Practical Packet Analysis

Wireshark (formerly called Ethereal) is the world's most powerful "packet sniffer", allowing its users to uncover valuable information about computer networks (whether theirs or others'). Rather than simply take readers through Wireshark's tools Practical Packet Analysis shows how to use the software to monitor their own networks. The book is aimed at network engineers and system administrators, but it's clear enough for even Wireshark newbies. Includes a bonus CD with trace file examples as well as videos that show packet analysis in action. Full Description

It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.

Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:

• Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more
• Build customized capture and display filters
• Tap into live network communication
• Graph traffic patterns to visualize the data flowing across your network
• Use advanced Wireshark features to understand confusing packets
• Build statistics and reports to help you better explain technical network information to non-technical users

Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.

1. Chapter 1 PACKET ANALYSIS AND NETWORK BASICS

   1. What Is Packet Analysis?

   2. Evaluating a Packet Sniffer

   3. How Packet Sniffers Work

   4. How Computers Communicate

2. Chapter 2 TAPPING INTO THE WIRE

   1. Living Promiscuously

   2. Sniffing Around Hubs

   3. Sniffing in a Switched Environment

   4. Sniffing in a Routed Environment

   5. Network Maps

3. Chapter 3 INTRODUCTION TO WIRESHARK

   1. A Brief History of Wireshark

   2. The Benefits of Wireshark

   3. Installing Wireshark

   4. Wireshark Fundamentals

4. Chapter 4 WORKING WITH CAPTURED PACKETS

   1. Finding and Marking Packets

   2. Saving and Exporting Capture Files

   3. Merging Capture Files

   4. Printing Packets

   5. Time Display Formats and References

   6. Capture and Display Filters

5. Chapter 5 ADVANCED WIRESHARK FEATURES

   1. Name Resolution

   2. Protocol Dissection

   3. Following TCP Streams

   4. The Protocol Hierarchy Statistics Window

   5. Viewing Endpoints

   6. Conversations

   7. The IO Graphs Window

6. Chapter 6 COMMON PROTOCOLS

   1. Address Resolution Protocol

   2. Dynamic Host Configuration Protocol

   3. TCP/IP and HTTP

   4. Domain Name System

   5. File Transfer Protocol

   6. Telnet Protocol

   7. MSN Messenger Service

   8. Internet Control Message Protocol

   9. Final Thoughts

7. Chapter 7 BASIC CASE SCENARIOS

   1. A Lost TCP Connection

   2. Unreachable Destinations and ICMP Codes

   3. Fragmented Packets

   4. No Connectivity

   5. The Ghost in Internet Explorer

   6. Inbound FTP

   7. It's Not My Fault!

   8. An Evil Program

   9. Final Thoughts

8. Chapter 8 FIGHTING A SLOW NETWORK

   1. Anatomy of a Slow Download

   2. A Slow Route

   3. Double Vision

   4. Did That Server Flash Me?

   5. A Torrential Downfall

   6. POP Goes the Email Server

   7. Here's Something Gnu

   8. Final Thoughts

9. Chapter 9 SECURITY-BASED ANALYSIS

   1. OS Fingerprinting

   2. A Simple Port Scan

   3. The Flooded Printer

   4. An FTP Break-In

   5. Blaster Worm

   6. Covert Information

   7. A Hacker's Point of View

10. Chapter 10 SNIFFING INTO THIN AIR

    1. Sniffing One Channel at a Time

    2. Wireless Signal Interference

    3. Wireless Card Modes

    4. Sniffing Wirelessly in Windows

    5. Sniffing Wirelessly in Linux

    6. 802.11 Packet Extras

    7. Wireless-Specific Columns

    8. Wireless-Specific Filters

    9. A Bad Connection Attempt

    10. Final Thoughts

11. Chapter 11 FURTHER READING

1. AFTERWORD

2. COLOPHON