Packet analysis with Wireshark leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing an improved protocol analysis

Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques and performing improved protocol analysis About This Book Gain hands-on experience of troubleshooting errors in TCP/IP and SSL protocols through practical use cases Identify and overc...

Full description

Bibliographic Details
Other Authors: Nath, Anish, author (author)
Format: eBook
Language:Inglés
Published: Birmingham : Packt Publishing 2015.
Edition:1st edition
Series:Community experience distilled.
Subjects:
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629670606719
Table of Contents:
  • Cover
  • Copyright
  • Credits
  • About the Author
  • About the Reviewers
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: Packet Analyzers
  • Uses for packet analyzers
  • Introducing Wireshark
  • Wireshark features
  • Wireshark's dumpcap and tshark
  • The Wireshark packet capture process
  • Other packet analyzer tools
  • Mobile packet capture
  • Summary
  • Chapter 2: Capturing Packets
  • Guide to capturing packets
  • Capturing packets with Interface Lists
  • Common interface names
  • Capturing packets with Start options
  • Capturing packets with Capture Options
  • The capture filter options
  • Auto-capturing a file periodically
  • Troubleshooting
  • Wireshark user interface
  • The Filter toolbar
  • Filtering techniques
  • Filter examples
  • The Packet List pane
  • The Packet Details pane
  • The Packet Bytes pane
  • Wireshark features
  • Decode-As
  • Protocol preferences
  • The IO graph
  • Following the TCP stream
  • Exporting the displayed packet
  • Generating the firewall ACL rules
  • Tcpdump and snoop
  • References
  • Summary
  • Chapter 3: Analyzing the TCP Network
  • Recapping TCP
  • TCP header fields
  • TCP states
  • TCP connection establishment and clearing
  • TCP three-way handshake
  • Handshake message - first step [SYN]
  • Handshake message - second step [SYN, ACK]
  • Handshake message - third step [ACK]
  • TCP data communication
  • TCP close sequence
  • Lab exercise
  • TCP troubleshooting
  • TCP reset sequence
  • RST after SYN-ACK
  • RST after SYN
  • Lab exercise
  • TCP CLOSE_WAIT
  • Lab exercise
  • TCP TIME_WAIT
  • TCP latency issues
  • Cause of latency
  • Identifying latency
  • Server latency example
  • Wire latency
  • Wireshark TCP sequence analysis
  • TCP retransmission
  • Lab exercise
  • TCP ZeroWindow
  • TCP Window Update
  • TCP Dup-ACK
  • References
  • Summary
  • Chapter 4: Analyzing SSL/TLS
  • Introducing SSL/TLS.
  • SSL/TLS versions
  • The SSL/TLS component
  • The SSL/TLS handshake
  • Types of handshake message
  • Client Hello
  • Server Hello
  • Server certificate
  • Server Key Exchange
  • Client certificate request
  • Server Hello Done
  • Client certificate
  • Client Key Exchange
  • Client Certificate Verify
  • Change Cipher Spec
  • Finished
  • Application Data
  • Alert Protocol
  • Key exchange
  • The Diffie-Hellman key exchange
  • Elliptic curve Diffie-Hellman key exchange
  • RSA
  • Decrypting SSL/TLS
  • Decrypting RSA traffic
  • Decrypting DHE/ECHDE traffic
  • Forward secrecy
  • Debugging issues
  • Summary
  • Chapter 5: Analyzing Application Layer Protocols
  • DHCPv6
  • DHCPv6 Wireshark filter
  • Multicast addresses
  • The UDP port information
  • DHCPv6 message types
  • Message exchanges
  • The four-message exchange
  • The two-message exchange
  • DHCPv6 traffic capture
  • BOOTP/DHCP
  • BOOTP/DHCP Wireshark filter
  • Address assignment
  • Capture DHCPv4 traffic
  • DNS
  • DNS Wireshark filter
  • Port
  • Resource records
  • DNS traffic
  • HTTP
  • HTTP Wireshark filter
  • HTTP use cases
  • Finding the top HTTP response time
  • Finding packets based on HTTP methods
  • Finding sensitive information in a form post
  • Using HTTP status code
  • References
  • Summary
  • Chapter 6: WLAN Capturing
  • WLAN capture setup
  • The monitor mode
  • Analyzing the Wi-Fi networks
  • Frames
  • Management frames
  • Data frames
  • Control frames
  • 802.11 auth process
  • 802.1X EAPOL
  • The 802.11 protocol stack
  • Wi-Fi sniffing products
  • Summary
  • Chapter 7: Security Analysis
  • Heartbleed bug
  • The Heartbleed Wireshark filter
  • Heartbleed Wireshark analysis
  • The Heartbleed test
  • Heartbleed recommendations
  • The DOS attack
  • SYN flood
  • SYN flood mitigation
  • ICMP flood
  • ICMP flood mitigation
  • SSL flood
  • Scanning
  • Vulnerability scanning
  • SSL scans.
  • ARP duplicate IP detection
  • DrDoS
  • BitTorrent
  • Wireshark protocol hierarchy
  • Summary
  • Index.