The Wireshark Field Guide

The Wireshark Field Guide provides hackers, pen testers, and network administrators with practical guidance on capturing and interactively browsing computer network traffic. Wireshark is the world's foremost network protocol analyzer, with a rich feature set that includes deep inspection of hundreds of protocols, live capture, offline analysis and many other features.

The Wireshark Field Guide covers the installation, configuration and use of this powerful multi-platform tool. The book give readers the hands-on skills to be more productive with Wireshark as they drill down into the information contained in real-time network traffic. Readers will learn the fundamentals of packet capture and inspection, the use of color codes and filters, deep analysis, including probes and taps, and much more.

The Wireshark Field Guide is an indispensable companion for network technicians, operators, and engineers.

• Learn the fundamentals of using Wireshark in a concise field manual
• Quickly create functional filters that will allow you to get to work quickly on solving problems
• Understand the myriad of options and the deep functionality of Wireshark
• Solve common network problems
• Learn some advanced features, methods and helpful ways to work more quickly and efficiently

Dedication

Preface

About the Author

Acknowledgment

Introduction

About Wireshark

Installing Wireshark

Configuring a System

Capturing Packets

Color Codes

Filters

Sample Captures

Inspecting Packets

Deep Analysis

Saving Captures

Chapter 1. About Wireshark

1.1 Introduction

1.2 What Is Wireshark?

1.3 What Is Network and Protocol Analysis?

1.4 The History of Wireshark

1.5 Troubleshooting Problems

1.6 Using Wireshark to Analyze Data

1.7 The OSI Model

1.8 Summary

Chapter 2. Installing Wireshark

2.1 Introduction

2.2 Getting Started

2.3 Requirements

2.4 Installation Preparation

2.5 Installing Wireshark

2.6 Summary

Chapter 3. Configuring a System

3.1 Introduction

3.2 Getting Started

3.3 Configuring a Cisco Port Monitor

3.4 Other Tools and Methodologies

3.5 Summary

Chapter 4. Capturing Packets

4.1 Introduction

4.2 Getting Started

4.3 Summary

Chapter 5. Color Codes

5.1 Getting Started

5.2 Creating Color Code Lists

5.3 Adding and Removing Filters

5.4 Other Coloring Options

5.5 Summary

Chapter 6. Filters

6.1 Getting Started

6.2 Applying a Filter

6.3 Advanced Filter Creation

6.4 Other Filtering Techniques

6.5 Customized Filtering and Troubleshooting

6.6 Conversation Filters

6.7 Summary

Chapter 7. Sample Captures

7.1 Getting Started

7.2 Sample Captures

7.3 Expert Analysis

7.4 Flow Graphs

7.5 Summary

Chapter 8. Inspecting Packets

8.1 Getting Started

8.2 Understanding the Technology

8.3 Capturing and Filtering Data

8.4 Inspection of the Data

8.5 Analysis Tools

8.6 Summary

Chapter 9. Deep Analysis

9.1 Getting Started

9.2 Deep Analysis

9.3 Analyzing Flow

9.4 Troubleshooting Phones

9.5 Security Analysis

9.6 Network Performance Analysis and Optimization

9.7 Using Wireshark Online

9.8 Summary

Chapter 10. Saving Captures

10.1 Getting Started

10.2 Saving Captures

10.3 Saving Captures (Multiple Files)

10.4 Saving in Other Formats

10.5 Importing and Exporting Data

10.6 Merging Data

10.7 Summary