Network analysis using Wireshark 2 cookbook : practical recipes to analyze and secure your network using Wireshark 2 / Nagendra Kumar Nainar, Yogesh Ramdoss, Yoram Orzach.

Format:

Book

Author/Creator:

Nainar, Nagendra Kumar, author.

Ramdoss, Yogesh, author.

Orzach, Yoram, author.

Language:

English

Subjects (All):

Computer network protocols.

Packet switching (Data transmission).

Computer networks--Monitoring.

Computer networks.

Physical Description:

1 online resource (614 pages)

Edition:

2nd ed.

Place of Publication:

Birmingham ; Mumbai : Packt, 2018.

Biography/History:

Kumar Nainar Nagendra: Nagendra Kumar Nainar (CCIE#20987) is a senior technical leader with RP escalation team in Cisco Systems. He is the co-inventor of more than 80 patent applications and the coauthor of six internet RFCs, various internet drafts and IEEE papers. He is a guest lecturer in North Carolina State University and a speaker in different network forums. Orzach Yoram: Yoram Orzach is a senior networks and networks security advisor, providing network design and network security consulting services to a range of clients. Having spent thirty years in network and information security, Yoram has worked as a network and security engineer across many verticals in roles ranging from a network engineer, security consultant, and instructor. Yoram has gained his B. Sc. from the Technion in Haifa, Israel. Yoram's experience is both with corporate networks; service providers and Internet service providers' networks. His customers are Motorola solutions, Elbit Systems, 888, Taboola, Bezeq, PHI Networks, Cellcom, Strauss group, and many other hi-tech companies. Ramdoss Yogesh: Yogesh Ramdoss (CCIE #16183) is a senior technical leader in the technical services organization of Cisco Systems. He is a distinguished speaker at CiscoLive, sharing knowledge and educating customers on enterprise/datacenter technologies and platforms, troubleshooting and packet capturing tools, and open network programmability. Co-inventor of patent in machine/behavior learning.

Summary:

This book contains practical recipes on troubleshooting a data communications network. This second version of the book focuses on Wireshark 2, which has already gained a lot of traction due to the enhanced features that it offers to users. By the end of this book, you'll know how to analyze the traffic, find patterns of various offending.

Contents:

Cover

Title Page

Copyright and Credits

Dedication

Packt Upsell

Contributors

Table of Contents

Preface

Chapter 1: Introduction to Wireshark Version 2

Wireshark Version 2 basics

Locating Wireshark

Getting ready

How to do it...

Monitoring a server

Monitoring a router

Monitoring a firewall

Test access points and hubs

How it works...

There's more...

See also

Capturing data on virtual machines

Packet capture on a VM installed on a single hardware

Packet capture on a blade server

Standard and distributed vSwitch

Starting the capture of data

Capture on multiple interfaces

How to configure the interface you capture data from

Capture data to multiple files

Configure output parameters

Manage interfaces (under the Input tab)

Capture packets on a remote machine

Start capturing data - capture data on Linux/Unix machines

Collecting from a remote communication device

Configuring the start window

The main menu

The main toolbar

Display filter toolbar

Status bar

Toolbars configuration

Main window configuration

Name resolution

Colorize packet list

Zoom

Chapter 2: Mastering Wireshark for Network Troubleshooting

Introduction

Configuring the user interface, and global and protocol preferences

General appearance preferences

Layout preferences

Column preferences

Font and color preferences

Capture preferences

Filter expression preferences

Name resolution preferences

IPv4 preference configuration

TCP and UDP configuration

Importing and exporting files.

Getting ready

Exporting an entire or partial file

Saving data in various formats

Printing data

Configuring coloring rules and navigation techniques

Using time values and summaries

Building profiles for troubleshooting

Chapter 3: Using Capture Filters

Configuring capture filters

Configuring Ethernet filters

Configuring hosts and network filters

Configuring TCP/UDP and port filters

Configuring compound filters

Configuring byte offset and payload matching filters

Chapter 4: Using Display Filters

Configuring display filters

Configuring Ethernet, ARP, host, and network filters

Configuring TCP/UDP filters

TCP and UDP port number display filters

TCP header filters

Configuring specific protocol filters

HTTP display filters.

DNS display filters

FTP display filters

Configuring substring operator filters

Configuring macros

Chapter 5: Using Basic Statistics Tools

Using the statistics - capture file properties menu

Using the statistics - resolved addresses

There's more

Using the statistics - protocol hierarchy menu

Using the statistics - conversations menu

Using the statistics - endpoints menu

Using the statistics - HTTP menu

Configuring a flow graph for viewing TCP flows

Creating IP-based statistics

Chapter 6: Using Advanced Statistics Tools

Configuring I/O graphs with filters for measuring network performance issues

Throughput measurements with I/O graphs

Measuring download/upload traffic

Measuring several streams between two end devices

Measuring application throughput

Measuring a TCP stream with TCP event analysis

Advanced I/O graph configurations with y axis parameters

How to do it.

Monitoring inter-frame time delta statistics

Monitoring the number of TCP events in a stream

Monitoring the number of field appearances

Getting information through TCP stream graphs - time/sequence (Steven's) window

Getting information through TCP stream graphs - time/sequences (TCP-trace) window

Getting information through TCP stream graphs - throughput window

Getting information through TCP stream graphs - round-trip-time window

Getting information through TCP stream graphs - window-scaling window

Chapter 7: Using the Expert System

The expert system window and how to use it for network troubleshooting

Error events and what we can understand from them

Warning events and what we can understand from them

Note events and what we can understand from them

Chapter 8: Ethernet and LAN Switching

Discovering broadcast and error storms

Spanning tree problems

A device that generates broadcasts

Fixed pattern broadcasts

Analyzing spanning tree problems.

Which STP version is running on the network?

Are there too many topology changes?

Port states

Analyzing VLANs and VLAN tagging issues

Monitoring traffic inside a VLAN

Viewing tagged frames going through a VLAN tagged port

Chapter 9: Wireless LAN

Skills learned

Introduction to wireless networks and standards

Understanding WLAN devices, protocols, and terminologies

Access point (AP)

Wireless LAN controller (WLC)

Wireless radio issues, analysis, and troubleshooting

Zero wireless connectivity

Poor or intermittent wireless connectivity

Capturing wireless LAN traffic

Capturing options

Wireless station not joining a specific SSID

Users not able to authenticate after successful association

Chapter 10: Network Layer Protocols and Operations

The IPv4 principles of operations

IP addressing

IPv4 address resolution protocol operation and troubleshooting

ARP attacks and mitigations

ARP poisoning and man-in-the-middle attacks

Gratuitous ARP

ARP sweep-based DoS attacks

ICMP - protocol operation, analysis, and troubleshooting

ICMP attacks and mitigations

ICMP flood attack

ICMP smurf attack

Analyzing IPv4 unicast routing operations

IP TTL failures and attacks

Duplicate IP addresses

Analyzing IP fragmentation failures

TCP path MTU discovery

Fragmentation-based attack

IPv4 multicast routing operations.

How it works.

Notes:

Description based on print version record.

ISBN:

9781786463555

1786463555

OCLC:

1463580671