Anish Nath - Packet Analysis with Wireshark

Anish Nath is a software engineer who has more than 10 years of experience. He works at CISCO, and at CISCO, he started using Wireshark for the first time. He is thankful to CISCO. He doesn't speak much, but likes to explore new things that he has not tried or not thought of. He also tries his best to be successful at this. Though he fails a lot of time, this gives him more experience, and when success comes, he thanks all of his efforts that had failed him initially.

You can reach him at https://in.linkedin.com/in/anishnath, and his Twitter handle is @anish2good.

I would like to thank my friends, Arnab Biswas, Arun John, Ganesh Choudhari, Mayank Johari, Pradeep Sivakumar, Prakash John, Deepak Kukrety, and Veeksha Vasant for supporting me in this venture. I've definitely learned a lot from their experience.

I would also like to thank, Alice Chen, Tin Nguyen, Sunil Menon, Saad Abderrazzaq, Ori Lior, Mahin Khani, Donn Coe, Rob Andrews, and Lon Barrett, for their support and belief in me all this time and also for providing me assistance when I needed it.

Special thanks to the Wireshark community and its developers for writing an awesome tool like this.

Thanks to all my reviewers who made an effort so that this book took the correct shape.

My apologies if I've missed anyone.

Thanks to Packt Publishing and the entire team, especially Indrajit Das and Rohit Singh for making this happen.

Michael Downey is a security analyst with a passion for *nix operating systems and network security monitoring. He is also the cofounder of the Evansville Linux User Group in Indiana, and a contributing member of OpenNSM (http://www.open-nsm.net/). In his free time, he enjoys security research and an occasional game of disc golf.

Robert Juric , while working as a network engineer, has supported government agencies, large corporations, and service providers. From his experience, he learned the value of packet analysis and has come to enjoy the details that it provides.

When not at work, Robert enjoys spending time outdoors with his wife and young son. He occasionally writes articles for his website, robertjuric.com, or can be found on Twitter at @robertj180.

Mikael Kanstrup is a software engineer with a passion for adventure and thrills in life. In his spare time, he spends his time kitesurfing, riding motocross, or just going outdoors with his family and two kids. Mikael has a BSc degree in computer science and years of experience in embedded software development and computer networking. For the past decade, he has been working as a professional software developer in the mobile phone industry.

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at > for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

I would like to dedicate this book to my 5-year old son, Arjun Nath; grandfather, Sri Rajeshwar Prasad; wife, Manisha Prasad; mother, Indu Sinha; and all my family members (my father, Anil Kumar Sinha; chote papa, Sunil Kumar Sinha; choti mummy, Poonam Sinha; and friends). Without them, this would not have been possible.

Preface

The purpose of this book is to identify, learn about, and solve issues related to protocol, network, and security, and see how Wireshark helps to analyze these patterns by allowing its features to troubleshoot effectively. This book has lab exercises and contains packet capture files for offline viewing and analyses. Most of the examples contain production-like scenarios and their solutions and steps to reproduce these solutions.

This book also contains effective capturing methods that can be used directly in production without installing Wireshark.

Wireshark is an awesome tool for troubleshooting and learning, and within the scope of this book, we have taken the best use cases for different types of audiences, such as network administrators, security auditors, protocol learners, and troubleshooters.

What this book covers

, Packet Analyzers , covers the definition of packet analyzers and their use cases, network interfaces naming conventions, pcap/pcanpng file extensions, and types of network analyzer tools.

, Capturing Packets , covers how to capture packets using Wireshark, tcpdump, and snoop; how to use Wireshark display filters; and how to use Wireshark's cool features such as Decode-As and protocol preferences. Also, we will cover the TCP stream, exporting images, generating a firewall ACL rule, autocapture setup, and the name resolution feature.