Packet Analysis with Wireshark
图书信息
| 作者 | Anish Nath |
| 出版社 | Packt Publishing |
| ISBN | 9781785885846 |
| 出版时间 | 2015-12-04 |
| 字数 | 73.2万 |
| 分类 | 进口书,外文原版书,电脑,网络 |
读书简介
Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing improved protocol analysis About This Book Gain hands-on experience of troubleshooting errors in TCP/IP and SSL protocols through practical use cases Identify and overcome security flaws in your network to get a deeper insight into security analysis This is a fast-paced book that focuses on quick and effective packet captures through practical examples and exercises Who This Book Is For If you are a network or system administrator who wants to effectively capture packets, a security consultant who wants to audit packet flows, or a white hat hacker who wants to view sensitive information and remediate it, this book is for you. This book requires decoding skills and a basic understanding of networking. What You Will Learn Utilize Wireshark's advanced features to analyze packet captures Locate the vulnerabilities in an application server Get to know more about protocols such as DHCPv6, DHCP, DNS, SNMP, and HTTP with Wireshark Capture network packets with tcpdump and snoop with examples Find out about security aspects such as OS-level ARP scanning Set up 802.11 WLAN captures and discover more about the WAN protocol Enhance your troubleshooting skills by understanding practical TCP/IP handshake and state diagrams In Detail Wireshark provides a very useful way to decode an RFC and examine it. The packet captures displayed in Wireshark give you an insight into the security and flaws of different protocols, which will help you perform the security research and protocol debugging. The book starts by introducing you to various packet analyzers and helping you find out which one best suits your needs. You will learn how to use the command line and the Wireshark GUI to capture packets by employing filters. Moving on, you will acquire knowledge about TCP/IP communication and its use cases. You will then get an understanding of the SSL/TLS flow with Wireshark and tackle the associated problems with it. Next, you will perform analysis on application-related protocols. We follow this with some best practices to analyze wireless traffic. By the end of the book, you will have developed the skills needed for you to identify packets for malicious attacks, intrusions, and other malware attacks. Style and approach This is an easy-to-follow guide packed with illustrations and equipped with lab exercises to help you reproduce scenarios using a sample program and command lines.
目录
Packet Analysis with Wireshark
Table of Contents
Packet Analysis with Wireshark
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Packet Analyzers
Uses for packet analyzers
Introducing Wireshark
Wireshark features
Wireshark's dumpcap and tshark
The Wireshark packet capture process
Other packet analyzer tools
Mobile packet capture
Summary
2. Capturing Packets
Guide to capturing packets
Capturing packets with Interface Lists
Common interface names
Capturing packets with Start options
Capturing packets with Capture Options
The capture filter options
Auto-capturing a file periodically
Troubleshooting
Wireshark user interface
The Filter toolbar
Filtering techniques
Filter examples
The Packet List pane
The Packet Details pane
The Packet Bytes pane
Wireshark features
Decode-As
Protocol preferences
The IO graph
Following the TCP stream
Exporting the displayed packet
Generating the firewall ACL rules
Tcpdump and snoop
References
Summary
3. Analyzing the TCP Network
Recapping TCP
TCP header fields
TCP states
TCP connection establishment and clearing
TCP three-way handshake
Handshake message – first step [SYN]
Handshake message – second step [SYN, ACK]
Handshake message – third step [ACK]
TCP data communication
TCP close sequence
Lab exercise
TCP troubleshooting
TCP reset sequence
RST after SYN-ACK
RST after SYN
Lab exercise
TCP CLOSE_WAIT
Lab exercise
How to resolve TCP CLOSE_STATE
TCP TIME_WAIT
TCP latency issues
Cause of latency
Identifying latency
Server latency example
Wire latency
Wireshark TCP sequence analysis
TCP retransmission
Lab exercise
TCP ZeroWindow
TCP Window Update
TCP Dup-ACK
References
Summary
4. Analyzing SSL/TLS
An introduction to SSL/TLS
SSL/TLS versions
The SSL/TLS component
The SSL/TLS handshake
Types of handshake message
Client Hello
Server Hello
Server certificate
Server Key Exchange
Client certificate request
Server Hello Done
Client certificate
Client Key Exchange
Client Certificate Verify
Change Cipher Spec
Finished
Application Data
Alert Protocol
Key exchange
The Diffie-Hellman key exchange
Elliptic curve Diffie-Hellman key exchange
RSA
Decrypting SSL/TLS
Decrypting RSA traffic
Decrypting DHE/ECHDE traffic
Forward secrecy
Debugging issues
Summary
5. Analyzing Application Layer Protocols
DHCPv6
DHCPv6 Wireshark filter
Multicast addresses
The UDP port information
DHCPv6 message types
Message exchanges
The four-message exchange
The two-message exchange
DHCPv6 traffic capture
BOOTP/DHCP
BOOTP/DHCP Wireshark filter
Address assignment
Capture DHCPv4 traffic
DNS
DNS Wireshark filter
Port
Resource records
DNS traffic
HTTP
HTTP Wireshark filter
HTTP use cases
Finding the top HTTP response time
Finding packets based on HTTP methods
Finding sensitive information in a form post
Using HTTP status code
References
Summary
6. WLAN Capturing
WLAN capture setup
The monitor mode
Analyzing the Wi-Fi networks
Frames
Management frames
Data frames
Control frames
802.11 auth process
802.1X EAPOL
The 802.11 protocol stack
Wi-Fi sniffing products
Summary
7. Security Analysis
Heartbleed bug
The Heartbleed Wireshark filter
Heartbleed Wireshark analysis
The Heartbleed test
Heartbleed recommendations
The DOS attack
SYN flood
SYN flood mitigation
ICMP flood
ICMP flood mitigation
SSL flood
Scanning
Vulnerability scanning
SSL scans
ARP duplicate IP detection
DrDoS
BitTorrent
Wireshark protocol hierarchy
Summary
Index
- 世界500强企业精细化管理工具系列--物业管理实用流程·制度·表格·文本(邵小云)
- 难惹(第2卷)(梦萌)
- Castle Rackrent(Maria Edgeworth)
- 00后整顿职场指南(赵雪)
- 软装设计师手册(简明敏)
- 物联网与智慧城市(邵泽华)
- 文治帝国:大宋300年的世运与人物【畅销书《一看就停不下来的中国史》作者重磅新书!】(艾公子)
- 唐代文学的文化视野(全二册)精中华书局出品(杜晓勤著)
