Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Wireshark Network Security
Table of Contents Wireshark Network Security Credits About the Author Acknowledgment About the Reviewers www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe? Free access for Packt account holders
Preface
What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support
Downloading the color images of this book Errata Piracy Questions
1. Getting Started with Wireshark – What, Why, and How?
Sniffing
The purpose of sniffing Packet analysis
The tools of the trade What is Wireshark? The Wireshark interface – Before starting the capture
Title Menu Main toolbar Filter toolbar Capture frame Capture Help The Files menu Online The Status bar
First packet capture Summary
2. Tweaking Wireshark
Filtering our way through Wireshark
Capture filters Display filters
The list of display filters
Wireshark profiles
Creating a new profile
Essential techniques in Wireshark
The Summary window The Protocol Hierarchy window The Conversations window The Endpoints window The Expert Infos window
Wireshark command-line fu
tshark
Starting the capture Saving the capture to a file Using filters Statistics
capinfos editcap mergecap
Summary
3. Analyzing Threats to LAN Security
Analyzing clear-text traffic
Viewing credentials in Wireshark
FTP Telnet HTTP TFTP
Reassembling data stream
Case study
Examining sniffing attacks
MAC flooding ARP poisoning
Analyzing network reconnaissance techniques
Examining network scanning activities
Detect the scanning activity for live machines
Ping sweep ARP sweep
Identify port scanning attempts
A TCP Connect scan
Wireshark's Flow Graph Wireshark's Expert Info Wireshark's Conversations
Stealth scan
Wireshark's Flow Graph Wireshark's Expert Info Wireshark's Conversations
NULL scan UDP scan
Other scanning attempts
ACK scan IP Protocol scan
OS fingerprinting attempts
Detect password cracking attempts
Brute-force attacks
Identifying POP3 password cracking HTTP basic authentication
Dictionary-based attacks
Detecting FTP password cracking
Miscellaneous attacks
FTP bounce attack DNS zone transfer SSL stripping attack
Complementary tools to Wireshark
Xplico Sysdig Pcap2XML SSHFlow
Important display filters
Filters based on protocols
DNS FTP HTTP
Filters based on unique signatures and regular expressions
Regular expressions
Nailing the CTF challenge Summary
4. Probing E-mail Communications
E-mail forensics challenges
Challenge 1 – Normal login session Challenge 2 – Corporate espionage
Analyzing attacks on e-mail communications
Detecting SMTP enumeration
Using auxiliary module in Metasploit
Analyzing SMTP relay attack
Important filters Summary
5. Inspecting Malware Traffic
Gearing up Wireshark
Updated columns Updated coloring rules Important display filters
Malicious traffic analysis
Case study – Blackhole exploit kit
Protocols in action The IP address of the infected box Any unusual port number A compromised website Infected file(s) Conclusion
IRC botnet(s)
Inspection
Summary
6. Network Performance Analysis
Creating a custom profile for troubleshooting Optimization before analysis TCP-based issues Case study 1 – Slow Internet
Analysis
Case study 2 – Sluggish downloads
Analysis
Case study 3 – Denial of Service
SYN flood
Summary
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion