Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Analysis using Wireshark Cookbook

You're reading from   Network Analysis using Wireshark Cookbook This book will be a massive ally in troubleshooting your network using Wireshark, the world's most popular analyzer. Over 100 practical recipes provide a focus on real-life situations, helping you resolve your own individual issues.

Arrow left icon
Product type Paperback
Published in Dec 2013
Publisher Packt
ISBN-13 9781849517645
Length 452 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Yoram Orzach Yoram Orzach
Author Profile Icon Yoram Orzach
Yoram Orzach
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Introducing Wireshark FREE CHAPTER 2. Using Capture Filters 3. Using Display Filters 4. Using Basic Statistics Tools 5. Using Advanced Statistics Tools 6. Using the Expert Infos Window 7. Ethernet, LAN Switching, and Wireless LAN 8. ARP and IP Analysis 9. UDP/TCP Analysis 10. HTTP and DNS 11. Analyzing Enterprise Applications' Behavior 12. SIP, Multimedia, and IP Telephony 13. Troubleshooting Bandwidth and Delay Problems 14. Understanding Network Security A. Links, Tools, and Reading Index

Discovering MAC- and ARP-based attacks

There are various types of layer-2 MAC-based attacks and layer-2/3 ARP attacks that can be easily discovered by Wireshark. These attacks are usually caused by scanners (described in the next recipe) and man-in-the-middle attacks (described in the Analyzing connectivity problems with ARP recipe in Chapter 8, ARP and IP Analysis). In this recipe, we will see some typical attack patterns and their meanings.

Getting ready

When viewing too many ARP requests on a network or when seeing non-standard MAC addresses in the network, connect Wireshark with port mirror to their source and start the capture.

How to do it...

To look for ARP/MAC-based attacks, follow these steps:

  1. Connect Wireshark to any port on the network.
  2. Look for massive ARP broadcasts. Since ARP requests are broadcasts, they will be distributed in the entire layer-2 network (that is, on a single VLAN). In the following screenshot, you can see a typical ARP-scan pattern. It's important to note...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime