旅行。

1. Appreciating Traffic Analysis
2. Using Wireshark
3. Installing Wireshark
4. Exploring the Wireshark Interface
5. Tapping into the Data Stream
6. Personalizing the Interface
7. Using Display and Capture Filters
8. Outlining the OSI Model
9. Decoding TCP and UDP
10. Managing TCP Connections
11. Analyzing IPv4 and IPv6
12. Discovering ICMP
13. Diving into DNS
14. Examining DHCP
15. Decoding HTTP
16. Understanding ARP
17. Determining Network Latency Issues
18. Subsetting, Saving, and Exporting Captures
19. Discovering I/O and Stream Graphs
20. Using CloudShark for Packet Analysis

1. 了解流量分析
2. 使用Wireshark
3. 安裝Wireshark
4. 探索Wireshark介面
5. 監聽數據流
6. 個性化介面
7. 使用顯示和捕獲過濾器
8. 概述OSI模型
9. 解碼TCP和UDP
10. 管理TCP連接
11. 分析IPv4和IPv6
12. 探索ICMP
13. 深入研究DNS
14. 檢查DHCP
15. 解碼HTTP
16. 理解ARP
17. 確定網絡延遲問題
18. 子集、保存和導出捕獲
19. 發現I/O和流圖
20. 使用CloudShark進行封包分析