Instant Traffic Analysis with Tshark How-to
eBook - ePub

Instant Traffic Analysis with Tshark How-to

  1. 68 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Instant Traffic Analysis with Tshark How-to

About this book

In Detail

Malware, DoS attacks, SQLi, and data exfiltration are some of the problems that many security officers have to face every day. Having advanced knowledge in communications and protocol analysis is therefore essential to investigate and detect any of these attacks. Tshark is the ideal tool for professionals who wish to meet these needs, or students who want to delve into the world of networking.

Instant Traffic Analysis with Tshark How-to is a practical, hands-on guide for network administrators and security officers who want to take advantage of the filtering features provided by Tshark, the command-line version of Wireshark. With this guide you will learn how to get the most out of Tshark from environments lacking GUI, ideal for example in Unix/Linux servers, offering you much flexibility to identify and display network traffic.

The book begins by explaining the basic theoretical concepts of Tshark and the process of data collection. Subsequently, you will see several alternatives to capture traffic based on network infrastructure and the goals of the network administrator. The rest of the book will focus on explaining the most interesting parameters of the tool from a totally practical standpoint.

You will also learn how to decode protocols and how to get evidence of suspicious network traffic. You will become familiar with the many practical filters of Tshark that identify malware-infected computers and lots of network attacks such as DoS attacks, DHCP/ARP spoof, and DNS flooding. Finally, you will see some tricks to automate certain tasks with Tshark and python scripts.

You will learn everything you need to get the most out of Tshark and overcome a wide range of network problems. In addition you will learn a variety of concepts related to networking and network attacks currently exploited.

Approach

Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This How-to guide will explore TShark. As this is the terminal version, it will show the user all commands and syntax as well as all options for Tshark and its common uses through small recipes.

Who this book is for

This book is intended for network administrators and security officers who have to deal daily with a variety of network problems and security incidents. It will also be a good learning aid for Cisco students wishing to implement and understand the many theoretical concepts related to traffic data and communications in greater depth.

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2013
Edition
1
eBook ISBN
9781782165385
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Instant Traffic Analysis with Tshark How-to

Instant Traffic Analysis with Tshark How-to

Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2013
Production Reference: 1170413
Livery Place
35 Livery Street
Birmingham B3 2PB, UK
ISBN 978-1-78216-538-5
www.packtpub.com

Credits

Author
Borja Merino
Reviewer
Nelo Belda Atoche
IT Content Commissioning Editor
James Jones
Commissioning Editor
Ameya Sawant
Technical Editor
Varun Pius Rodrigues
Project Coordinator
Sneha Modi
Proofreader
Stephen Copestake
Graphics
Ronak Dhruv
Production Coordinator
Shantanu Zagade
Cover Work
Shantanu Zagade
Cover Image
Conidon Miranda

About the Author

Borja Merino is a security researcher from León, Spain. He studied Computer Science at the Pontificia University of Salamanca and he is certified in OSCP, OSWP, OSCE, CCNA Security, CCSP, Cisco Firewall, SMFE, CISSP, and NSTISSI 4011. He has published several papers about pentesting and exploiting. He is also a Metasploit community contributor and one of the authors of the blog www.securityartwork.com, where he regularly writes security articles. You can follow him on Twitter at @BorjaMerino.
I would like to dedicate this book (my first mini book) to my family, especially my parents and my brother, the most important people to me. Of course, I also dedicate it to my girlfriend and my best colleagues although some of them do not even know what a protocol analyzer is.
Finally, I would like to give special thanks to the Technical Reviewer Nelo and my friend Alfon who, without hesitation, offered to help me with the review of the book. Thank you guys!

About the Reviewer

Nelo Belda Atoche is a Security Analyst in S2 Grupo. He received a Technical Engineering degree in Telecommunication from the Universitat Politècnica de València and a Master’s degree in Information Systems and Technology Management and Administration from the Universitat Oberta de Catalunya. Since his early student years, he has been focused on Computer Security.
He currently works as an Incident Handler (GIAC Certified on Incident Handler, GCIH) in a Computer Security Incident Response Team, at the Spanish company S2 Grupo. He performs tasks of network and computer analysis and forensics, incident response, and IDS/IPS management, among others. He also has collaborated on various technical reports, about critical infrastructure protection, as well as in the blog SecurityArtWork.

www.PacktPub.com

Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and, as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Support files, eBooks, discount offers and more
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packts online digital book library. Here, you can access, read, and search across Packts entire library of books.

Why Subscribe?

  • Fully searchable across every book published by Packt
  • Copy and paste, print and bookmark content
  • On-demand and accessible via web browsers

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

One of the main tasks of any network administrator or security officer is traffic analysis. Skill in the use of protocol analysis tools will be essential to locate and limit network problems, resolve security incidents, check the correct operation of routing protocols, test applications using sockets, and so on. Tshark, the command-line version of Wireshark, is the ideal tool for professionals who wish to meet those needs or students who want to delve into the world of networking and understand in more depth the operation of TCP/IP network protocols. With Tshark, you could take advantage of all filtering features provided by Wireshark from lacking GUI environments, ideal for example in Unix/Linux servers, offering you great flexibility to identify and display network traffic. This book will develop the full potential of this tool from a completely practical standpoint, using real examples that represent the everyday life of many professionals dedicated to the world of security and communications.

What this book covers

Capturing data with Tshark (Must know) explains basic theoretical concepts about Tshark and the process of data collection. It also explains how to configure Tshark to capture traffic with the appropriate permissions without exposing the system for possible vulnerabilities.
Capturing traffic (Must know) explains some of the options for data collection. Each of the alternatives depends on the network infrastructure and the objectives of the analyst.
Delimiting network problems (Should know) offers practical examples to help us define and identify specific network traffic, in order to quickly identify the source of many problems of networking.
Implementing useful filters (Should know) presents useful examples that...

Table of contents

  1. Instant Traffic Analysis with Tshark How-to

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Instant Traffic Analysis with Tshark How-to by Borja Merino in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over 1.5 million books available in our catalogue for you to explore.