Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network?

With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You'll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you're on your way to packet analysis proficiency.

Learn how to:

  • Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
  • Build customized capture and display filters
  • Monitor your network in real-time and tap live network communications
  • Graph traffic patterns to visualize the data flowing across your network
  • Use advanced Wireshark features to understand confusing captures
  • Build statistics and reports to help you better explain technical network information to non-techies

Practical Packet Analysis is a must for any network technician, administrator, or engineer. Stop guessing and start troubleshooting the problems on your network.

Author(s): Chris Sanders
Edition: Second Edition
Publisher: No Starch Press
Year: 2011

Language: English
Pages: 284
Tags: Библиотека;Компьютерная литература;Компьютерные сети;

Copyright......Page 6
Acknowledgments......Page 17
Why This Book?......Page 19
Concepts and Approach......Page 20
How to Use This Book......Page 21
Contacting Me......Page 22
1: Packet Analysis and Network Basics
......Page 23
Evaluating a Packet Sniffer......Page 24
How Packet Sniffers Work......Page 25
Protocols......Page 26
The Seven-Layer OSI Model......Page 27
Data Encapsulation......Page 30
Network Hardware......Page 32
Broadcast Traffic......Page 36
Unicast Traffic......Page 37
Final Thoughts......Page 38
2: Tapping into the Wire
......Page 39
Living Promiscuously......Page 40
Sniffing Around Hubs......Page 41
Sniffing in a Switched Environment......Page 42
Port Mirroring......Page 43
Hubbing Out......Page 44
Using a Tap......Page 46
ARP Cache Poisoning......Page 48
Sniffing in a Routed Environment......Page 52
Sniffer Placement in Practice......Page 53
A Brief History of Wireshark......Page 57
The Benefits of Wireshark......Page 58
Installing on Microsoft Windows Systems......Page 59
Installing on Linux Systems......Page 61
Installing on Mac OS X Systems......Page 62
Your First Packet Capture......Page 63
Wireshark’s Main Window......Page 64
Wireshark Preferences......Page 65
Packet Color Coding......Page 67
Working with Capture Files......Page 69
Saving and Exporting Capture Files......Page 70
Working with Packets......Page 71
Finding Packets......Page 72
Printing Packets......Page 73
Packet Time Referencing......Page 74
Capture Settings......Page 75
Capture File(s) Settings......Page 76
Stop Capture Settings......Page 77
Capture Filters......Page 78
Display Filters......Page 84
Saving Filters......Page 87
Network Endpoints and Conversations......Page 89
Viewing Endpoints......Page 90
Viewing Network Conversations......Page 91
Troubleshooting with the Endpoints and Conversations Windows......Page 92
Protocol Hierarchy Statistics......Page 93
Name Resolution......Page 94
Potential Drawbacks to Name Resolution......Page 95
Changing the Dissector......Page 96
Following TCP Streams......Page 98
Packet Lengths......Page 100
Viewing IO Graphs......Page 101
Round-Trip Time Graphing......Page 103
Expert Information......Page 104
6: Common Lower-Layer Protocols
......Page 107
Address Resolution Protocol......Page 108
The ARP Header......Page 109
Packet 1: ARP Request......Page 110
Gratuitous ARP......Page 111
IP Addresses......Page 113
The IPv4 Header......Page 114
Time to Live......Page 115
IP Fragmentation......Page 117
The TCP Header......Page 120
TCP Ports......Page 121
The TCP Three-Way Handshake......Page 123
TCP Teardown......Page 125
User Datagram Protocol......Page 127
The UDP Header......Page 128
ICMP Types and Messages......Page 129
Echo Requests and Responses......Page 130
Traceroute......Page 132
Dynamic Host Configuration Protocol......Page 135
The DHCP Packet Structure......Page 136
The DHCP Renewal Process......Page 137
DHCP In-Lease Renewal......Page 141
Domain Name System......Page 142
The DNS Packet Structure......Page 143
A Simple DNS Query......Page 144
DNS Recursion......Page 146
DNS Zone Transfers......Page 149
Browsing with HTTP......Page 151
Posting Data with HTTP......Page 153
Final Thoughts......Page 154
8: Basic Real-World Scenarios
......Page 155
Capturing Twitter Traffic......Page 156
Capturing Facebook Traffic......Page 159
Using the Conversations Window......Page 162
Using the Protocol Hierarchy Statistics Window......Page 163
Viewing DNS Traffic......Page 164
Viewing HTTP Requests......Page 165
No Internet Access: Configuration Problems......Page 166
No Internet Access: Unwanted Redirection......Page 169
No Internet Access: Upstream Problems......Page 172
Inconsistent Printer......Page 175
Stranded in a Branch Office......Page 177
Ticked-Off Developer......Page 181
Final Thoughts......Page 185
9: Fighting a Slow Network
......Page 187
TCP Retransmissions......Page 188
TCP Duplicate Acknowledgments and Fast Retransmissions......Page 191
TCP Flow Control......Page 195
Adjusting the Window Size......Page 196
The TCP Sliding Window in Practice......Page 197
Learning from TCP Error-Control and Flow-Control Packets......Page 200
Locating the Source of High Latency......Page 201
Slow Communications—Wire Latency......Page 202
Slow Communications—Client Latency......Page 203
Latency Locating Framework......Page 204
Network Baselining......Page 205
Site Baseline......Page 206
Host Baseline......Page 207
Additional Notes on Baselines......Page 208
Final Thoughts......Page 209
10: Packet Analysis for Security
......Page 211
SYN Scan......Page 212
Operating System Fingerprinting......Page 216
Operation Aurora......Page 219
ARP Cache Poisoning......Page 224
Remote-Access Trojan......Page 228
Final Thoughts......Page 235
11: Wireless Packet Analysis
......Page 237
Sniffing One Channel at a Time......Page 238
Detecting and Analyzing Signal Interference......Page 239
Wireless Card Modes......Page 240
Configuring AirPcap......Page 241
Capturing Traffic with AirPcap......Page 243
Sniffing Wirelessly in Linux......Page 244
802.11 Packet Structure......Page 245
Adding Wireless-Specific Columns to the Packet List Pane......Page 247
Filtering Traffic for a Specific BSS ID......Page 248
Filtering a Specific Frequency......Page 249
Wireless Security......Page 250
Successful WEP Authentication......Page 251
Failed WEP Authentication......Page 252
Successful WPA Authentication......Page 253
Failed WPA Authentication......Page 254
Final Thoughts......Page 255
tcpdump and Windump......Page 257
Netdude......Page 258
pcapr......Page 259
ngrep......Page 260
SANS Security Intrusion Detection In-Depth Course......Page 261
The TCP/IP Guide (No Starch Press)......Page 262