Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright Page Brief Contents Contents in Detail Acknowledgments Introduction
Why This Book? Concepts and Approach How to Use This Book About the Sample Capture Files The Rural Technology Fund Contacting Me
Chapter 1: Packet Analysis and Network Basics
Packet Analysis and Packet Sniffers
Evaluating a Packet Sniffer How Packet Sniffers Work
How Computers Communicate
Protocols The Seven-Layer OSI Model Network Hardware
Traffic Classifications
Broadcast Traffic Multicast Traffic Unicast Traffic
Final Thoughts
Chapter 2: Tapping into the Wire
Living Promiscuously Sniffing Around Hubs Sniffing in a Switched Environment
Port Mirroring Hubbing Out Using a Tap ARP Cache Poisoning
Sniffing in a Routed Environment Sniffer Placement in Practice
Chapter 3: Introduction to Wireshark
A Brief History of Wireshark The Benefits of Wireshark Installing Wireshark
Installing on Windows Systems Installing on Linux Systems Installing on OS X Systems
Wireshark Fundamentals
Your First Packet Capture Wireshark’s Main Window Wireshark Preferences Packet Color Coding
Configuration Files Configuration Profiles
Chapter 4: Working with Captured Packets
Working with Capture Files
Saving and Exporting Capture Files Merging Capture Files
Working with Packets
Finding Packets Marking Packets Printing Packets
Setting Time Display Formats and References
Time Display Formats Packet Time Referencing Time Shifting
Setting Capture Options
Input Tab Output Tab Options Tab
Using Filters
Capture Filters Display Filters Saving Filters Adding Display Filters to a Toolbar
Chapter 5: Advanced Wireshark Features
Endpoints and Network Conversations
Viewing Endpoint Statistics Viewing Network Conversations Identifying Top Talkers with Endpoints and Conversations
Protocol Hierarchy Statistics Name Resolution
Enabling Name Resolution Potential Drawbacks to Name Resolution Using a Custom hosts File Manually Initiated Name Resolution
Protocol Dissection
Changing the Dissector Viewing Dissector Source Code
Following Streams
Following SSL Streams
Packet Lengths Graphing
Viewing IO Graphs Round-Trip Time Graphing Flow Graphing
Expert Information
Chapter 6: Packet Analysis on the Command Line
Installing TShark Installing tcpdump Capturing and Saving Packets Manipulating Output Name Resolution Applying Filters Time Display Formats in TShark Summary Statistics in TShark Comparing TShark and tcpdump
Chapter 7: Network Layer Protocols
Address Resolution Protocol (ARP)
ARP Packet Structure Packet 1: ARP Request Packet 2: ARP Response Gratuitous ARP
Internet Protocol (IP)
Internet Protocol Version 4 (IPv4) Internet Protocol Version 6 (IPv6)
Internet Control Message Protocol (ICMP)
ICMP Packet Structure ICMP Types and Messages Echo Requests and Responses traceroute ICMP Version 6 (ICMPv6)
Chapter 8: Transport Layer Protocols
Transmission Control Protocol (TCP)
TCP Packet Structure TCP Ports The TCP Three-Way Handshake TCP Teardown TCP Resets
User Datagram Protocol (UDP)
UDP Packet Structure
Chapter 9: Common Upper-Layer Protocols
Dynamic Host Configuration Protocol (DHCP)
DHCP Packet Structure The DHCP Initialization Process DHCP In-Lease Renewal DHCP Options and Message Types DHCP Version 6 (DHCPv6)
Domain Name System (DNS)
DNS Packet Structure A Simple DNS Query DNS Question Types DNS Recursion DNS Zone Transfers
Hypertext Transfer Protocol (HTTP)
Browsing with HTTP Posting Data with HTTP
Simple Mail Transfer Protocol (SMTP)
Sending and Receiving Email Tracking an Email Message Sending Attachments via SMTP
Final Thoughts
Chapter 10: Basic Real-World Scenarios
Missing Web Content
Tapping into the Wire Analysis Lessons Learned
Unresponsive Weather Service
Tapping into the Wire Analysis Lessons Learned
No Internet Access
Gateway Configuration Problems Unwanted Redirection Upstream Problems
Inconsistent Printer
Tapping into the Wire Analysis Lessons Learned
No Branch Office Connectivity
Tapping into the Wire Analysis Lessons Learned
Software Data Corruption
Tapping into the Wire Analysis Lessons Learned
Final Thoughts
Chapter 11: Fighting a Slow Network
TCP Error-Recovery Features
TCP Retransmissions TCP Duplicate Acknowledgments and Fast Retransmissions
TCP Flow Control
Adjusting the Window Size Halting Data Flow with a Zero Window Notification The TCP Sliding Window in Practice
Learning from TCP Error-Control and Flow-Control Packets Locating the Source of High Latency
Normal Communications Slow Communications: Wire Latency Slow Communications: Client Latency Slow Communications: Server Latency Latency Locating Framework
Network Baselining
Site Baseline Host Baseline Application Baseline Additional Notes on Baselines
Final Thoughts
Chapter 12: Packet Analysis for Security
Reconnaissance
SYN Scan Operating System Fingerprinting
Traffic Manipulation
ARP Cache Poisoning Session Hijacking
Malware
Operation Aurora Remote-Access Trojan
Exploit Kit and Ransomware Final Thoughts
Chapter 13: Wireless Packet Analysis
Physical Considerations
Sniffing One Channel at a Time Wireless Signal Interference Detecting and Analyzing Signal Interference
Wireless Card Modes Sniffing Wirelessly in Windows
Configuring AirPcap Capturing Traffic with AirPcap
Sniffing Wirelessly in Linux 802.11 Packet Structure Adding Wireless-Specific Columns to the Packet List Pane Wireless-Specific Filters
Filtering Traffic for a Specific BSS ID Filtering Specific Wireless Packet Types Filtering a Specific Frequency
Saving a Wireless Profile Wireless Security
Successful WEP Authentication Failed WEP Authentication Successful WPA Authentication Failed WPA Authentication
Final Thoughts
Appendix A: Further Reading
Packet Analysis Tools
CloudShark WireEdit Cain & Abel Scapy TraceWrangler Tcpreplay NetworkMiner CapTipper ngrep libpcap Npcap hping Python
Packet Analysis Resources
Wireshark’s Home Page Practical Packet Analysis Online Course SANS’s Security Intrusion Detection In-Depth Course Chris Sanders’s Blog Brad Duncan’s Malware Traffic Analysis IANA’s Website W. Richard Stevens’s TCP/IP Illustrated Series The TCP/IP Guide
Appendix B: Navigating Packets
Packet Representation Using Packet Diagrams Navigating a Mystery Packet Final Thoughts
Index The Electronic Frontier Foundation (EFF) DON’T JUST STARE AT CAPTURED PACKETS. ANALYZE THEM
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion