Charit Mishra - Wireshark 2 Quick Start Guide

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha
Acquisition Editor: Reshma Raman
Content Development Editor: Aditi Gour
Technical Editor: Shweta Jadhav
Copy Editor: Safis Editing
Project Coordinator: Hardik Bhinde
Proofreader: Safis Editing
Indexer: Aishwarya Gangawane
Graphics: Jason Monteiro
Production Coordinator: Deepika Naik

First published: June 2018

Production reference: 1200618

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78934-278-9

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Charit Mishra is an ICS/SCADA professional, working as a security architect for critical infrastructure across several industries, including oil and gas, mining, utilities, renewable energy, transportation, and telecom. He has been involved in leading and executing complex projects involving the extensive application of security standards, frameworks, and technologies. A postgraduate in computer science, Charit's profile boasts of leading industry certifications such as OSCP, CEH, CompTIA Security+, and CCNA R&S. Moreover, he regularly delivers professional training and knowledge sessions on critical infrastructure security internationally.

Anish has a YouTube channel named Zariga Tongy where he loves to post videos on security, hacking and other cloud related technology.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Wireshark is the world's most popular free and open source protocol analyzer, and it is commonly used by networking and security professionals for troubleshooting, analysis, protocol development, and forensics. The primary objective of Wireshark is to capture network traffic and display the packet data in, as detailed a way as possible. It helps professionals view the content of network traffic on a microscopic level.

This book is written from the standpoint of using Wireshark and learning how network protocols function and provides a practical approach to conducting protocol analysis, troubleshooting network anomalies, and examining security issues. I have tried to depict common scenarios that you may come across in day-to-day operations through practical demonstration wherever possible to help you understand the concepts better. By reading this book, you will learn how to install Wireshark, work with Wireshark GUI elements, and learn some advanced features behind the scenes, such as the filtering options, the statistics menu, and decrypting wireless and encrypting traffic . You can be the superhero of your team who helps resolve connectivity issues, n etwork administration tasks, and computer forensics because Packets Are Life. If your routine job requires dealing with computer networks and security, then this book will give you a strong head start. Happy sniffing!

This book is for students/professionals who have basic experience and knowledge of the networking and who want to get up to speed with Wireshark in no time. This book will take you from the installation to the usage of commonly used tools/tricks. The book will get you comfortable with the GUI elements of Wireshark and explain the fundamentals of the science behind protocol analysis.

, Installing Wireshark , will provide you with an introduction to the basics of the TCP/IP model and a step-by-step walk-through of the installation of Wireshark on your favorite operating system .

, Introduction to Wireshark and Packet Analysis , will help you understand the basics and science behind packet analysis, as Wireshark come in handy and proves to be a Swiss Army knife for professionals dealing with network, security, and digital forensics. In this chapter, you will also understand the trick of placing the sniffer in a strategic location to get most out of your network.

, Filtering Our Way in Wireshark, will help you identify and apply the Wireshark filters, namely the capturing and displaying filters. Filtering provides a powerful way to capture or see the traffic you desire; it's an effective way to remove the noise from the stream of packets we desire to analyze.

, Analyzing Application Layer Protocols, will help you understand the approach and methodology for analyzing application layer protocols such as HTTP, SMTP, FTP, and DNS through Wireshark. As we know, application layer protocols typically interface between a client and a server. It is critical to understand the structure and behavior of application layer protocols packets in order to identify anomalies with efficiency.