Laura Chappell - Wireshark Network Analysis

Wireshark Network Analysis
The Official Wireshark Certified Network Analyst Study Guide
2nd Edition (Version 2.1b)

Laura Chappell
Founder, Chappell University
Founder, Wireshark University

Readers interested in this book may also be interested in the associated Wireshark Certified Network Analyst
Official Exam Prep Guide Second Edition.

10-digit ISBN: 1-893939-90-1
13-digit ISBN: 978-1-893939-90-5

Wireshark Network Analysis
The Official Wireshark Certified Network Analyst Study Guide
2nd Edition (Version 2.1b)

Copyright 2012, Protocol Analysis Institute, Inc, dba Chappell University. All rights reserved. No part of this ebook, or related materials, including interior design, cover design and contents of the referenced book website, www.wiresharkbook.com, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without the prior written permission of the publisher.

To arrange bulk purchase discounts for sales promotions, events, training courses, or other purposes, please contact Chappell University at the address listed on the next page.

Book URL: www.wiresharkbook.com
Paperback Book 13-digit ISBN: 978-1-893939-94-3
Paperback Book 10-digit ISBN: 1-893939-94-4

Distributed worldwide for Chappell University through Protocol Analysis Institute, Inc.

For general information on Chappell University or Protocol Analysis Institute, Inc, including information on corporate licenses, updates, future titles or courses, contact the Protocol Analysis Institute, Inc at 408/378-7841 or send email to .

For authorization to photocopy items for corporate, personal or educational use, contact Protocol Analysis Institute, Inc at email to .

Trademarks. All brand names and product names used in this book or mentioned in this course are trade names, service marks, trademarks, or registered trademarks of their respective owners. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation. Protocol Analysis Institute, Inc is the exclusive developer for Chappell University.

Limit of Liability/Disclaimer of Warranty. The author and publisher have used their best efforts in preparing this book and the related materials used in this book. Protocol Analysis Institute, Inc, Chappell University and the author(s) make no representations or warranties or merchantability or fitness for a particular purpose. Protocol Analysis Institute, Inc and Chappell University assume no liability for any damages caused by following instructions or using the techniques or tools listed in this book or related materials used in this book. Protocol Analysis Institute, Inc, Chappell University and the author(s) make no representations or warranties that extend beyond the descriptions contained in this paragraph. No warranty may be created or extended by sales representatives or written sales materials. The accuracy or completeness of the information provided herein and the opinions stated herein are not guaranteed or warranted to produce any particular result and the advice and strategies contained herein may not be suitable for every individual. Protocol Analysis Institute, Inc, Chappell University and author(s) shall not be liable for any loss of profit or any other commercial damages, including without limitation special, incidental, consequential, or other damages.

Always ensure you have proper authorization before you listen to and capture network traffic.

Copy Protection. In all cases, reselling or duplication of this book and related materials used in this training course without explicit written authorization is expressly forbidden. We will find you, ya know. So dont steal it or plagiarize this book.

This book and the book website, www.wiresharkbook.com, references Chanalyzer Pro software created by MetaGeek (www.metageek.net/wiresharkbook).

This book and the book website, www.wiresharkbook.com, references GeoLite data created by MaxMind, available from www.maxmind.com.

PhoneFactor SSL/TLS vulnerabilities documents and trace files referenced on the book website, www.wiresharkbook.com, were created by Steve Dispensa and Ray Marsh (www.phonefactor.com).

This book and the book website, www.wiresharkbook.com, references trace files from Mu Dynamics (www.pcapr.net).

This book references rules released by Emerging Threats Copyright 2003-2012, Emerging Threats. All rights reserved. For more information, visit emergingthreats.net.

Protocol Analysis Institute, Inc.
5339 Prospect Road, # 343
San Jose, CA 95129 USA
www.wiresharkbook.com

Also refer to Chappell University at the same address
www.chappellU.com

Cover: Fractal image, Waves Envisioned during Late Nights at Work, by Scott Spicer
Created with Apophysis 2.09

Dedication

This Second Edition is dedicated to Gerald Combs, creator of Wireshark (formerly Ethereal) and a good friend.

Twelve years ago, I sent Gerald a notejust out of the blue"may I include Ethereal on my CD? I want to give it away at conferences." Expecting some pushbackafter all, he didnt know who the heck I wasI was amazed and thrilled to receive his response stating "sure, go aheadthat would be great!"

Gerald is more than the creator of Wireshark. Gerald is one of us. He struggled with a problem. He formulated a solution. Then he did something extraordinaryhe shared his solution with the world. In his typical unselfish mode, Gerald opened up his project for the contribution and participation of others.

Ethereal morphed into Wireshark, and Wireshark continued to mature. Wireshark has surpassed every other network analyzer product in the industry to become the de facto standard for network traffic analysis.

In 2011 Wireshark was voted the #1 Security Tool on the SecTools.org Top 125 Network Security Tools survey (conducted by Gordon Lyons, creator of Nmap). This is a much deserved recognition that Wireshark and packet analysis is a must-have skill for IT security professionals.

Throughout Wiresharks rise in popularity, Gerald has remained one of the most honest, humble, dedicated professionals in our field.

Thank you Gerald.

p.s. Again I want to express very special thanks to Geralds wife, Karen, and their absolutely cute-beyond-belief, I-have-my-Daddy-wrapped-around-my-little-finger, smarty-pants-who-melts-your-heart daughter! Gerald always beams when he talks about you two very special ladies and it is a treat spending time with you both . I am grateful for the love, support and inspiration you have provided Gerald. Your tremendous humor and joie de vivre inspires me!

There are many people who were directly and indirectly involved in creating the First and Second Editions of this book.

First and foremost, I would like to thank my children, Scott and Ginny, for your patience, support and humor during the many hours I was huddled over my computer to complete this book. Your words of encouragement really helped me balance work and life during some long days and nights of deadlines. It will be a treat to write that "Cooking Badly" book with you someday!