The Wireshark Field Guide Analyzing and Troubleshooting Network Traffic Robert Shimonski Table of Contents Cover image Title page Copyright Dedication Preface About the Author Acknowledgment Introduction About Wireshark Installing Wireshark Configuring A System Capturing Packets Color Codes Filters Sample Captures Inspecting Packets Deep Analysis Saving Captures Chapter 1. About Wireshark 1.1 Introduction 1.2 What Is Wireshark? 1.3 What Is Network And Protocol Analysis? 1.4 The History Of Wireshark 1.5 Troubleshooting Problems 1.6 Using Wireshark To Analyze Data 1.7 The OSI Model 1.8 Summary Chapter 2. Installing Wireshark 2.1 Introduction 2.2 Getting Started 2.3 Requirements 2.4 Installation Preparation 2.5 Installing Wireshark 2.6 Summary Chapter 3. Configuring a System 3.1 Introduction 3.2 Getting Started 3.3 Configuring A Cisco Port Monitor 3.4 Other Tools And Methodologies 3.5 Summary Chapter 4. Capturing Packets 4.1 Introduction 4.2 Getting Started 4.3 Summary Chapter 5. Color Codes 5.1 Getting Started 5.2 Creating Color Code Lists 5.3 Adding And Removing Filters 5.4 Other Coloring Options 5.5 Summary Chapter 6. Filters 6.1 Getting Started 6.2 Applying A Filter 6.3 Advanced Filter Creation 6.4 Other Filtering Techniques 6.5 Customized Filtering And Troubleshooting 6.6 Conversation Filters 6.7 Summary Chapter 7. Sample Captures 7.1 Getting Started 7.2 Sample Captures 7.3 Expert Analysis 7.4 Flow Graphs 7.5 Summary Chapter 8. Inspecting Packets 8.1 Getting Started 8.2 Understanding The Technology 8.3 Capturing And Filtering Data 8.4 Inspection Of The Data 8.5 Analysis Tools 8.6 Summary Chapter 9. Deep Analysis 9.1 Getting Started 9.2 Deep Analysis 9.3 Analyzing Flow 9.4 Troubleshooting Phones 9.5 Security Analysis 9.6 Network Performance Analysis And Optimization 9.7 Using Wireshark Online 9.8 Summary Chapter 10. Saving Captures 10.1 Getting Started 10.2 Saving Captures 10.3 Saving Captures (Multiple Files) 10.4 Saving In Other Formats 10.5 Importing And Exporting Data 10.6 Merging Data 10.7 Summary Copyright Acquiring Editor: Chris Katsaropoulos Development Editor: Benjamin Rearick Project Manager: Mohana Natarajan Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA First published 2013 Copyright © 2013 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress ISBN: 978-0-12410413-6 For information on all Syngress publications visit our website at www.syngress.com Dedication This book is dedicated to my wonderful children, Dylan Shimonski and Vienna Shimonski. I love you! Preface Welcome to The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic book, your guide to get up to speed using Wireshark in a quick and efficient manner. This book provides hackers, pen testers, and network administrators with practical guidance on capturing and interactively browsing the traffic running on a computer network. Wireshark is the world’s foremost network protocol analyzer, with a rich feature set that includes deep inspection of hundreds of protocols, live capture, offline analysis, and many other features. Wireshark is a multiplatform application that can be set up and put to work in minutes to help analyze and troubleshoot some of the most complex security problems found today. This book covers the installation, configuration, and use of this powerful tool. It provides readers with the hands-on skills to be more productive with Wireshark as they drill down into the information contained in real-time network traffic. • Learn the fundamentals of using Wireshark in a concise field manual. • Quickly create functional filters that will allow you to get to work quickly on solving problems. • Understand the myriad of options and the deep functionality of Wireshark to get working quicker. • Solve common problems seen in networks today with what is taught in this guide. • Learn some advanced features, methods, and helpful ways to work quicker and more efficient. The goal of this book is to teach the basics quickly in a very short format publication. Use the following link and similar other links found at the books companion website www.learnwireshark.com.
Description: