Wireshark 101 Essential Skills for Network Analysis 1st Edition Always ensure you have proper authorization before you listen to and capture network traffic. Protocol Analysis Institute, Inc 5339 Prospect Road, # 343 San Jose, CA 95129 USA www.packet-level.com Chappell University info@chappellU.comwww.chappellU.com Copyright 2013, Protocol Analysis Institute, Inc., dba Chappell University. All rights reserved. No part of this Student Manual, or related materials, including interior design, cover design, and contents of the book web site, www.wiresharkbook.com, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher. To arrange bulk purchase discounts for sales promotions, events, training courses, or other purposes, please contact Chappell University via email ), phone (1-408-378-7841), or mail (5339 Prospect Road, #343, San Jose, CA 95129). Book URL: www.wiresharkbook.com13-digit ISBN: 978-1-893939-73-8 10-digit ISBN: 1-893939-73-1 (Version 1.0a) Distributed worldwide for Chappell University through Protocol Analysis Institute, Inc. is the exclusive educational materials developer for Chappell University. is the exclusive educational materials developer for Chappell University.
For general information on Chappell University or Protocol Analysis Institute, Inc., including information on corporate licenses, updates, future titles, or courses, contact the Protocol Analysis Institute, Inc., at 408/378-7841 or send email to For authorization to photocopy items for corporate, personal, or educational use, contact Protocol Analysis Institute, Inc., at Trademarks. All brand names and product names used in this book or mentioned in this course are trade names, service marks, trademarks, or registered trademarks of their respective owners. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation. Limit of Liability/Disclaimer of Warranty. The author and publisher have used their best efforts in preparing this book and the related materials used in this book. Protocol Analysis Institute, Inc., Chappell University, and the author(s) make no representations or warranties of merchantability of fitness for a particular purpose. Protocol Analysis Institute, Inc., and Chappell University assume no liability for any damages caused by following the instructions or using the techniques or tools listed in this book or related materials used in this book.
Protocol Analysis Institute, Inc., Chappell University, and the author(s) make no representations or warranties that extend beyond the descriptions contained in this paragraph. No warranty may be created or extended by sales representatives or written sales materials. The accuracy or completeness of the information provided herein and the opinions stated herein are not guaranteed or warranted to produce any particular result and the advice and strategies contained herein may not be suitable for every individual. Protocol Analysis Institute, Inc., Chappell University, and author(s) shall not be liable for any loss of profit or any other damages, including without limitation, special, incidental, consequential, or other damages. Copy Protection. In all cases, reselling or duplication of this book and related materials used in this training course without explicit written authorization is expressly forbidden.
We will find you, ya know. So don't steal or plagiarize this book. Acknowledgments There are many people who were directly and indirectly involved in building the concept of this lab based book, hashing out the Table of Contents, reviewing the chapters, and testing the labs. Your time and patience (through never-ending revisions and updates) is truly appreciated. Lanell Allen Jim Aragon Brenda Cardinal Tobias Clary Gerald Combs Joy DeManty John Gonder Jennifer Keels Kayla Smith John Wright I would especially like to thank Jim Aragon for his meticulous technical and grammatical expertise. Jim, you are my "style guru!" Special thanks to the following individuals who offered encouraging quotes for readers beginning their Wireshark journey or honing their skills with this book.
Lanell Allen, Wireshark Certified Network Analyst Richard Bejtlich, Chief Security Officer, Mandiant Sake Blok, Wireshark Core Developer and SYN-bit Founder Anders Broman, Wireshark Core Developer and System Tester at Ericsson Loris Degioanni, Creator of WinPcap and Cascade Pilot Betty DuBois, Chief Detective of Network Detectives and Certified Wireshark University Instructor Tony Fortunato, Senior Network Performance Specialist, The Technology Firm Lionel Gentil, iTunes Software Reliability Engineer, Apple, Inc. John Gonder, Cisco Academy Director, Las Positas College Jennifer Keels, CNP-S, CEH, Network Engineer Gordon "Fyodor" Lyon, Founder of the open source Nmap Security Scanner project Steven McCanne, CTO and Executive Vice President, Riverbed As always, my sincere thanks to the Wireshark Core Developers who have built Wireshark into an indispensable tool. The current list of core developers can be found at wiki.wireshark.org/Developers. If I've missed anyone in this acknowledgments section, I apologize sincerely. Dedication This book is dedicated to Ginny and Scott. and special thanks to my Mom (who just asked "Am I in the new book?"). and special thanks to my Mom (who just asked "Am I in the new book?").
Here you are, Mom. Jeez... subtle . Now that I've mentioned my Mom, I'd better keep the peace in the family by thanking my Dad (likely the topic of another book someday). About this BookWho is this Book For? This book is written for beginner analysts. This book provides an ideal starting point whether you are interested in analyzing traffic to learn how an application works, you need to troubleshoot slow network performance, or determine whether a machine is infected with malware.
Learning to capture and analyze communications with Wireshark will help you really understand how TCP/IP networks function. As the most popular network analyzer tool in the world, the time you spend honing your skills with Wireshark will pay off when you read technical specs, marketing materials, security briefings, and more. This book can also be used by current analysts who need to practice the skills contained in this book. In essence, this book is for anyone who really wants to know what's happening on their network. What Prerequisite Knowledge do I Need? Before you delve into this book (or network analysis in general), you should have a solid understanding of basic network concepts and TCP/IP fundamentals. For example, you should know the purpose of a switch, a router, and a firewall.
You should be familiar with the concepts of Ethernet networking, basic wireless networking, and be comfortable with IP network addressing, as well. There are a few spots in this book where you will need to access the command prompt to set a path to an application directory or to run basic command-line tools such as ipconfig/ifconfig, ping, or traceroute. If you are unfamiliar with these tools, there are plenty of resources on the Internet to show you how they work on various platforms. You will find a at the back of the book. This glossary covers many of the terms and technology mentioned in the book. What Version of Wireshark does this Book Cover? This book was written using several Wireshark 1.8.x versions and the development version of Wireshark 1.9.x (which is the development version leading to Wireshark 1.10).
Next page