Learn Wireshark - Fundamentals of Wireshark

Learn Wireshark - Fundamentals of Wireshark

by Lisa Bock
Released August 2019
Publisher(s): Packt Publishing
ISBN: 9781789134506

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Grasp the basics of packet capture and analyze common protocols

Key Features

  • Troubleshoot basic to advanced network problems using packet analysis
  • Analyze common protocols and identify latency issues with Wireshark
  • Explore ways to examine captures to recognize unusual traffic and possible network attacks

Book Description

Wireshark is a popular and powerful packet analysis tool that helps network administrators investigate latency issues and identify potential attacks.

Learn Wireshark provides a solid overview of basic protocol analysis and helps you to navigate the Wireshark interface, so you can confidently examine common protocols such as TCP, IP, and ICMP. The book starts by outlining the benefits of traffic analysis, takes you through the evolution of Wireshark, and then covers the phases of packet analysis. We'll review some of the command line tools and outline how to download and install Wireshark on either a PC or MAC. You'll gain a better understanding of what happens when you tap into the data stream, and learn how to personalize the Wireshark interface. This Wireshark book compares the display and capture filters and summarizes the OSI model and data encapsulation. You'll gain insights into the protocols that move data in the TCP/IP suite, and dissect the TCP handshake and teardown process. As you advance, you'll explore ways to troubleshoot network latency issues, and discover how to save and export files. Finally, you'll see how you can share captures with your colleagues using Cloudshark.

By the end of this book, you'll have a solid understanding of how to monitor and secure your network with the most updated version of Wireshark.

What you will learn

  • Become familiar with the Wireshark interface
  • Navigate commonly accessed menu options such as edit, view, and file
  • Use display and capture filters to examine traffic
  • Understand the Open Systems Interconnection (OSI) model
  • Carry out deep packet analysis of the Internet suite: IP, TCP, UDP, ARP, and ICMP
  • Explore ways to troubleshoot network latency issues
  • Subset traffic, insert comments, save, export, and share packet captures

Who this book is for

This book is for network administrators, security analysts, students, teachers, and anyone interested in learning about packet analysis using Wireshark. Basic knowledge of network fundamentals, devices, and protocols along with an understanding of different topologies will be beneficial.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Learn Wireshark
  3. Dedication
  4. About Packt
    1. Why subscribe?
  5. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  7. Section 1: Traffic Capture Overview
  8. Appreciating Traffic Analysis
    1. Reviewing packet analysis
      1. Exploring early packet sniffers 
      2. Evaluating devices that use packet analysis
      3. Capturing network traffic
    2. Recognizing who benefits from using packet analysis
      1. Assisting developers
      2. Helping network administrators monitor the network
        1. Expert system and intelligent scrollbar
        2. Subsetting traffic, comment, save, and export
      3. Educating students on protocols
      4. Alerting security analysts of threats
      5. Arming hackers with information
        1. Outlining passive attacks
        2. Understanding active attacks
          1. Poisoning the cache
    3. Identifying where to use packet analysis
      1. Analyzing traffic on a LAN
        1. Sniffing traffic on a host
        2. Using packet analysis in the real world
    4. Outlining when to use packet analysis
      1. Troubleshooting latency issues
      2. Testing IoT devices
      3. Monitoring for threats
      4. Baselining the network
    5. Getting to know Wireshark
    6. Summary 
    7. Questions
  9. Using Wireshark NG
    1. Discovering the beginnings of today's Wireshark
      1. Developing Ethereal
    2. Examining the Wireshark interface
      1. Introducing Wireshark next generation
      2. Enhancements
      3. Authors
    3. Understanding the phases of packet analysis
      1. Gathering network traffic
        1. Capturing in promiscuous mode
        2. Using a capture engine
      2. Decoding the raw bits
        1. Enhanced Packet Analyzer (EPAN)
      3. Displaying the captured data
      4. Analyzing the packet capture
    4. Using command-line tools
      1. Exploring tshark
    5. Summary
    6. Questions
  10. Installing Wireshark on a PC or macOS
    1. Discovering support for different OS
      1. Using Wireshark on Windows
      2. Running Wireshark on Unix 
      3. Installing Wireshark on macOS
      4. Deploying Wireshark on Linux
        1. Downloading premade virtual images
      5. Working with Wireshark on other systems
    2. Comparing different capture engines
      1. Understanding libpcap
      2. Examining WinPcap
      3. Reviewing AirPCap
      4. Grasping Npcap
        1. Understanding Npcap features
    3. Performing a standard Windows installation
      1. Beginning the installation
      2. Choosing components
      3. Creating shortcuts and selecting an install location
      4. Capturing packets and completing the installation
    4. Reviewing the resources available at Wireshark.org
      1. Evaluating different download options
    5. Summary
    6. Questions
  11. Exploring the Wireshark Interface
    1. Understanding the Wireshark welcome screen
      1. Opening files
      2. Capturing traffic
      3. Learning about Wireshark
    2. Exploring the File menu
      1. Opening a file, close, and save
      2. Exporting packets, bytes, and objects
      3. Printing packets and closing Wireshark
    3. Discovering the Edit menu
      1. Copying items and finding packets
      2. Marking or ignoring packets
      3. Setting a time reference
      4. Personalizing your work area
    4. Exploring the View menu
      1. Enhancing the interface
      2. Adjusting time formats and name resolution
      3. Modifying the display
      4. Refreshing the view
    5. Summary
    6. Questions
  12. Section 2: Getting Started with Wireshark
  13. Tapping into the Data Stream
    1. Reviewing the network architecture
      1. Comparing different types of networks
        1. Discovering the PAN
        2. Checking out LANs
        3. Exploring CANs
        4. Navigating WANs
      2. Exploring various types of media
        1. Exploring copper
        2. Using fiber optic
        3. Discovering wireless
    2. Learning various capture methods
      1. Providing input
      2. Directing output
      3. Selecting options
    3. Tapping into the stream
      1. Comparing conversations and endpoints
    4. Realizing the importance of baselining
      1. Planning the baseline
      2. Capturing traffic
      3. Analyzing the captured traffic
      4. Saving the baselines
    5. Summary
    6. Questions
  14. Personalizing the Interface
    1. Personalizing the layout and general appearance
      1. Changing the layout
      2. Altering the appearance
    2. Creating a tailored configuration profile
    3. Adjusting columns, font, and colors
      1. Adding, editing, and deleting columns
        1. Demonstrating how to use field occurrence
      2. Refining the font and colors
    4. Adding comments
      1. Attaching comments to files
      2. Entering packet comments
      3. Viewing and saving comments
    5. Modifying complex expressions
      1. Creating expressions
      2. Crafting buttons
    6. Summary
    7. Questions
  15. Using Display and Capture Filters
    1. Filtering network traffic
      1. Comparing display and capture filters
    2. Comprehending display filters
      1. Using bookmarks
      2. Editing display filters
    3. Creating capture filters
      1. Saving to bookmarks
      2. Modifying capture filters
    4. Understanding the expression builder
      1. Building an expression
    5. Discovering shortcuts and handy filters
      1. Embracing filter shortcuts
      2. Applying useful filters
    6. Summary
    7. Questions
  16. Outlining the OSI Model
    1. Comprehending the OSI model
    2. Discovering the purpose, protocols, and PDUs
      1. Evaluating the application layer
        1. Exploring protocols and the PDU
      2. Understanding the presentation layer
        1. Describing the protocols and the PDU
      3. Learning about the session layer
        1. Recognizing protocols and the PDU
      4. Appreciating the transport layer
        1. Differentiating protocols and the PDU
          1. TCP
          2. UDP
        2. Providing port addressing
      5. Explaining the network layer
        1. Distinguishing the protocols and the PDU
          1. IP
          2. ARP
          3. ICMP
        2. Supplying an IP address for the packet
      6. Examining the data link layer
        1. Investigating protocols and the PDU
        2. Describing the data link layer address
      7. Traveling over the physical layer
        1. Exemplifying protocols and the PDU
    3. Exploring the encapsulation process
      1. Viewing the data
      2. Identifying the segment
      3. Identifying the packet
      4. Forming the frame
    4. Demonstrating frame formation in Wireshark
      1. Examining the network bindings
    5. Summary
    6. Questions
  17. Section 3: The Internet Suite TCP/IP
  18. Decoding TCP and UDP
    1. Reviewing the purpose of the transport layer
    2. Describing TCP
      1. Exploring a single TCP frame
    3. Examining the eleven-field TCP header
      1. Navigating the TCP header fields
        1. Exploring TCP ports
        2. Sequencing and acknowledging data
        3. Following the flags
        4. Dissecting the window size
        5. Additional header values
    4. Understanding UDP
      1. A single UDP frame
    5. Discovering the four-field UDP header
      1. Analyzing the UDP header fields
    6. Summary
    7. Questions
  19. Managing TCP Connections
    1. Dissecting the three-way handshake
      1. Isolating a single stream
        1. Marking the TCP handshake
      2. Identifying the handshake packets
        1. Sending the SYN packet
        2. Returning the SYN-ACK packet
        3. Finalizing with an ACK packet
    2. Learning TCP options
      1. Grasping the EOL
      2. Using NOP
      3. Defining the MSS
      4. Scaling the window size
      5. Permitting SACK
      6. Using timestamps
    3. Understanding TCP protocol preferences
      1. Modifying TCP preferences
    4. Tearing down a connection
    5. Summary
    6. Questions
  20. Analyzing IPv4 and IPv6
    1. Understanding the purpose of the IP
    2. Outlining IPv4
      1. Dissecting the IPv4 header
        1. Discovering the version and the length
        2. Breaking down the type of service
          1. Ensuring QoS
          2. Sending an ECN
        3. Fragmenting the data
        4. Viewing TTL, protocol, and checksum
        5. Learning IPv4 addressing
          1. Comparing IPv4 classes and addresses
          2. Reviewing special and private IP addressing
      2. Modifying options for IPv4
    3. Exploring IPv6
      1. Navigating the IPv6 header fields
        1. Identifying the version, traffic class, and flow label
        2. Evaluating the length, next header, and hop limit
        3. Examining IPv6 addresses and address types
        4. Comparing IPv6 address types
    4. Editing protocol preferences
      1. Reviewing IPv4 preferences
      2. Adjusting preferences for IPv6
    5. Discovering tunneling protocols
    6. Summary
    7. Questions
  21. Discovering ICMP
    1. Understanding the purpose of ICMP
      1. Understanding the ICMP header
      2. Investigating the data payload
    2. Dissecting ICMPv4 and ICMPv6
      1. Reviewing ICMPv4
      2. Outlining ICMPv6
    3. Sending ICMP messages
      1. Reporting errors
      2. Issuing queries
        1. Providing information using ICMPv6
    4. Evaluating type and code values
      1. Reviewing ICMP type and code values
      2. Defining ICMPv6 type and code values
    5. Configuring firewall rules
      1. Sending malicious ping sweeps
      2. Allowing only necessary types
    6. Summary
    7. Questions
  22. Understanding ARP
    1. Understanding the role and purpose of ARP
      1. Resolving MAC addresses
      2. Investigating an ARP cache
      3. Replacing ARP with NDP in IPv6
    2. Exploring ARP headers and fields
      1. Identifying a standard ARP request/reply 
      2. Breaking down the ARP header fields
    3. Examining different types of ARP
      1. Reversing ARP
      2. Evaluating InARP
      3. Issuing a gratuitous ARP
      4. Working on behalf of ARP
    4. Analyzing ARP attacks
      1. Comparing ARP attacks and tools
        1. Discovering ARP spoofing
        2. Reviewing the ARP storm
        3. Understanding ARP attack tools
      2. Defending against ARP attacks
    5. Summary
    6. Questions
  23. Section 4: Working with Packet Captures
  24. Troubleshooting Latency Issues
    1. Analyzing latency issues
      1. Grasping latency, throughput, and packet loss
        1. Computing latency
        2. Measuring throughput
        3. Experiencing packet loss
      2. Learning the importance of time values
    2. Understanding the coloring rules
    3. Exploring the Intelligent Scrollbar
      1. Common transmission errors
        1. Seeing duplicate acknowledgments
        2. Observing keep-alive segments
        3. Issuing retransmissions
    4. Discovering the expert system
      1. Viewing the column headers
      2. Assessing the severity
      3. Organizing the information
        1. Sorting the data
      4. Searching for values
    5. Summary
    6. Questions
  25. Subsetting, Saving, and Exporting Captures
    1. Discovering ways to subset traffic
      1. Dissecting the capture by IP address
      2. Narrowing down by conversations
      3. Minimizing by port number
      4. Breaking down by protocol
      5. Subsetting by stream
    2. Understanding options to save a file
      1. Using Save as
    3. Recognizing ways to export components
      1. Selecting specified packets
      2. Exporting various objects
    4. Identifying why and how to add comments
      1. Providing file and packet comments
      2. Saving and viewing comments
    5. Summary
    6. Questions
  26. Using CloudShark for Packet Analysis
    1. Diving into an overview of CS
      1. Finding CS
    2. Sharing captures in CS 
      1. Modifying the preferences
      2. Uploading captures
    3. Outlining the various filters and graphs
      1. Displaying data using filters
      2. Viewing data using graphs
    4. Evaluating the different analysis tools
      1. Following the stream and view conversations
      2. Viewing packet lengths and VoIP activity
      3. Exploring wireless, protocols, and possible threats
    5. Discovering where to find sample captures
      1. Downloading captures
    6. Summary
    7. Questions
  27. Assessment
    1. Chapter 1: Appreciating Traffic Analysis
    2. Chapter 2: Using Wireshark NG
    3. Chapter 3: Installing on a PC or macOS
    4. Chapter 4: Exploring the Wireshark Interface
    5. Chapter 5: Tapping into the Data Stream
    6. Chapter 6: Personalizing the Interface
    7. Chapter 7: Using Display and Capture Filters
    8. Chapter 8: Outlining the OSI Model
    9. Chapter 9: Decoding TCP and UDP
    10. Chapter 10: Managing TCP Connections
    11. Chapter 11: Analyzing IPv4 and IPv6
    12. Chapter 12: Discovering ICMP
    13. Chapter 13: Understanding ARP
    14. Chapter 14: Troubleshooting Latency Issues
    15. Chapter 15: Subsetting, Saving, and Exporting Captures
    16. Chapter 16:Using CloudShark for Packet Analysis
  28. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Learn Wireshark - Fundamentals of Wireshark
  • Author(s): Lisa Bock
  • Release date: August 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781789134506