You're reading from Learn Wireshark A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark

Product type Paperback

Published in Aug 2022

Publisher Packt

ISBN-13 9781803231679

Length 606 pages

Edition 2nd Edition

Languages

TCP

Tools

Wireshark

Concepts

Networking

Author (1):

Lisa Bock

Preface

1. Part 1 Traffic Capture Overview

2. Chapter 1: Appreciating Traffic Analysis FREE CHAPTER

3. Chapter 2: Using Wireshark

4. Chapter 3: Installing Wireshark

5. Chapter 4: Exploring the Wireshark Interface

6. Part 2 Getting Started with Wireshark

7. Chapter 5: Tapping into the Data Stream

8. Chapter 6: Personalizing the Interface

9. Chapter 7: Using Display and Capture Filters

10. Chapter 8: Outlining the OSI Model

11. Part 3 The Internet Suite TCP/IP

12. Chapter 9: Decoding TCP and UDP

13. Chapter 10: Managing TCP Connections

14. Chapter 11: Analyzing IPv4 and IPv6

15. Chapter 12: Discovering ICMP

16. Part 4 Deep Packet Analysis of Common Protocols

17. Chapter 13: Diving into DNS

18. Chapter 14: Examining DHCP

19. Chapter 15: Decoding HTTP

20. Chapter 16: Understanding ARP

21. Part 5 Working with Packet Captures

22. Chapter 17: Determining Network Latency Issues

23. Chapter 18: Subsetting, Saving, and Exporting Captures

24. Chapter 19: Discovering I/O and Stream Graphs

25. Chapter 20: Using CloudShark for Packet Analysis

26. Assessments

27. Other Books You May Enjoy

Questions

Now it's time to check your knowledge. Select the best response and then check your answers, which can be found in the Assessments appendix:

Packet analysis has been around in some form since the _____ as a diagnostic tool to observe data and other information traveling across the network.
1. 1950s
2. 1960s
3. 1970s
4. 1990s
Packet analysis is used in the real world in many forms. One is the DHS _____system, which monitors for threats.
1. CARVER
2. Packet
3. EINSTEIN
4. DESTINY3
In the expert system, _____ provides information about typical workflows such as TCP window updates or connection finishes.
1. Note
2. Chat
3. Error
4. Warn
A ____ provides a snapshot of network traffic during a window of time using Wireshark or tshark. Characteristics can include utilization, network protocols, and effective throughput forwarding rates.
1. Round Robin
2. DORA process
3. Baseline
4. WinCheck
Monitoring for threats occurs in one of three ways. _____ is when a system has fallen victim to an attack and the incident response team manages the attack, followed by a forensic exercise.
1. Proactive
2. Reactive
3. Active
4. Redactive
When testing _____ using Wireshark, you will be able to determine how they communicate once active and see whether they phone home without being prompted.
1. ACLs
2. Expert systems
3. IoT devices
4. IDSes
When obtaining an IP address, DHCP will go through a four-part transaction called the _____.
1. Round Robin
2. DORA process
3. Baseline
4. WinCheck