Preface
Wireshark is the tool of choice for network administration and troubleshooting, but its scalability goes beyond that. It is an excellent aid in performing an in-depth analysis of issues pertaining to the overall security of the network. Several tools and devices are available in the market to detect network-related attacks and take appropriate actions based on a predefined set of rules. However, at a very granular level, it all boils down to frames, or sometimes interchangeably called as packets, and the data they carry.
This book is written from the standpoint of using Wireshark to detect security-concerning flaws in commonly used network protocols and analyze the attacks from popular tools such as Nmap, Nessus, Ettercap, Metasploit, THC Hydra, and Sqlmap. In the later part of the book, we will dive into inspecting malware traffic from an exploit kit and IRC botnet and solve real-world Capture-The-Flag (CTF) challenges using Wireshark, basic Python code, and tools that complement Wireshark.