Synopses & Reviews
It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network?
With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You'll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you're on your way to packet analysis proficiency.
Learn how to:
- Use packet analysis to identify and resolve common network problems like loss of connectivity, DNS issues, sluggish speeds, and malware infections
- Build customized capture and display filters
- Monitor your network in real-time and tap live network communications
- Graph traffic patterns to visualize the data flowing across your network
- Use advanced Wireshark features to understand confusing captures
- Build statistics and reports to help you better explain technical network information to non-techies
Practical Packet Analysis is a must for any network technician, administrator, or engineer. Stop guessing and start troubleshooting the problems on your network.
Wireshark is the world's most popular "packet sniffer," allowing its users to uncover valuable information about computer networks by analyzing the TCP packets that travel through them. This significantly revised and expanded second edition of Practical Packet Analysis shows you how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems. Author Chris Sanders begins by discussing how networks work and gives you a solid understanding of how packets travel along the wire. He then explains how Wireshark can be used to monitor and troubleshoot networks. Numerous case studies help you apply your newfound knowledge to your networks. This revision offers more detailed explanations of key networking protocols; expanded discussions of wireless protocol analysis and an examination of network security at the packet level; expanded discussion of the meaning of packets and how they can offer insight into network structure; and new scenarios and examples. Whether fighting a virus infestation or a confounding connectivity problem, Practical Packet Analysis, 2nd Edition will help you find the problem and fix it.
This significantly revised and expanded edition discusses how to use Wireshark to capture raw network traffic, filter and analyze packets, and diagnose common network problems.
About the Author
Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.
Table of Contents
Praise for the First Edition of Practical Packet Analysis; Dedication; Acknowledgments; Introduction; Why This Book?; Concepts and Approach; How to Use This Book; About the Sample Capture Files; The Rural Technology Fund; Contacting Me; Chapter 1: Packet Analysis and Network Basics; 1.1 Packet Analysis and Packet Sniffers; 1.2 How Computers Communicate; 1.3 Traffic Classifications; 1.4 Final Thoughts; Chapter 2: Tapping into the Wire; 2.1 Living Promiscuously; 2.2 Sniffing Around Hubs; 2.3 Sniffing in a Switched Environment; 2.4 Sniffing in a Routed Environment; 2.5 Sniffer Placement in Practice; Chapter 3: Introduction to Wireshark; 3.1 A Brief History of Wireshark; 3.2 The Benefits of Wireshark; 3.3 Installing Wireshark; 3.4 Wireshark Fundamentals; Chapter 4: Working with Captured Packets; 4.1 Working with Capture Files; 4.2 Working with Packets; 4.3 Setting Time Display Formats and References; 4.4 Setting Capture Options; 4.5 Using Filters; Chapter 5: Advanced Wireshark Features; 5.1 Network Endpoints and Conversations; 5.2 Protocol Hierarchy Statistics; 5.3 Name Resolution; 5.4 Protocol Dissection; 5.5 Following TCP Streams; 5.6 Packet Lengths; 5.7 Graphing; 5.8 Expert Information; Chapter 6: Common Lower-Layer Protocols; 6.1 Address Resolution Protocol; 6.2 Internet Protocol; 6.3 Transmission Control Protocol; 6.4 User Datagram Protocol; 6.5 Internet Control Message Protocol; Chapter 7: Common Upper-Layer Protocols; 7.1 Dynamic Host Configuration Protocol; 7.2 Domain Name System; 7.3 Hypertext Transfer Protocol; 7.4 Final Thoughts; Chapter 8: Basic Real-World Scenarios; 8.1 Social Networking at the Packet Level; 8.2 Capturing ESPN.com Traffic; 8.3 Real-World Problems; 8.4 Final Thoughts; Chapter 9: Fighting a Slow Network; 9.1 TCP Error-Recovery Features; 9.2 TCP Flow Control; 9.3 Learning from TCP Error-Control and Flow-Control Packets; 9.4 Locating the Source of High Latency; 9.5 Network Baselining; 9.6 Final Thoughts; Chapter 10: Packet Analysis for Security; 10.1 Reconnaissance; 10.2 Exploitation; 10.3 Final Thoughts; Chapter 11: Wireless Packet Analysis; 11.1 Physical Considerations; 11.2 Wireless Card Modes; 11.3 Sniffing Wirelessly in Windows; 11.4 Sniffing Wirelessly in Linux; 11.5 802.11 Packet Structure; 11.6 Adding Wireless-Specific Columns to the Packet List Pane; 11.7 Wireless-Specific Filters; 11.8 Wireless Security; 11.9 Final Thoughts; Further Reading; Packet Analysis Tools; Packet Analysis Resources; Colophon; Updates;