It's easy enough to install Wireshark and begin capturing packets off the wire--or from the air. But how do you interpret those packets once you've captured them? And how can those packets help you to better understand what's going on under the hood of your network? Practical Packet Analysis shows how to use Wireshark to capture and then analyze packets as you take an indepth look at real-world packet analysis and network troubleshooting. The way the pros do it.
Wireshark (derived from the Ethereal project), has become the world's most popular network sniffing application. But while Wireshark comes with documentation, there's not a whole lot of information to show you how to use it in real-world scenarios. Practical Packet Analysis shows you how to:
- Use packet analysis to tackle common network problems, such as loss of connectivity, slow networks, malware infections, and more
- Build customized capture and display filters
- Tap into live network communication
- Graph traffic patterns to visualize the data flowing across your network
- Use advanced Wireshark features to understand confusing packets
- Build statistics and reports to help you better explain technical network information to non-technical users
Because net-centric computing requires a deep understanding of network communication at the packet level, Practical Packet Analysis is a must have for any network technician, administrator, or engineer troubleshooting network problems of any kind.
PRACTICAL PACKET ANALYSIS......Page 1
CONTENTS IN DETAIL......Page 11
Acknowledgments......Page 17
Introduction......Page 19
Concepts and Approach......Page 20
About the Example Capture Files......Page 22
1: Packet Analysis and Network Basics......Page 23
User Friendliness......Page 24
Analysis......Page 25
The Seven-Layer OSI Model......Page 26
Protocol Interaction......Page 28
Data Encapsulation......Page 29
Network Hardware......Page 30
Traffic Classifications......Page 34
2: Tapping into the Wire......Page 37
Sniffing Around Hubs......Page 38
Port Mirroring......Page 40
Hubbing Out......Page 41
ARP Cache Poisoning......Page 42
Using Cain & Abel......Page 43
Sniffing in a Routed Environment......Page 46
Network Maps......Page 47
A Brief History of Wireshark......Page 49
Program Support......Page 50
Installing on Windows Systems......Page 51
Your First Packet Capture......Page 53
The Main Window......Page 55
The Preferences Dialog......Page 56
Packet Color Coding......Page 57
Finding and Marking Packets......Page 61
Marking Packets......Page 62
Saving Capture Files......Page 63
Merging Capture Files......Page 64
Time Display Formats......Page 65
Packet Time Referencing......Page 66
Capture Filters......Page 67
Display Filters......Page 68
The Filter Expression Syntax Structure (the Hard Way)......Page 69
Saving Filters......Page 71
Name Resolution......Page 73
Potential Drawbacks to Name Resolution......Page 74
Protocol Dissection......Page 75
Following TCP Streams......Page 77
The Protocol Hierarchy Statistics Window......Page 78
Viewing Endpoints......Page 79
Conversations......Page 80
The IO Graphs Window......Page 81
6: Common Protocols......Page 83
Dynamic Host Configuration Protocol......Page 84
Establishing the Session......Page 86
HTTP Request and Transmission......Page 88
Terminating the Session......Page 89
Domain Name System......Page 90
File Transfer Protocol......Page 91
SIZE Command......Page 92
Telnet Protocol......Page 93
MSN Messenger Service......Page 94
Final Thoughts......Page 97
A Lost TCP Connection......Page 99
Unreachable Destination......Page 101
Unreachable Port......Page 102
Determining Whether a Packet Is Fragmented......Page 103
Keeping Things in Order......Page 104
No Connectivity......Page 105
Analysis......Page 106
Tapping into the Wire......Page 108
Analysis......Page 109
Analysis......Page 110
Analysis......Page 112
Tapping into the Wire......Page 114
Analysis......Page 115
Summary......Page 119
Final Thoughts......Page 120
8: Fighting a Slow Network......Page 121
Anatomy of a Slow Download......Page 122
Tapping into the Wire......Page 126
Analysis......Page 127
Summary......Page 128
Analysis......Page 129
Tapping into the Wire......Page 131
Analysis......Page 132
Tapping into the Wire......Page 133
Analysis......Page 134
Summary......Page 135
Analysis......Page 136
Here’s Something Gnu......Page 137
Analysis......Page 138
Final Thoughts......Page 141
OS Fingerprinting......Page 143
A Simple Port Scan......Page 144
Analysis......Page 145
An FTP Break-In......Page 146
Analysis......Page 147
Analysis......Page 149
Summary......Page 150
Analysis......Page 151
What We Know......Page 152
Analysis......Page 153
Summary......Page 155
Sniffing One Channel at a Time......Page 157
Wireless Card Modes......Page 158
Configuring AirPcap......Page 160
Capturing Traffic with AirPcap......Page 162
Sniffing Wirelessly in Linux......Page 163
802.11 Packet Extras......Page 164
The Beacon Frame......Page 165
Wireless-Specific Columns......Page 166
Wireless-Specific Filters......Page 167
Filtering Specific Data Types......Page 168
Analysis......Page 170
Final Thoughts......Page 172
11: Further Reading......Page 173
Afterword......Page 176
Index......Page 177
