Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Wireshark 2 Quick Start Guide
Wireshark 2 Quick Start Guide

Wireshark 2 Quick Start Guide: Secure your network through protocol analysis

eBook
$9.99 $25.99
Paperback
$32.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Wireshark 2 Quick Start Guide

Installing Wireshark

This chapter provides you with an introduction to the basics of the TCP/IP model and a step-by-step walkthrough of how to install Wireshark on your favorite operating system. You will be introduced to the following topics:

  • What is Wireshark?
  • A brief overview of the TCP/IP model
  • Installing and running Wireshark on different platforms
  • Troubleshooting common installation errors

Introduction to Wireshark

Wireshark is an advanced network and protocol analyser, it lets you visualize network's activity in graphical form, and assists professionals in debugging network-level issues. Wireshark enhances the ability of network and security professionals by providing detailed insight into the network traffic. However, Wireshark is also used by malicious users to sniff network traffic in order to obtain sensitive data in the form of plain text.

Why use Wireshark?

Many people, including myself, are obsessed with the simplicity of the packet-capturing features that Wireshark provides us with. Let's quickly go through a few of the reasons why most professionals prefer Wireshark to other packet sniffers:

  • User friendly: The interface of Wireshark is easy to use and understand, tools & features are very well organized and represented.
  • Robustness: Wireshark is capable of handling enormous volumes of network traffic with ease.
  • Platform independent: Wireshark is available for different flavors of operating system, whether Windows, Linux, and Macintosh.
  • Filters: There are two kinds of filtering options available in Wireshark:
    • You choose what to capture (capture filters)
    • You choose what to display after you've captured (display filters)
  • Cost: Wireshark is a free and open source packet analyzer that is developed and maintained by a dedicated community of professionals. Wireshark also offers a few paid professional applications as well. For more details, refer to Wireshark's official website https://www.wireshark.org/.
  • Support: Wireshark is being continuously developed  by a group of contributors that are scattered around the globe. We can sign up to Wireshark's mailing list or we can get help from the online documentation, which can be accessed through the GUI itself. Various other online forums are also available for you to get the most effective help; go to Google Paid Wireshark Support to learn more about the available support.

The installation process

The installation of Wireshark is very simple and easy to follow. Go through the following steps to install it on your system:

  1. The recipes and examples in this book will be for use on a Macintosh and Windows PC; for other operating systems, the installation is the same. Some OSes, such as Kali Linux, come with a preinstalled version of Wireshark.
  2. Once you have located the correct version of Wireshark for your platform (Wireshark 2.6.1 Intel 64.dmg), install Wireshark by following the wizard.
  3. Restart the computer after completion of the installation process to commit the changes that were made.
  4. Double-click the Wireshark icon on your desktop to the run the application:
The Wireshark screen

Troubleshooting common installation errors

Go through the following simple checklist to ensure that you are able to run Wireshark successfully (make sure that all of these criterias are met):

  • You have downloaded Wireshark from known and trusted source only
  • You have administrative privileges to run Wireshark
  • The installation of Wireshark and the Winpcap driver has been completed successfully without any exceptions
  • You are connected to the network that you want to capture network traffic from
  • If you are trying to sniff using a virtual machine, ensure that you have set your network adapter to bridged mode
  • Restart your machine to ensure the changes have been applied after successful installation of Wireshark
  • Your NIC card supports promiscuous mode sniffing (when needed)
  • You can see all of the interfaces (wired, wireless, and logical) on the home screen of Wireshark
  • The line graph followed by the interface name shows activity on the Homescreen
  • Also, you have legal permissions to capture network traffic

A brief overview of the TCP/IP model

The world of network communication is governed by a set of protocols (rules and regulations) in order to function as intended. Protocols govern the transmission of network packets/segments/frames over a communication channel between endpoints. In order to understand how network packets stick together, forming a stream of traffic, we need to understand the basics of the networking that is the TCP/IP model. The TCP/IP model was originally known as the DoD model, a project that was regulated by the United States Department of Defense. All of the communication that we witness over the internet and other networks happens only through TCP/IP.

The TCP/IP model takes care of every part of packet's life cycle, namely, how a packet comes to life, how a packet is generated, how information pertaining to packet gets attached data payload (PDU), how it is routed through intermediary nodes, linking with other packets and so on.

It is strongly recommended to do some self-study on TCP/IP and how it functions, before you proceed ahead, as this book requires decent amount of familiarity with protocols.

The layers in the TCP/IP model

The TCP/IP model comprises four layers, as shown in the following diagram. Each layer has a specific purpose to fulfill and utilizes a set of protocols to facilitate communications. Every protocol in every layer has a specific purpose:

The first layer is the Application Layer, which directly interacts with users and subsequent layers and protocols; it is primarily concerned with the representation of the data in a understandable format to the user. The application layer also keeps track of user sessions, monitoring who is connected; it uses a set of protocols that helps to interface with users and other layers in the TCP/IP model. Some popular protocols in the Application Layer are as follows:

  • Hypertext Transfer Protocol (HTTP)
  • File Transfer Protocol (FTP)
  • Simple Network Management Protocol (SNMP)
  • Simple Mail Transfer Protocol (SMTP)

The second layer is the Transport Layer. The purpose of this layer is to create sockets (a combination of the port and IP address) in order to let two endpoints communicate. Sockets facilitate the creation of multiple distinct connections between two or more devices (more than one tab can be opened in Chrome).

An IP address is required for communication between devices in different networks/segments (such as is used between two router interfaces or communication over the internet). It can also be used in local area network (LAN) communication, and is established over physical addresses (MAC). Apart from the restricted range of port numbers, operating systems and applications can choose a random port (other than ports 1 to 1013) for communication.

The transport layer also serves as a backbone for the communication. The two most critical protocols that work in this layer are the TCP and UDP:

  • The TCP is a connection-oriented protocol, also called a reliable protocol. Firstly, a dedicated communication channel is established between the endpoints, which is then followed by data transmission. Equally partitioned chunks are transmitted from the source, and the receiving end sends an acknowledgement for every packet received. The side that is sending the data resends the packet if an acknowledgement is not received within a stated time frame.
  • The UDP is a connectionless protocol and is often called an unreliable communication form. In the UDP, no dedicated channel is established, which also makes it a simpler and faster way of communication. There are also no acknowledgement packets sent by the endpoints. For example, if you are playing an online game, the loss of a few packets over the communication channel is not going to hamper your gaming experience because the number of packets coming through is huge, and a few missing packets will not make much difference to the overall quality of the network stream.

The third layer is the Internet Layer, which is primarily concerned with routing and movement of data between networks. The primary protocol that works in this layer is the IP (Internet Protocol). The IP provides the network packets with the routing capability that they need in order to reach their destination. Other protocols included in this layer are the ICMP and IGMP.

The fourth and final layer is the Link Layer (often called the network interface layer). It interfaces with the physical network hardware. There are no protocols specified in this layer by the TCP/IP; however, several protocols are implemented, such as the Address Resolution Protocol (ARP) and the Point to Point Protocol(PPP). This layer is concerned with how information travels inside the communication channel (wired or wireless). The link layer is responsible for establishing and terminating the connection, as well as converting the signals from analog to digital and vice versa. Devices such as bridges and switches operate in this layer.

As data progresses from the application layer to the link layer, several bits of information are attached to the data in the form of headers or footers, which allow different layers of the TCP/IP to communicate with each other. The process of adding these extra bits is called data encapsulation, and in this process, a protocol data unit (PDU) is created at the end of the networking process (passing through the application to the link layer).

PDU consists of the data along with network addressing and protocol information that gets attached as part of the header or footer. By the time PDU reaches the bottom-most layer, it is embedded with all the required information necessary for transmission. Once the PDU reaches the destination, the attached header and footer PDU elements are ripped off one by one as it passes through each layer of the TCP/IP model and progresses upward in the model.

The following diagram depicts the process of encapsulation:

Summary

In this chapter, we looked at the basic networking concepts that you need to know, along with an introduction to Wireshark. Wireshark is a protocol analyzer that is used worldwide by technology professionals to capture and analyze network-level packets.

We also learned about the TCP/IP model. The TCP/IP model has four layers: the application layer, transport layer, network layer, and the link layer. Data is encapsulated as it passes from one layer to another; the resulting packet at the bottom is called a complete PDU.

The TCP is a reliable protocol because acknowledgements are sent as part of its process, whereas the UDP is an unreliable protocol because no acknowledgements are sent.

To install Wireshark, you just need to visit http://www.wireshark.org and then download the appropriate version for your operating system.

Troubleshooting your Wireshark can be done by ensuring that the network is working fine, that you have the full rights required to install and run the application, and that the installation had completed without any exceptions.

In the next chapter we will run our first Wireshark capture and get to feel the protocol analysis experience.

Left arrow icon Right arrow icon

Key benefits

  • <ul><li>Learn protocol analysis, optimization and troubleshooting using Wireshark, an open source tool</li>
  • <li>Learn the usage of filtering and statistical tools to ease your troubleshooting job</li>
  • <li>Quickly perform root-cause analysis over your network in an event of network failure or a security breach</li>
  • </ul>

Description

<p>Wireshark is an open source protocol analyser, commonly used among the network and security professionals. Currently being developed and maintained by volunteer contributions of networking experts from all over the globe. Wireshark is mainly used to analyze network traffic, analyse network issues, analyse protocol behaviour, etc. - it lets you see what's going on in your network at a granular level. This book takes you from the basics of the Wireshark environment to detecting and resolving network anomalies.</p> <p>This book will start from the basics of setting up your Wireshark environment and will walk you through the fundamentals of networking and packet analysis. As you make your way through the chapters, you will discover different ways to analyse network traffic through creation and usage of filters and statistical features. You will look at network security packet analysis, command-line utilities, and other advanced tools that will come in handy when working with day-to-day network operations.</p> <p>By the end of this book, you have enough skill with Wireshark 2 to overcome real-world network challenges.</p>

Who is this book for?

<p>If you are a security professional or a network enthusiast who is interested in understanding the internal working of networks and packets, then this book is for you. No prior knowledge of Wireshark is needed.</p>

What you will learn

  • <ul><li>Learn how TCP/IP works </li>
  • <li>Install Wireshark and understand its GUI</li>
  • <li>Creation and Usage of Filters to ease analysis process</li>
  • <li>Understand the usual and unusual behaviour of Protocols</li>
  • <li>Troubleshoot network anomalies quickly with help of Wireshark</li>
  • <li>Use Wireshark as a diagnostic tool for network security analysis to identify source of malware</li>
  • <li>Decrypting wireless traffic</li>
  • <li>Resolve latencies and bottleneck issues in the network</li>
  • </ul>
Estimated delivery fee Deliver to South Korea

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 27, 2018
Length: 164 pages
Edition : 1st
Language : English
ISBN-13 : 9781789342789
Languages :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to South Korea

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Publication date : Jun 27, 2018
Length: 164 pages
Edition : 1st
Language : English
ISBN-13 : 9781789342789
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 131.97
Network Analysis using Wireshark 2 Cookbook
$54.99
Wireshark 2 Quick Start Guide
$32.99
Mastering Wireshark 2
$43.99
Total $ 131.97 Stars icon
Banner background image

Table of Contents

9 Chapters
Installing Wireshark Chevron down icon Chevron up icon
Introduction to Wireshark and Packet Analysis Chevron down icon Chevron up icon
Filtering Our Way in Wireshark Chevron down icon Chevron up icon
Analyzing Application Layer Protocols Chevron down icon Chevron up icon
Analyzing the Transport Layer Protocols TCP/UDP Chevron down icon Chevron up icon
Network Security Packet Analysis Chevron down icon Chevron up icon
Analyzing Traffic in Thin Air Chevron down icon Chevron up icon
Mastering the Advanced Features of Wireshark Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(1 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
James Aug 28, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Easy to follow along, the book is written for an earlier version of Wireshark though! Should be updated to the current version!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela