Practical packet analysis : using Wireshark to solve real-world network problems

Practical packet analysis using Wireshark to solve real-world network problems

This significantly revised and expanded second edition of Practical Packet Analysis shows you how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems.

Detalles Bibliográficos
Autor principal: Sanders, Chris, 1986- (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: San Francisco : No Starch Press 2011.
Edición:2nd ed
Materias:
Wireshark.
Computer network protocols.
Packet switching (Data transmission)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628460306719
Tabla de Contenidos:
  • Intro
  • Acknowledgments
  • Introduction
  • Why This Book?
  • Concepts and Approach
  • How to Use This Book
  • About the Sample Capture Files
  • The Rural Technology Fund
  • Contacting Me
  • 1: Packet Analysis and Network Basics
  • Packet Analysis and Packet Sniffers
  • Evaluating a Packet Sniffer
  • How Packet Sniffers Work
  • How Computers Communicate
  • Protocols
  • The Seven-Layer OSI Model
  • Data Encapsulation
  • Network Hardware
  • Traffic Classifications
  • Broadcast Traffic
  • Multicast Traffic
  • Unicast Traffic
  • Final Thoughts
  • 2: Tapping into the Wire
  • Living Promiscuously
  • Sniffing Around Hubs
  • Sniffing in a Switched Environment
  • Port Mirroring
  • Hubbing Out
  • Using a Tap
  • ARP Cache Poisoning
  • Sniffing in a Routed Environment
  • Sniffer Placement in Practice
  • 3: Introduction to Wireshark
  • A Brief History of Wireshark
  • The Benefits of Wireshark
  • Installing Wireshark
  • Installing on Microsoft Windows Systems
  • Installing on Linux Systems
  • Installing on Mac OS X Systems
  • Wireshark Fundamentals
  • Your First Packet Capture
  • Wireshark's Main Window
  • Wireshark Preferences
  • Packet Color Coding
  • 4: Working with Captured Packets
  • Working with Capture Files
  • Saving and Exporting Capture Files
  • Merging Capture Files
  • Working with Packets
  • Finding Packets
  • Marking Packets
  • Printing Packets
  • Setting Time Display Formats and References
  • Time Display Formats
  • Packet Time Referencing
  • Setting Capture Options
  • Capture Settings
  • Capture File(s) Settings
  • Stop Capture Settings
  • Display Options
  • Name Resolution Settings
  • Using Filters
  • Capture Filters
  • Display Filters
  • Saving Filters
  • 5: Advanced Wireshark Features
  • Network Endpoints and Conversations
  • Viewing Endpoints
  • Viewing Network Conversations
  • Troubleshooting with the Endpoints and Conversations Windows.
  • Protocol Hierarchy Statistics
  • Name Resolution
  • Enabling Name Resolution
  • Potential Drawbacks to Name Resolution
  • Protocol Dissection
  • Changing the Dissector
  • Viewing Dissector Source Code
  • Following TCP Streams
  • Packet Lengths
  • Graphing
  • Viewing IO Graphs
  • Round-Trip Time Graphing
  • Flow Graphing
  • Expert Information
  • 6: Common Lower-Layer Protocols
  • Address Resolution Protocol
  • The ARP Header
  • Packet 1: ARP Request
  • Packet 2: ARP Response
  • Gratuitous ARP
  • Internet Protocol
  • IP Addresses
  • The IPv4 Header
  • Time to Live
  • IP Fragmentation
  • Transmission Control Protocol
  • The TCP Header
  • TCP Ports
  • The TCP Three-Way Handshake
  • TCP Teardown
  • TCP Resets
  • User Datagram Protocol
  • The UDP Header
  • Internet Control Message Protocol
  • The ICMP Header
  • ICMP Types and Messages
  • Echo Requests and Responses
  • Traceroute
  • 7: Common Upper-Layer Protocols
  • Dynamic Host Configuration Protocol
  • The DHCP Packet Structure
  • The DHCP Renewal Process
  • DHCP In-Lease Renewal
  • DHCP Options and Message Types
  • Domain Name System
  • The DNS Packet Structure
  • A Simple DNS Query
  • DNS Question Types
  • DNS Recursion
  • DNS Zone Transfers
  • Hypertext Transfer Protocol
  • Browsing with HTTP
  • Posting Data with HTTP
  • Final Thoughts
  • 8: Basic Real-World Scenarios
  • Social Networking at the Packet Level
  • Capturing Twitter Traffic
  • Capturing Facebook Traffic
  • Comparing Twitter vs. Facebook Methods
  • Capturing ESPN.com Traffic
  • Using the Conversations Window
  • Using the Protocol Hierarchy Statistics Window
  • Viewing DNS Traffic
  • Viewing HTTP Requests
  • Real-World Problems
  • No Internet Access: Configuration Problems
  • No Internet Access: Unwanted Redirection
  • No Internet Access: Upstream Problems
  • Inconsistent Printer
  • Stranded in a Branch Office
  • Ticked-Off Developer.
  • Final Thoughts
  • 9: Fighting a Slow Network
  • TCP Error-Recovery Features
  • TCP Retransmissions
  • TCP Duplicate Acknowledgments and Fast Retransmissions
  • TCP Flow Control
  • Adjusting the Window Size
  • Halting Data Flow with a Zero Window Notification
  • The TCP Sliding Window in Practice
  • Learning from TCP Error-Control and Flow-Control Packets
  • Locating the Source of High Latency
  • Normal Communications
  • Slow Communications-Wire Latency
  • Slow Communications-Client Latency
  • Slow Communications-Server Latency
  • Latency Locating Framework
  • Network Baselining
  • Site Baseline
  • Host Baseline
  • Application Baseline
  • Additional Notes on Baselines
  • Final Thoughts
  • 10: Packet Analysis for Security
  • Reconnaissance
  • SYN Scan
  • Operating System Fingerprinting
  • Exploitation
  • Operation Aurora
  • ARP Cache Poisoning
  • Remote-Access Trojan
  • Final Thoughts
  • 11: Wireless Packet Analysis
  • Physical Considerations
  • Sniffing One Channel at a Time
  • Wireless Signal Interference
  • Detecting and Analyzing Signal Interference
  • Wireless Card Modes
  • Sniffing Wirelessly in Windows
  • Configuring AirPcap
  • Capturing Traffic with AirPcap
  • Sniffing Wirelessly in Linux
  • 802.11 Packet Structure
  • Adding Wireless-Specific Columns to the Packet List Pane
  • Wireless-Specific Filters
  • Filtering Traffic for a Specific BSS ID
  • Filtering Specific Wireless Packet Types
  • Filtering a Specific Frequency
  • Wireless Security
  • Successful WEP Authentication
  • Failed WEP Authentication
  • Successful WPA Authentication
  • Failed WPA Authentication
  • Final Thoughts
  • Further Reading
  • Packet Analysis Tools
  • tcpdump and Windump
  • Cain &amp
  • Abel
  • Scapy
  • Netdude
  • Colasoft Packet Builder
  • CloudShark
  • pcapr
  • NetworkMiner
  • Tcpreplay
  • ngrep
  • libpcap
  • hping
  • Domain Dossier
  • Perl and Python.
  • Packet Analysis Resources
  • Wireshark Home Page
  • SANS Security Intrusion Detection In-Depth Course
  • Chris Sanders Blog
  • Packetstan Blog
  • Wireshark University
  • IANA
  • TCP/IP Illustrated (Addison-Wesley)
  • The TCP/IP Guide (No Starch Press).

Ejemplares similares