Index

A

• 802.11 auth process
  • about / 802.11 auth process
• alerts
  • close_notify / Alert Protocol
  • unexpected_message / Alert Protocol
  • bad_record_mac / Alert Protocol
  • decryption_failed / Alert Protocol
  • record_overflow / Alert Protocol
  • decompression_failure / Alert Protocol
  • handshake_failure / Alert Protocol
  • bad_certificate / Alert Protocol
  • unsupported_certificate / Alert Protocol
  • certificate_revoked / Alert Protocol
  • certificate_expired / Alert Protocol
  • certificate_unknown / Alert Protocol
  • illegal_parameter / Alert Protocol
  • unknown_ca / Alert Protocol
  • decode_error / Alert Protocol
  • decrypt_error / Alert Protocol
  • export_restriction / Alert Protocol
  • protocol_version / Alert Protocol
  • insufficient_security / Alert Protocol
  • internal_error / Alert Protocol
  • user_canceled / Alert Protocol
  • no_renegotiation / Alert Protocol
• ARP duplicate IP detection
  • about / ARP duplicate IP detection

B

• Berkeley Packet Filter (BPF)
  • about / The capture filter options
• Bit-Twist
  • URL / Other packet analyzer tools
• BitTorrent protocol
  • about / BitTorrent
• BOOTP/DHCP
  • about / BOOTP/DHCP
  • Wireshark filter / BOOTP/DHCP Wireshark filter
  • address assignment / Address assignment
  • capture DHCPv4 traffic / Capture DHCPv4 traffic

C

• Cain
  • URL / Other packet analyzer tools
• Capture Options
  • packets, capturing with / Capturing packets with Capture Options
  • Capture Filter options / The capture filter options
• client certificate
  • about / Client certificate
• client certificate request
  • about / Client certificate request
• Client Hello message
  • about / Client Hello
  • structure / Client Hello
  • message / Client Hello
  • version / Client Hello
  • random / Client Hello
  • Session ID / Client Hello
  • cipher suites / Client Hello
  • compression methods / Client Hello
  • extensions / Client Hello
• Client Key Exchange message
  • about / Client Key Exchange
• control frames / Control frames

D

• data frames / Data frames
• decode-as feature
  • about / Decode-As
• DHCP/BOOT
  • URL / References
• DHE/ECHDE traffic
  • decrypting / Decrypting DHE/ECHDE traffic
  • forward secrecy / Forward secrecy
• Diffie-Hellman (DHE) key exchange
  • about / The Diffie-Hellman key exchange
  • naming convention / The Diffie-Hellman key exchange
  • URL / The Diffie-Hellman key exchange
• displayed packet
  • exporting / Exporting the displayed packet
• Display filter references
  • URL / References
• Distributed Reflection Denial of Service (DrDoS) / DrDoS
• Domain Name System (DNS)
  • about / DNS
  • Wireshark filter / DNS Wireshark filter
  • port / Port
  • resource records / Resource records
  • traffic / DNS traffic
  • URL / References
• DOS attack
  • about / The DOS attack
  • SYN flood / SYN flood
  • Internet Control Message Protocol (ICMP) flood / ICMP flood
  • SSL flood / SSL flood
• Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
  • about / DHCPv6
  • Wireshark filter / DHCPv6 Wireshark filter
  • multicast addresses / Multicast addresses
  • UDP port information / The UDP port information
  • message types / DHCPv6 message types
  • message exchanges / Message exchanges
  • traffic capture / DHCPv6 traffic capture
  • URL / References

E

• EAPOL / 802.1X EAPOL
• EAP over LAN / 802.1X EAPOL
• Elliptic curve cryptography (ECC) / Elliptic curve Diffie-Hellman key exchange
• Elliptic curve Diffie-Hellman cryptography (ECDHE) / Forward secrecy
• Elliptic curve Diffie-Hellman key exchange
  • about / Elliptic curve Diffie-Hellman key exchange
  • URL / Elliptic curve Diffie-Hellman key exchange
• Ettercap
  • URL / Other packet analyzer tools
• Extensible Authentication Protocol (EAP) / 802.1X EAPOL

F

• features, Wireshark
  • decode-as / Decode-As
  • protocol preference / Protocol preferences
  • IO graph, using / The IO graph
  • TCP stream, following / Following the TCP stream
  • displayed packet, exporting / Exporting the displayed packet
  • firewall ACL rules, generating / Generating the firewall ACL rules
• Filter toolbar
  • about / The Filter toolbar
  • filtering techniques / Filtering techniques
  • filter examples / Filter examples
• firewall ACL rules
  • generating / Generating the firewall ACL rules
• forward secrecy
  • about / Forward secrecy
  • references / Forward secrecy
• frames
  • about / Frames
  • management frames / Management frames
  • data frames / Data frames
  • control frames / Control frames

H

• Heartbleed
  • bug / Heartbleed bug
  • Wireshark filter / The Heartbleed Wireshark filter
  • Wireshark analysis / Heartbleed Wireshark analysis
  • testing / The Heartbleed test
  • Detector, URL / The Heartbleed test
  • online test, URL / The Heartbleed test
  • recommendations / Heartbleed recommendations
• HTTP
  • about / HTTP
  • Wireshark filter / HTTP Wireshark filter
  • use cases / HTTP use cases
  • URL / References
• HTTP, use cases
  • top http response time, finding / Finding the top HTTP response time
  • packets finding, HTTP methods based / Finding packets based on HTTP methods
  • sensitive information, finding in form post / Finding sensitive information in a form post
  • HTTP status code, using / Using HTTP status code
• HTTP protocol preferences
  • about / Protocol preferences

I

• initial sequence number (ISN) / Handshake message – first step [SYN]
• Interface Lists
  • packets, capturing with / Capturing packets with Interface Lists
  • interface names / Common interface names
• Internet Control Message Protocol (ICMP) flood, DOS attack
  • about / ICMP flood
  • mitigation / ICMP flood mitigation
• IO graph
  • using / The IO graph

K

• key exchange
  • about / Key exchange
• key exchange, types
  • Diffie-Hellman (DHE) key exchange / The Diffie-Hellman key exchange
  • Elliptic curve Diffie-Hellman key exchange / Elliptic curve Diffie-Hellman key exchange
  • RSA / RSA
• KisMac
  • URL / Wi-Fi sniffing products
• Kismet
  • URL / Wi-Fi sniffing products

M

• management frames / Management frames
• Maximum Segment Size (MSS) / Handshake message – first step [SYN]
• medium access control (MAC) layer / The 802.11 protocol stack
• message exchanges, Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
  • about / Message exchanges
  • four-message exchange / The four-message exchange
  • two-message exchange / The two-message exchange
• message types, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) / DHCPv6 message types

N

• NetStumbler
  • URL / Wi-Fi sniffing products
• No-Operation (NOP) / TCP header fields, Handshake message – first step [SYN]

O

• online nmap tool
  • URL / Vulnerability scanning

P

• 802.11 protocol stack / The 802.11 protocol stack
• packet analyzer
  • tools / Other packet analyzer tools
  • mobile packet capture / Mobile packet capture
• packet analyzers
  • uses / Uses for packet analyzers
• Packet Bytes pane
  • about / The Packet Bytes pane
• packet capture process
  • about / The Wireshark packet capture process
• Packet Details pane
  • about / The Packet Details pane
• Packet List pane
  • about / The Packet List pane
• packets
  • capturing / Guide to capturing packets
  • capturing, with Interface Lists / Capturing packets with Interface Lists
  • capturing, with Start options / Capturing packets with Start options
  • capturing, with Capture Options / Capturing packets with Capture Options
  • file, auto-capturing periodically / Auto-capturing a file periodically
• PPP (Point-to-Point Protocol) / 802.1X EAPOL
• protocol preference feature
  • about / Protocol preferences

R

• reset sequence
  • about / TCP reset sequence
  • RST after SYN-ACK / RST after SYN-ACK
  • RST after SYN / RST after SYN
• RFC675 TCP/IP
  • URL / References
• RFC793 TCP v4
  • URL / References
• RFMON (Radio Frequency Monitor) mode / WLAN capture setup
• Riverbed AirPcap adapter
  • URL / Wi-Fi sniffing products
• RSA / RSA
• RSA traffic
  • decrypting / Decrypting RSA traffic

S

• scanning
  • about / Scanning
  • vulnerability scanning / Vulnerability scanning
  • SSL scans / SSL scans
• Scapy
  • URL / Other packet analyzer tools
• server certificate
  • about / Server certificate
• Server Hello Done message
  • about / Server Hello Done
• Server Hello message
  • about / Server Hello
  • Handshake Type / Server Hello
  • version / Server Hello
  • session ID / Server Hello
  • cipher suite / Server Hello
  • extensions / Server Hello
• Server Key Exchange message
  • about / Server Key Exchange
• snoop tool
  • about / Tcpdump and snoop
• Snort
  • URL / Other packet analyzer tools
• SSL-related issues
  • debugging / Debugging issues
• SSL/TLS
  • about / An introduction to SSL/TLS
  • benefits / An introduction to SSL/TLS
  • versions / SSL/TLS versions
  • components / The SSL/TLS component
  • handshake / The SSL/TLS handshake
  • decrypting / Decrypting SSL/TLS
  • RSA traffic, decrypting / Decrypting RSA traffic
  • DHE/ECHDE traffic, decrypting / Decrypting DHE/ECHDE traffic
• SSL/TLS handshake
  • about / The SSL/TLS handshake
  • types / Types of handshake message
  • Client Hello message / Client Hello
  • Server Hello / Server Hello
  • server certificate / Server certificate
  • Server Key Exchange message / Server Key Exchange
  • client certificate request / Client certificate request
  • Server Hello Done message / Server Hello Done
  • client certificate / Client certificate
  • Client Key Exchange message / Client Key Exchange
  • Client Certificate Verify message / Client Certificate Verify
  • Change Cipher Spec record type / Change Cipher Spec
  • Finished message / Finished
  • Application Data message / Application Data
  • Alert Protocol / Alert Protocol
• SSL flood, DOS attack
  • about / SSL flood
• SSL testing
  • references / Debugging issues
• Start options
  • packets, capturing with / Capturing packets with Start options
• Stumbler
  • URL / Wi-Fi sniffing products
• Switch Port Analyzer (SPAN) port / The Wireshark packet capture process
• SYN flood, DOS attack
  • about / SYN flood
  • mitigation / SYN flood mitigation

T

• TAP (Test Access Point) / The Wireshark packet capture process
• TCP analyze sequence numbers
  • URL / References
• TCP CLOSE_STATE
  • about / How to resolve TCP CLOSE_STATE
• TCP CLOSE_WAIT
  • about / TCP CLOSE_WAIT
• TCP display filter
  • reference link / Filter examples
• tcpdump tool
  • about / Tcpdump and snoop
• TCP Dup-ACK
  • about / TCP Dup-ACK
• Tcpreplay
  • URL / Other packet analyzer tools
• TCP stream
  • following / Following the TCP stream
• TCP TIME_WAIT
  • about / TCP TIME_WAIT
• TCP Window Update
  • about / TCP Window Update
• three-way handshake, Transmission Control Protocol (TCP)
  • about / TCP three-way handshake
  • first step [SYN] / Handshake message – first step [SYN]
  • second step [SYN, ACK] / Handshake message – second step [SYN, ACK]
  • third step [ACK] / Handshake message – third step [ACK]
• TLS extensions
  • reference list / Client Hello
• Transmission Control Protocol (TCP)
  • about / Recapping TCP
  • header fields / TCP header fields
  • states / TCP states
  • connection establishment / TCP connection establishment and clearing
  • three-way handshake / TCP three-way handshake
  • data communication / TCP data communication
  • close sequence / TCP close sequence
  • Wiki, URL / References
  • TCP/IP guide, URL / References
• Transmission Control Protocol (TCP), latency
  • issues / TCP latency issues
  • identifying / Identifying latency
  • server latency example / Server latency example
  • wire latency / Wire latency
• Transmission Control Protocol (TCP), latency issues
  • causes / Cause of latency
• Transmission Control Protocol (TCP), troubleshooting
  • about / TCP troubleshooting
  • reset sequence / TCP reset sequence
  • CLOSE_WAIT / TCP CLOSE_WAIT
  • TIME_WAIT / TCP TIME_WAIT
• troubleshooting
  • packets, capturing / Troubleshooting

U

• US-CERT
  • alert TA14-017A, URL / DrDoS
• user interface, Wireshark
  • about / Wireshark user interface
  • Filter toolbar / The Filter toolbar
  • Packet List pane / The Packet List pane
  • Packet Details pane / The Packet Details pane
  • Packet Bytes pane / The Packet Bytes pane

W

• Wi-Fi networks
  • analyzing / Analyzing the Wi-Fi networks
  • frames / Frames
  • 802.11 auth process / 802.11 auth process
  • 802.1X EAPOL / 802.1X EAPOL
  • 802.11 protocol stack / The 802.11 protocol stack
• Wi-Fi sniffing products
  • about / Wi-Fi sniffing products
  • Kismet / Wi-Fi sniffing products
  • Riverbed AirPcap / Wi-Fi sniffing products
  • KisMac / Wi-Fi sniffing products
  • Stumbler / Wi-Fi sniffing products
  • NetStumbler / Wi-Fi sniffing products
• WireEdit
  • URL / Other packet analyzer tools
• Wireshark
  • about / Introducing Wireshark
  • URL / Introducing Wireshark, References
  • features / Wireshark features, Wireshark features
  • dumpcap / Wireshark's dumpcap and tshark
  • tshark / Wireshark's dumpcap and tshark
  • packet capture process / The Wireshark packet capture process
  • wiki link / 802.1X EAPOL
• Wireshark community
  • URL / Troubleshooting
• Wireshark protocol hierarchy
  • about / Wireshark protocol hierarchy
• Wireshark TCP sequence analysis
  • about / Wireshark TCP sequence analysis
  • retransmission / TCP retransmission
  • TCP ZeroWindow / TCP ZeroWindow
• WLAN capture setup
  • about / WLAN capture setup
  • multi-channel captures, URL / WLAN capture setup
  • wireless network interface controller (WNIC) / WLAN capture setup
  • AP (Access Point) / WLAN capture setup
  • monitor mode / The monitor mode

X

• 802.1X EAPOL / 802.1X EAPOL