Wireshark Workbook 1: Practice, Challenges, and Solutions - Couverture souple

Synopsis

Wireshark is the world's most popular network analyzer, used for troubleshooting, forensics, optimization, and more. It's considered one of the most successful open source projects of all time.

Laura Chappell has been involved in the Wireshark project since its infancy (then called Ethereal) and is regarded as the leading authority on network protocol analysis and forensics using Wireshark. Laura Chappell, Protocol Analysis Institute, and Chappell University are not affiliated with the Wireshark Foundation.

The WCNA Certification is the top global program for network analysis, with certified analysts in over 90 countries and DoD 8570 certification since 2009.

This book features 16 labs based on Laura's popular "Packet Challenges," introduced at trade shows over a decade ago. You'll test your Wireshark and TCP/IP skills by answering questions based on trace files, followed by Laura's detailed, step-by-step solutions.

Lab 1: Wireshark Warm-Up

Objective: Get Comfortable with the Lab Process. Completion of this lab requires many of the skills you will use throughout this lab book. If you are a bit shaky on any answer, take time when reviewing the answers to this lab to ensure you have mastered the necessary skill(s).

Lab 2: Proxy Problem

Objective: Examine issues that relate to a web proxy connection problem.

Lab 3: HTTP vs. HTTPS

Objective: Analyze and compare HTTP and HTTPS communications and errors using inclusion and field existence filters.

Lab 4: TCP SYN Analysis

Objective: Filter on and analyze TCP SYN and SYN/ACK packets to determine the capabilities of TCP peers and their connections.

Lab 5: TCP SEQ/ACK Analysis

Objective: Examine and analyze TCP sequence and acknowledgment numbering and Wireshark's interpretation of non-sequential numbering patterns.

Lab 6: You're Out of Order!

Objective: Examine Wireshark's process of distinguishing between out-of-order packets and retransmissions and identify mis-identifications.

Lab 7: Sky High

Objective: Examine and analyze traffic captured as a host was redirected to a malicious site.

Lab 8: DNS Warm-Up

Objective: Examine and analyze DNS name resolution traffic that contains canonical name and multiple IP address responses.

Lab 9: Hacker Watch

Objective: Analyze TCP connections and FTP command and data channels between hosts.

Lab 10: Timing is Everything

Objective: Analyze and compare path latency, name resolution, and server response times.

Lab 11: The News

Objective: Analyze capture location, path latency, response times, and keepalive intervals between an HTTP client and server.

Lab 12: Selective ACKs

Objective: Analyze the process of establishing Selective acknowledgment (SACK) and using SACK during packet loss recovery.

Lab 13: Just DNS

Objective: Analyze, compare, and contrast various DNS queries and responses to identify errors, cache times, and CNAME (alias) information.

Lab 14: Movie Time

Objective: Use various display filter types, including regular expressions (regex), to analyze HTTP redirections, end-of-field values, object download times, errors, response times and more.

Lab 15: Crafty

Objective: Practice your display filter skills using "contains" operators, ASCII filters, and inclusion/exclusion filters, while analyzing TCP and HTTP performance parameters.

Lab 16: Pattern Recognition

Objective: Focus on TCP conversations and endpoints while analyzing TCP sequence numbers, Window Scaling, keep-alive, and Selective Acknowledgment capabilities.

Les informations fournies dans la section « Synopsis » peuvent faire référence à une autre édition de ce titre.