You're reading from Learn Wireshark A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark

Product type Paperback

Published in Aug 2022

Publisher Packt

ISBN-13 9781803231679

Length 606 pages

Edition 2nd Edition

Languages

TCP

Tools

Wireshark

Concepts

Networking

Author (1):

Lisa Bock

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1 Traffic Capture Overview

2. Chapter 1: Appreciating Traffic Analysis FREE CHAPTER

3. Chapter 2: Using Wireshark

4. Chapter 3: Installing Wireshark

5. Chapter 4: Exploring the Wireshark Interface

6. Part 2 Getting Started with Wireshark

7. Chapter 5: Tapping into the Data Stream

8. Chapter 6: Personalizing the Interface

9. Chapter 7: Using Display and Capture Filters

10. Chapter 8: Outlining the OSI Model

11. Part 3 The Internet Suite TCP/IP

12. Chapter 9: Decoding TCP and UDP

13. Chapter 10: Managing TCP Connections

14. Chapter 11: Analyzing IPv4 and IPv6

15. Chapter 12: Discovering ICMP

16. Part 4 Deep Packet Analysis of Common Protocols

17. Chapter 13: Diving into DNS

18. Chapter 14: Examining DHCP

19. Chapter 15: Decoding HTTP

20. Chapter 16: Understanding ARP

21. Part 5 Working with Packet Captures

22. Chapter 17: Determining Network Latency Issues

23. Chapter 18: Subsetting, Saving, and Exporting Captures

24. Chapter 19: Discovering I/O and Stream Graphs

25. Chapter 20: Using CloudShark for Packet Analysis

26. Assessments

27. Other Books You May Enjoy

Understanding the phases of packet analysis

Packet analysis is the process of gathering traffic on the network, decoding it and dissecting the raw bits, and presenting it in a human-readable format for analysis, as shown in the following diagram:

Figure 2.6 – The phases of packet analysis

Regardless of the software used, there are four main phases of packet analysis: gather, decode, display, and analyze. In this section, we’ll review each of the phases, starting with the first step, gather, where we collect the data from the network.

Gathering network traffic

When you launch Wireshark, a welcome screen displays a list of available network connections on your current device. In most cases, you will have more than one interface. To begin capturing immediately, you can select an active sparkline and begin the capture.

Alternatively, you can go to the Capture menu, and then go to the Options tab. This will open the following window:

...