Wireshark 2 Quick Start Guide
eBook - ePub

Wireshark 2 Quick Start Guide

Secure your network through protocol analysis

  1. 164 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Wireshark 2 Quick Start Guide

Secure your network through protocol analysis

About this book

Protect your network as you move from the basics of the Wireshark scenarios to detecting and resolving network anomalies.

Key Features

  • Learn protocol analysis, optimization and troubleshooting using Wireshark, an open source tool
  • Learn the usage of filtering and statistical tools to ease your troubleshooting job
  • Quickly perform root-cause analysis over your network in an event of network failure or a security breach

Book Description

Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.

This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations.

By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.

What you will learn

  • Learn how TCP/IP works
  • Install Wireshark and understand its GUI
  • Creation and Usage of Filters to ease analysis process
  • Understand the usual and unusual behaviour of Protocols
  • Troubleshoot network anomalies quickly with help of Wireshark
  • Use Wireshark as a diagnostic tool for network security analysis to identify source of malware
  • Decrypting wireless traffic
  • Resolve latencies and bottleneck issues in the network

Who this book is for

If you are a security professional or a network enthusiast who is interested in understanding the internal working of networks and packets, then this book is for you. No prior knowledge of Wireshark is needed.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
Packt Publishing
Year
2018
Print ISBN
9781789342789
eBook ISBN
9781789346718
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Filtering Our Way in Wireshark

This chapter will assist you in identifying and applying the usage of Wireshark filters—namely, the capture and display filters. Filtering provides a powerful way to capture or see traffic; it is an effective way to segregate the desired traffic stream from noise (traffic ). The following are the topics we will cover in this chapter:
  • Introducing capture filters
  • Why and how to use capture filters
  • Introducing display filters
  • Why and how to use display filters
  • Colorizing traffic
Let's start our analyzer and apply some filters to understand the usage and effectiveness of them. We will take a step-by-step walk through the process of creating display and capture filters. Also, we will find utility, which is quite effective when troubleshooting network issues.

Introducing filters

The two types of filters offered by Wireshark are capture filter and display filter, which can be used over live traffic and/or with saved capture files. Filters provide advanced capabilities in performing packet analysis, where a user is able to separate the unwanted stream of packets from the stream of packets for analysis.

Capture filters

Capture filters enable you to capture only traffic that you want to be captured, eliminating an unwanted stream of packets. Capturing packets is a processor-intensive task, and packet analyzers use a good amount of primary memory while they are running.
Packets are only sent to the capture engine if they meet a certain criterion (capture filter expressions). Capture filters do not facilitate advanced filtering options, as in display filters.
The following is a screenshot of the Capture Options window dialog:
The Capture Options dialog
Let's take a walk through the options available in the Capture dialog window:
  • Capture (under input tab): Its purpose is to choose which interface you wish to listen on; multiple interfaces can also be selected to run in parallel. The details for every interface are listed under separate columns, such as Capture, Interface, the name of the interface, whether the promiscuous mode is enabled or not, and so on. Under the Capture dialog, you will see a checkbox to toggle the promiscuous mode, which enables you to listen to traffic that is not generated from or headed to your machine.
  • Manage Interfaces: Facilitates addition or removal of a new interface for listening purposes. You can add even remote machine interfaces to listen remotely.
  • Capture Filter: Lists capture filters and also facilitates the addition of new user-defined filters:
Default Capture Filters
The Berkley Packet Filtering (BPF) syntax is an industry standard used for designing filters expressions and is supported by protocol analyzers such as tcpdump, which makes a filter's configuration file portable.
The following are the steps to create your first capture filters expression; consider a scenario where you have to capture packets originating from a web server that is located at 10.10.10.157:
  1. Open the Capture Options dialog.
  2. Click on Capture Filter.
  3. Click on New.
  4. Write Filtering Host inside the Filter name textbox.
  1. Write host 10.10.10.157 inside the Filter String textbox:
Creating a sample capture filter
  1. Once done, click on OK; if you've entered everything correctly (mostly the filter expression), the textbox followed by the Capture Filter button will be displayed with a green background.
  2. Capture Files (under output tab): Use this option to append stream of packets to an existing trace file. The captured packets will be added to the file of your choice. If you haven't chosen any, a temporary file will be created. For more advanced way of saving packets to single/multiple files, try the following:
    • Create a new file automatically after: After capturing a certain amount of data (KB, MB or GB), Wireshark will create a new file to save a stream of packets. For instance, I want to create a new file after Wireshark captures 2 MBs of data.
    • Next File Every (time): After a certain amount of time (seconds, minutes, or hours), Wireshark will create a new file to save a stream of packets. For instance, I want to create a new file every five minutes.
    • Ring buffer: Use this option to set a limit for creation of new files based on the pr...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. Packt Upsell
  4. Contributors
  5. Preface
  6. Installing Wireshark
  7. Introduction to Wireshark and Packet Analysis
  8. Filtering Our Way in Wireshark
  9. Analyzing Application Layer Protocols
  10. Analyzing the Transport Layer Protocols TCP/UDP
  11. Network Security Packet Analysis
  12. Analyzing Traffic in Thin Air
  13. Mastering the Advanced Features of Wireshark
  14. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Wireshark 2 Quick Start Guide by Charit Mishra in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.