Practical packet analysis : using Wireshark to solve real-world network problems / by Chris Sanders.

Format:

Book

Author/Creator:

Sanders, Chris, 1986-

Language:

English

Subjects (All):

Wireshark.

Computer network protocols.

Packet switching (Data transmission).

Physical Description:

xx, 240 p. : ill.

Edition:

2nd ed.

Place of Publication:

San Francisco : No Starch Press, 2011.

Language Note:

English

System Details:

text file

Summary:

This significantly revised and expanded second edition of Practical Packet Analysis shows you how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems.

Contents:

Intro

Acknowledgments

Introduction

Why This Book?

Concepts and Approach

How to Use This Book

About the Sample Capture Files

The Rural Technology Fund

Contacting Me

1: Packet Analysis and Network Basics

Packet Analysis and Packet Sniffers

Evaluating a Packet Sniffer

How Packet Sniffers Work

How Computers Communicate

Protocols

The Seven-Layer OSI Model

Data Encapsulation

Network Hardware

Traffic Classifications

Broadcast Traffic

Multicast Traffic

Unicast Traffic

Final Thoughts

2: Tapping into the Wire

Living Promiscuously

Sniffing Around Hubs

Sniffing in a Switched Environment

Port Mirroring

Hubbing Out

Using a Tap

ARP Cache Poisoning

Sniffing in a Routed Environment

Sniffer Placement in Practice

3: Introduction to Wireshark

A Brief History of Wireshark

The Benefits of Wireshark

Installing Wireshark

Installing on Microsoft Windows Systems

Installing on Linux Systems

Installing on Mac OS X Systems

Wireshark Fundamentals

Your First Packet Capture

Wireshark's Main Window

Wireshark Preferences

Packet Color Coding

4: Working with Captured Packets

Working with Capture Files

Saving and Exporting Capture Files

Merging Capture Files

Working with Packets

Finding Packets

Marking Packets

Printing Packets

Setting Time Display Formats and References

Time Display Formats

Packet Time Referencing

Setting Capture Options

Capture Settings

Capture File(s) Settings

Stop Capture Settings

Display Options

Name Resolution Settings

Using Filters

Capture Filters

Display Filters

Saving Filters

5: Advanced Wireshark Features

Network Endpoints and Conversations

Viewing Endpoints

Viewing Network Conversations

Troubleshooting with the Endpoints and Conversations Windows.

Protocol Hierarchy Statistics

Name Resolution

Enabling Name Resolution

Potential Drawbacks to Name Resolution

Protocol Dissection

Changing the Dissector

Viewing Dissector Source Code

Following TCP Streams

Packet Lengths

Graphing

Viewing IO Graphs

Round-Trip Time Graphing

Flow Graphing

Expert Information

6: Common Lower-Layer Protocols

Address Resolution Protocol

The ARP Header

Packet 1: ARP Request

Packet 2: ARP Response

Gratuitous ARP

Internet Protocol

IP Addresses

The IPv4 Header

Time to Live

IP Fragmentation

Transmission Control Protocol

The TCP Header

TCP Ports

The TCP Three-Way Handshake

TCP Teardown

TCP Resets

User Datagram Protocol

The UDP Header

Internet Control Message Protocol

The ICMP Header

ICMP Types and Messages

Echo Requests and Responses

Traceroute

7: Common Upper-Layer Protocols

Dynamic Host Configuration Protocol

The DHCP Packet Structure

The DHCP Renewal Process

DHCP In-Lease Renewal

DHCP Options and Message Types

Domain Name System

The DNS Packet Structure

A Simple DNS Query

DNS Question Types

DNS Recursion

DNS Zone Transfers

Hypertext Transfer Protocol

Browsing with HTTP

Posting Data with HTTP

8: Basic Real-World Scenarios

Social Networking at the Packet Level

Capturing Twitter Traffic

Capturing Facebook Traffic

Comparing Twitter vs. Facebook Methods

Capturing ESPN.com Traffic

Using the Conversations Window

Using the Protocol Hierarchy Statistics Window

Viewing DNS Traffic

Viewing HTTP Requests

Real-World Problems

No Internet Access: Configuration Problems

No Internet Access: Unwanted Redirection

No Internet Access: Upstream Problems

Inconsistent Printer

Stranded in a Branch Office

Ticked-Off Developer.

Final Thoughts

9: Fighting a Slow Network

TCP Error-Recovery Features

TCP Retransmissions

TCP Duplicate Acknowledgments and Fast Retransmissions

TCP Flow Control

Adjusting the Window Size

Halting Data Flow with a Zero Window Notification

The TCP Sliding Window in Practice

Learning from TCP Error-Control and Flow-Control Packets

Locating the Source of High Latency

Normal Communications

Slow Communications-Wire Latency

Slow Communications-Client Latency

Slow Communications-Server Latency

Latency Locating Framework

Network Baselining

Site Baseline

Host Baseline

Application Baseline

Additional Notes on Baselines

10: Packet Analysis for Security

Reconnaissance

SYN Scan

Operating System Fingerprinting

Exploitation

Operation Aurora

Remote-Access Trojan

11: Wireless Packet Analysis

Physical Considerations

Sniffing One Channel at a Time

Wireless Signal Interference

Detecting and Analyzing Signal Interference

Wireless Card Modes

Sniffing Wirelessly in Windows

Configuring AirPcap

Capturing Traffic with AirPcap

Sniffing Wirelessly in Linux

802.11 Packet Structure

Adding Wireless-Specific Columns to the Packet List Pane

Wireless-Specific Filters

Filtering Traffic for a Specific BSS ID

Filtering Specific Wireless Packet Types

Filtering a Specific Frequency

Wireless Security

Successful WEP Authentication

Failed WEP Authentication

Successful WPA Authentication

Failed WPA Authentication

Further Reading

Packet Analysis Tools

tcpdump and Windump

Cain &amp

Abel

Scapy

Netdude

Colasoft Packet Builder

CloudShark

pcapr

NetworkMiner

Tcpreplay

ngrep

libpcap

hping

Domain Dossier

Perl and Python.

Packet Analysis Resources

Wireshark Home Page

SANS Security Intrusion Detection In-Depth Course

Chris Sanders Blog

Packetstan Blog

Wireshark University

IANA

TCP/IP Illustrated (Addison-Wesley)

The TCP/IP Guide (No Starch Press).

Notes:

Title from title screen.

Includes bibliographical references and index.

Digitized and made available by: Books24x7.com.

ISBN:

9781593273989

1593273983

OCLC:

748270047