What this book covers
Chapter 1, Getting Started with Wireshark – What, Why, and How?, provides an introduction to sniffing and packet analysis and its purpose. Later, we will look at where Wireshark fits into the picture and how it can be used for packet analysis by performing our first packet capture.
Chapter 2, Tweaking Wireshark, discusses the robust features of Wireshark and how they can be useful in terms of network security. We will briefly discuss the different command-line utilities that ship with Wireshark.
Chapter 3, Analyzing Threats to LAN Security, dives into performing sniffing and capturing user credentials, analyzing network scanning attempts, and identifying password-cracking activities. In this chapter, we will also learn to use important display filters based on protocols and common attack-tool signatures and also explore regular expression-based filters. Then we will look at tools that complement Wireshark to perform further analysis and finally nail an interesting CTF challenge via the techniques learned in the chapter.
Chapter 4, Probing E-mail Communications, focuses on analyzing attacks on protocols used in e-mail communication and solving a couple of real-world e-mail communication challenges using Wireshark.
Chapter 5, Inspecting Malware Traffic, starts with creating a new profile under Wireshark for malware analysis and then picks up a capture file from an exploit kit in action and diagnoses it with the help of Wireshark. Later, we also give a brief on inspecting IRC-based botnets.
Chapter 6, Network Performance Analysis, begins by creating a troubleshooting profile under Wireshark and then discusses and analyzes TCP-based issues and takes up case studies of slow Internet, sluggish downloads, and delves further into picking up on Denial-of-Service attacks using Wireshark.
