Wireshark Network Security电子书

Wireshark Network Security

Table of Contents

Wireshark Network Security

Credits

About the Author

Acknowledgment

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Getting Started with Wireshark – What, Why, and How?

Sniffing

The purpose of sniffing

Packet analysis

The tools of the trade

What is Wireshark?

The Wireshark interface – Before starting the capture

Title

Menu

Main toolbar

Filter toolbar

Capture frame

Capture Help

The Files menu

Online

The Status bar

First packet capture

Summary

2. Tweaking Wireshark

Filtering our way through Wireshark

Capture filters

Display filters

The list of display filters

Wireshark profiles

Creating a new profile

Essential techniques in Wireshark

The Summary window

The Protocol Hierarchy window

The Conversations window

The Endpoints window

The Expert Infos window

Wireshark command-line fu

tshark

Starting the capture

Saving the capture to a file

Using filters

Statistics

capinfos

editcap

mergecap

Summary

3. Analyzing Threats to LAN Security

Analyzing clear-text traffic

Viewing credentials in Wireshark

FTP

Telnet

HTTP

TFTP

Reassembling data stream

Case study

Examining sniffing attacks

MAC flooding

ARP poisoning

Analyzing network reconnaissance techniques

Examining network scanning activities

Detect the scanning activity for live machines

Ping sweep

ARP sweep

Identify port scanning attempts

A TCP Connect scan

Wireshark's Flow Graph

Wireshark's Expert Info

Wireshark's Conversations

Stealth scan

Wireshark's Flow Graph

Wireshark's Expert Info

Wireshark's Conversations

NULL scan

UDP scan

Other scanning attempts

ACK scan

IP Protocol scan

OS fingerprinting attempts

Detect password cracking attempts

Brute-force attacks

Identifying POP3 password cracking

HTTP basic authentication

Dictionary-based attacks

Detecting FTP password cracking

Miscellaneous attacks

FTP bounce attack

DNS zone transfer

SSL stripping attack

Complementary tools to Wireshark

Xplico

Sysdig

Pcap2XML

SSHFlow

Important display filters

Filters based on protocols

DNS

FTP

HTTP

Filters based on unique signatures and regular expressions

Regular expressions

Nailing the CTF challenge

Summary

4. Probing E-mail Communications

E-mail forensics challenges

Challenge 1 – Normal login session

Challenge 2 – Corporate espionage

Analyzing attacks on e-mail communications

Detecting SMTP enumeration

Using auxiliary module in Metasploit

Analyzing SMTP relay attack

Important filters

Summary

5. Inspecting Malware Traffic

Gearing up Wireshark

Updated columns

Updated coloring rules

Important display filters

Malicious traffic analysis

Case study – Blackhole exploit kit

Protocols in action

The IP address of the infected box

Any unusual port number

A compromised website

Infected file(s)

Conclusion

IRC botnet(s)

Inspection

Summary

6. Network Performance Analysis

Creating a custom profile for troubleshooting

Optimization before analysis

TCP-based issues

Case study 1 – Slow Internet

Analysis

Case study 2 – Sluggish downloads

Analysis

Case study 3 – Denial of Service

SYN flood

Summary

Index