Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Network Analysis Using Wireshark 2 Cookbook Second Edition
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Sections
Getting ready
How to do it...
How it works...
There's more...
See also
Get in touch
Reviews
Introduction to Wireshark Version 2
Wireshark Version 2 basics
Locating Wireshark
Getting ready
How to do it...
Monitoring a server
Monitoring a router
Monitoring a firewall
Test access points and hubs
How it works...
There's more...
See also
Capturing data on virtual machines
Getting ready
How to do it...
Packet capture on a VM installed on a single hardware
Packet capture on a blade server
How it works...
Standard and distributed vSwitch
See also
Starting the capture of data
Getting ready
How to do it...
Capture on multiple interfaces
How to configure the interface you capture data from
Capture data to multiple files
Configure output parameters
Manage interfaces (under the Input tab)
Capture packets on a remote machine
Start capturing data – capture data on Linux/Unix machines
Collecting from a remote communication device
How it works...
There's more...
See also
Configuring the start window
Getting ready
The main menu
The main toolbar
Display filter toolbar
Status bar
How to do it...
Toolbars configuration
Main window configuration
Name resolution
Colorize packet list
Zoom
Mastering Wireshark for Network Troubleshooting
Introduction
Configuring the user interface, and global and protocol preferences
Getting ready
How to do it...
General appearance preferences
Layout preferences
Column preferences
Font and color preferences
Capture preferences
Filter expression preferences
Name resolution preferences
IPv4 preference configuration
TCP and UDP configuration
How it works...
There's more...
Importing and exporting files
Getting ready
How to do it...
Exporting an entire or partial file
Saving data in various formats
Printing data
How it works...
There's more...
Configuring coloring rules and navigation techniques
Getting ready
How to do it...
How it works...
See also
Using time values and summaries
Getting ready
How to do it...
How it works...
Building profiles for troubleshooting
Getting ready
How to do it...
How it works...
There's more...
See also
Using Capture Filters
Introduction
Configuring capture filters
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring Ethernet filters
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring hosts and network filters
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring TCP/UDP and port filters
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring compound filters
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring byte offset and payload matching filters
Getting ready
How to do it...
How it works...
There's more...
See also
Using Display Filters
Introduction
Configuring display filters
Getting ready
How to do it...
How it works...
There's more...
Configuring Ethernet, ARP, host, and network filters
Getting ready
How to do it...
How it works...
See also
Configuring TCP/UDP filters
Getting ready
TCP and UDP port number display filters
TCP header filters
How to do it...
How it works...
There's more...
See also
Configuring specific protocol filters
Getting ready
How to do it...
HTTP display filters
DNS display filters
FTP display filters
How it works...
See also
Configuring substring operator filters
Getting ready
How to do it...
How it works...
Configuring macros
Getting ready
How to do it...
How it works...
Using Basic Statistics Tools
Introduction
Using the statistics – capture file properties menu
Getting ready
How to do it...
How it works...
There's more...
Using the statistics – resolved addresses
Getting ready
How to do it...
How it works...
There's more
Using the statistics – protocol hierarchy menu
Getting ready
How to do it...
How it works...
There's more...
Using the statistics – conversations menu
Getting ready
How to do it...
How it works...
There's more...
Using the statistics – endpoints menu
Getting ready
How to do it...
How it works...
There's more...
Using the statistics – HTTP menu
Getting ready
How to do it...
How it works...
There's more...
Configuring a flow graph for viewing TCP flows
Getting ready
How to do it...
How it works...
There's more...
Creating IP-based statistics
Getting ready
How to do it...
How it works...
There's more...
Using Advanced Statistics Tools
Introduction
Configuring I/O graphs with filters for measuring network performance issues
Getting ready
How to do it...
How it works...
There's more...
Throughput measurements with I/O graphs
Getting ready
How to do it...
Measuring download/upload traffic
Measuring several streams between two end devices
Measuring application throughput
Measuring a TCP stream with TCP event analysis
How it works...
There's more...
Advanced I/O graph configurations with y axis parameters
Getting ready
How to do it...
Monitoring inter-frame time delta statistics
Monitoring the number of TCP events in a stream
Monitoring the number of field appearances
How it works...
There's more...
Getting information through TCP stream graphs – time/sequence (Steven's) window
Getting ready
How to do it...
How it works...
There's more...
Getting information through TCP stream graphs – time/sequences (TCP-trace) window
Getting ready
How to do it...
How it works...
There's more...
Getting information through TCP stream graphs – throughput window
Getting ready
How to do it...
How it works...
There's more...
Getting information through TCP stream graphs – round-trip-time window
Getting ready
How to do it...
How it works...
There's more...
Getting information through TCP stream graphs – window-scaling window
Getting ready
How to do it...
How it works...
There's more...
Using the Expert System
Introduction
The expert system window and how to use it for network troubleshooting
Getting ready
How to do it...
How it works...
There's more...
See also
Error events and what we can understand from them
Getting ready
How to do it...
How it works...
There's more...
See also
Warning events and what we can understand from them
Getting ready
How to do it...
How it works...
There's more...
See also
Note events and what we can understand from them
Getting ready
How to do it...
How it works...
There's more...
See also
Ethernet and LAN Switching
Introduction
Discovering broadcast and error storms
Getting ready
How to do it...
Spanning tree problems
A device that generates broadcasts
Fixed pattern broadcasts
How it works...
There's more...
See also
Analyzing spanning tree problems
Getting ready
How to do it...
Which STP version is running on the network?
Are there too many topology changes?
How it works...
Port states
There's more...
Analyzing VLANs and VLAN tagging issues
Getting ready
How to do it...
Monitoring traffic inside a VLAN
Viewing tagged frames going through a VLAN tagged port
How it works...
There's more...
See also
Wireless LAN
Skills learned
Introduction to wireless networks and standards
Understanding WLAN devices, protocols, and terminologies
Access point (AP)
Wireless LAN controller (WLC)
Wireless radio issues, analysis, and troubleshooting
Getting ready
How to do it...
Zero wireless connectivity
Poor or intermittent wireless connectivity
Capturing wireless LAN traffic
Capturing options
Getting ready
How to do it...
Wireless station not joining a specific SSID
Users not able to authenticate after successful association
There's more...
Network Layer Protocols and Operations
Introduction
The IPv4 principles of operations
IP addressing
IPv4 address resolution protocol operation and troubleshooting
Getting ready
How to do it...
ARP attacks and mitigations
ARP poisoning and man-in-the-middle attacks
Gratuitous ARP
ARP sweep-based DoS attacks
How it works...
ICMP – protocol operation, analysis, and troubleshooting
Getting ready
How to do it...
ICMP attacks and mitigations
ICMP flood attack
ICMP smurf attack
How it works...
Analyzing IPv4 unicast routing operations
Getting ready
How it works...
IP TTL failures and attacks
Duplicate IP addresses
Analyzing IP fragmentation failures
TCP path MTU discovery
How to do it...
Fragmentation-based attack
How it works...
IPv4 multicast routing operations
How it works...
There's more...
IPv6 principle of operations
IPv6 addressing
IPv6 extension headers
IPv6 extension headers and attacks
Getting ready
How to do it...
IPv6 fragmentation
How it works...
ICMPv6 – protocol operations, analysis, and troubleshooting
Getting ready
How to do it...
IPv6 auto configuration
Getting ready
How to do it...
How it works...
DHCPv6-based address assignment
Getting ready
How to do it...
How it works...
IPv6 neighbor discovery protocol operation and analysis
How to do it...
IPv6 duplicate address detection
How it works...
Transport Layer Protocol Analysis
Introduction
UDP principle of operation
UDP protocol analysis and troubleshooting
Getting ready
How to do it...
TCP principle of operation
Troubleshooting TCP connectivity problems
Getting ready
How to do it...
How it works...
There's more...
Troubleshooting TCP retransmission issues
Getting ready
How to do it...
Case 1 – retransmissions to many destinations
Case 2 – retransmissions on a single connection
Case 3 – retransmission patterns
Case 4 – retransmission due to a non-responsive application
Case 5 - retransmission due to delayed variations
Finding out what it is
How it works...
Regular operation of the TCP sequence/acknowledge mechanism
What are TCP retransmissions and what do they cause?
There's more...
See also
TCP sliding window mechanism
Getting ready
How to do it...
How it works...
TCP enhancements – selective ACK and timestamps
Getting ready
How to do it...
TCP selective acknowledgement option
TCP timestamp option
How it works...
TCP selective acknowledgement
TCP timestamp
There's more...
Troubleshooting TCP throughput
Getting ready
How to do it...
How it works...
FTP, HTTP/1, and HTTP/2
Introduction
Analyzing FTP problems
Getting ready
How to do it...
How it works...
There's more...
Filtering HTTP traffic
Getting ready
How to do it...
How it works...
HTTP methods
Status codes
There's more...
Configuring HTTP preferences
Getting ready
How to do it...
Custom HTTP headers fields
How it works...
There's more...
Analyzing HTTP problems
Getting ready
How to do it...
How it works...
There's more...
Exporting HTTP objects
Getting ready
How to do it...
How it works...
There's more...
HTTP flow analysis
Getting ready
How to do it...
How it works...
There's more...
Analyzing HTTPS traffic – SSL/TLS basics
Getting ready
How to do it...
How it works...
There's more...
DNS Protocol Analysis
Introduction
Analyzing DNS record types
Getting ready
How to do it...
How it works...
SOA record
A resource record
AAAA resource record
CNAME resource record
There's more...
Analyzing regular DNS operations
Getting ready
How to do it...
How it works...
DNS server assignment
DNS operation
DNS namespace
The resolving process
There's more...
Analyzing DNSSEC regular operations
Getting ready
How to do it...
How it works...
There's more...
Troubleshooting DNS performance
Getting ready
How to do it...
How it works...
There's more...
Analyzing Mail Protocols
Introduction
Normal operation of mail protocols
Getting ready
How to do it...
POP3 communications
IMAP communications
SMTP communications
How it works...
POP3
IMAP
SMTP
There's more...
SSL decryption in Wireshark
Analyzing POP, IMAP, and SMTP problems
Getting ready
How to do it...
How it works...
Filtering and analyzing different error codes
Getting ready
How to do it...
SMTP
IMAP
POP3
How it works...
There's more...
IMAP response code (RFC 5530)
POP3 response code (RFC 2449)
SMTP and SMTP error codes (RFC 3463)
Malicious and spam email analysis
Getting ready
How to do it...
How it works...
NetBIOS and SMB Protocol Analysis
Introduction
Understanding the NetBIOS protocol
Understanding the SMB protocol
How it works...
Analyzing problems in the NetBIOS/SMB protocols
Getting ready
How to do it...
General tests
Specific issues
There's more...
Example 1 – application freezing
Example 2 – broadcast storm caused by SMB
Analyzing the database traffic and common problems
Getting ready
How to do it...
How it works...
There's more...
Exporting SMB objects
Getting ready
How to do it...
How it works...
Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Getting ready
How to do it...
There's more...
Analyzing Microsoft Terminal Server and Citrix communications problems
Getting ready
How to do it...
How it works...
There's more...
Analyzing the database traffic and common problems
Getting ready
How to do it...
How it works...
There's more...
Analyzing SNMP
Getting ready
How to do it...
Polling a managed device with a wrong SNMP version
Polling a managed device with a wrong MIB object ID (OID)
How it works...
There's more...
Troubleshooting SIP, Multimedia, and IP Telephony
Introduction
IP telephony principle and normal operation
Getting ready
How to do it...
RTP operation
RTCP operation
How it works...
RTP principles of operation
The RTCP principle of operation
SIP principle of operation, messages, and error codes
Getting ready
How to do it...
How it works...
1xx codes – provisional/informational
2xx codes – success
3xx codes – redirection
4xx codes – client error
5xx codes – server error
6xx codes – global failure
Video over IP and RTSP
Getting ready
How to do it...
How it works...
There's more...
Wireshark features for RTP stream analysis and filtering
Getting ready
How to do it...
How it works...
Wireshark feature for VoIP call replay
Getting ready
How to do it...
How it works...
There's more...
Troubleshooting Bandwidth and Delay Issues
Introduction
Measuring network bandwidth and application traffic
Getting ready
How to do it...
How it works...
There's more...
Measurement of jitter and delay using Wireshark
Getting ready
How to do it...
How it works...
There's more...
Analyzing network bottlenecks, issues, and troubleshooting
Getting ready
How to do it...
How it works...
There's more...
Security and Network Forensics
Introduction
Discovering unusual traffic patterns
Getting ready
How to do it...
How it works...
There's more...
See also
Discovering MAC-based and ARP-based attacks
Getting ready
How to do it...
How it works...
There's more...
Discovering ICMP and TCP SYN/port scans
Getting ready
How to do it...
How it works...
There's more...
See also
Discovering DoS and DDoS attacks
Getting ready
How to do it...
How it works...
There's more...
Locating smart TCP attacks
Getting ready
How to do it
How it works...
There's more...
See also
Discovering brute force and application attacks
Getting ready
How to do it...
How it works...
There's more...
← Prev
Back
Next →
← Prev
Back
Next →