Safari an OReilly Media Company. - Practical Packet Analysis: Using Wireshark to Solve Real-World Network Proble, 3rd Edition

A wealth of information. Smart, yet very readable, and honestly made me excited to read about packet analysis.

TECHREPUBLIC

Id recommend this book to junior network analysts, software developers, and the newly minted CSE/CISSP/etc.folks that just need to roll up their sleeves and get started troubleshooting network (and security) problems.

GUNTER OLLMANN, FORMER CHIEF TECHNICAL OFFICER OF IOACTIVE

The next time I investigate a slow network, Ill turn to Practical Packet Analysis. And thats perhaps the best praise I can offer on any technical book.

MICHAEL W. LUCAS, AUTHOR OF ABSOLUTE FREEBSD AND NETWORK FLOW ANALYSIS

An essential book if you are responsible for network administration on any level.

LINUX PRO MAGAZINE

A wonderful, simple-to-use, and well-laid-out guide.

ARSGEEK.COM

If you need to get the basics of packet analysis down pat, this is a very good place to start.

STATEOFSECURITY.COM

Very informative and held up to the key word in its title, practical. It does a great job of giving readers what they need to know to do packet analysis and then jumps right in with vivid real-life examples of what to do with Wireshark.

LINUXSECURITY.COM

Are there unknown hosts chatting away with each other? Is my machine talking to strangers? You need a packet sniffer to really find the answers to these questions. Wireshark is one of the best tools to do this job, and this book is one of the best ways to learn about that tool.

FREE SOFTWARE MAGAZINE

Perfect for the beginner to intermediate.

DAEMON NEWS

Using Wireshark to Solve Real-World Network Problems

Chris Sanders

San Francisco

PRACTICAL PACKET ANALYSIS, 3RD EDITION. Copyright 2017 by Chris Sanders.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

21 20 19 18 17 1 2 3 4 5 6 7 8 9

ISBN-10: 1-59327-802-0

ISBN-13: 978-1-59327-802-1

Publisher: William Pollock

Production Editor: Serena Yang

Cover Illustration: Octopod Studios

Interior Design: Octopod Studios

Developmental Editor: William Pollock and Jan Cash

Technical Reviewer: Tyler Reguly

Copyeditor: Paula L. Fleming

Compositor: Janelle Ludowise

Proofreader: James Fraleigh

Indexer: BIM Creatives, LLC.

For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly:

No Starch Press, Inc.

245 8th Street, San Francisco, CA 94103

phone: 1.415.863.9900;

www.nostarch.com

The Library of Congress has catalogued the first edition as follows:

Sanders, Chris, 1986

Practical packet analysis : using Wireshark to solve real-world network problems / Chris Sanders.

p. cm.

ISBN-13: 978-1-59327-149-7

ISBN-10: 1-59327-149-2

1. Computer network protocols. 2. Packet switching (Data transmission) I. Title.

TK5105.55.S265 2007

004.6'6--dc22

2007013453

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

Amazing grace, how sweet the sound
That saved a wretch like me.
I once was lost but now Im found.
Was blind but now I see.

PACKET ANALYSIS AND NETWORK BASICS

TAPPING INTO THE WIRE

INTRODUCTION TO WIRESHARK

WORKING WITH CAPTURED PACKETS

ADVANCED WIRESHARK FEATURES

PACKET ANALYSIS ON THE COMMAND LINE

NETWORK LAYER PROTOCOLS

TRANSPORT LAYER PROTOCOLS

COMMON UPPER-LAYER PROTOCOLS

BASIC REAL-WORLD SCENARIOS

FIGHTING A SLOW NETWORK

PACKET ANALYSIS FOR SECURITY

WIRELESS PACKET ANALYSIS

A
FURTHER READING

B
NAVIGATING PACKETS

Id like to express sincere gratitude for the people whove supported me and the development of this book.

Ellen, thank you for your unconditional love and for putting up with me pecking away at the keyboard in bed for countless nights while you were trying to sleep.

Mom, even in death the example of kindness you set continues to motivate me. Dad, I learned what hard work was from you and none of this happens without that.

Jason Smith, youre like a brother to me, and I cant thank you enough for being a constant sounding board.

Regarding my coworkers past and present, Im very fortunate to have surrounded myself with people whove made me a smarter, better person. Theres no way I can name everyone, but I want to sincerely thank Dustin, Alek, Martin, Patrick, Chris, Mike, and Grady for supporting me every day and embracing what it means to be servant leaders.

Thanks to Tyler Reguly who served as the primary technical editor. I make stupid mistakes sometimes, and you make me look less stupid. Also, thanks to David Vaughan for providing an extra set of eyes, Jeff Carrell for helping edit the IPv6 content, Brad Duncan for providing a capture file used in the security chapter, and the team at QA Caf for providing a Cloudshark license that I used to organize the packet captures for the book.

Of course, I also have to extend thanks to Gerald Combs and the Wireshark development team. Its the dedication of Gerald and hundreds of other developers that makes Wireshark such a great analysis platform. If it werent for their efforts, information technology and network security would be significantly worse off.

Finally, thanks to Bill, Serena, Anna, Jan, Amanda, Alison, and the rest of the No Starch Press staff for their diligence in editing and producing all three editions of Practical Packet Analysis.

This third edition of Practical Packet Analysis was written and edited over the course of a year and a half, from late 2015 to early 2017, approximately 6 years after the second editions release and 10 years since publication of the original. This book contains a significant amount of new content, with completely new capture files and scenarios and an entirely new chapter covering packet analysis from the command line with TShark and tcpdump. If you liked the first two editions, then youll like this one. Its written in the same tone and breaks down explanations in a simple, understandable manner. If you were hesitant to try out the last two editions because they didnt include the latest information on networking or Wireshark updates, youll want to read this one because of the expanded content on new network protocols and updated information on Wireshark 2.