Preface

• What this book covers
• What you need for this book
• Who this book is for
• Conventions
• Reader feedback
• Customer support

1. Introducing Wireshark FREE CHAPTER

• Introduction
• Locating Wireshark
• Starting the capture of data
• Configuring the start window
• Using time values and summaries
• Configuring coloring rules and navigation techniques
• Saving, printing, and exporting data
• Configuring the user interface in the Preferences menu
• Configuring protocol preferences

2. Using Capture Filters

• Introduction
• Configuring capture filters
• Configuring Ethernet filters
• Configuring host and network filters
• Configuring TCP/UDP and port filters
• Configuring compound filters
• Configuring byte offset and payload matching filters

3. Using Display Filters

• Introduction
• Configuring display filters
• Configuring Ethernet, ARP, host, and network filters
• Configuring TCP/UDP filters
• Configuring specific protocol filters
• Configuring substring operator filters
• Configuring macros

4. Using Basic Statistics Tools

• Introduction
• Using the Summary tool from the Statistics menu
• Using the Protocol Hierarchy tool from the Statistics menu
• Using the Conversations tool from the Statistics menu
• Using the Endpoints tool from the Statistics menu
• Using the HTTP tool from the Statistics menu
• Configuring Flow Graph for viewing TCP flows
• Creating IP-based statistics

5. Using Advanced Statistics Tools

• Introduction
• Configuring IO Graphs with filters for measuring network performance issues
• Throughput measurements with IO Graph
• Advanced IO Graph configurations with advanced Y-Axis parameters
• Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
• Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
• Getting information through TCP stream graphs – the Throughput Graph window
• Getting information through TCP stream graphs – the Round Trip Time window
• Getting information through TCP stream graphs – the Window Scaling Graph window

6. Using the Expert Infos Window

• Introduction
• The Expert Infos window and how to use it for network troubleshooting
• Error events and understanding them
• Warning events and understanding them
• Notes events and understanding them

7. Ethernet, LAN Switching, and Wireless LAN

• Introduction
• Discovering broadcast and error storms
• Analyzing Spanning Tree Protocols
• Analyzing VLANs and VLAN tagging issues
• Analyzing wireless (Wi-Fi) problems

8. ARP and IP Analysis

• Introduction
• Analyzing connectivity problems with ARP
• Using IP traffic analysis tools
• Using GeoIP to look up physical locations of the IP address
• Finding fragmentation problems
• Analyzing routing problems
• Finding duplicate IPs
• Analyzing DHCP problems

9. UDP/TCP Analysis

• Introduction
• Configuring TCP and UDP preferences for troubleshooting
• TCP connection problems
• TCP retransmission – where do they come from and why
• Duplicate ACKs and fast retransmissions
• TCP out-of-order packet events
• TCP Zero Window, Window Full, Window Change, and other Window indicators
• TCP resets and why they happen

10. HTTP and DNS

• Introduction
• Filtering DNS traffic
• Analyzing regular DNS operations
• Analysing DNS problems
• Filtering HTTP traffic
• Configuring HTTP preferences
• Analyzing HTTP problems
• Exporting HTTP objects
• HTTP flow analysis and the Follow TCP Stream window
• Analyzing HTTPS traffic – SSL/TLS basics

11. Analyzing Enterprise Applications' Behavior

• Introduction
• Finding out what is running over your network
• Analyzing FTP problems
• Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
• Analyzing MS-TS and Citrix communications problems
• Analyzing problems in the NetBIOS protocols
• Analyzing database traffic and common problems

12. SIP, Multimedia, and IP Telephony

• Introduction
• Using Wireshark's features for telephony and multimedia analysis
• Analyzing SIP connectivity
• Analyzing RTP/RTCP connectivity
• Troubleshooting scenarios for video and surveillance applications
• Troubleshooting scenarios for IPTV applications
• Troubleshooting scenarios for video conferencing applications
• Troubleshooting RTSP

13. Troubleshooting Bandwidth and Delay Problems

• Introduction
• Measuring total bandwidth on a communication link
• Measuring bandwidth and throughput per user and per application over a network connection
• Monitoring jitter and delay using Wireshark
• Discovering delay/jitter-related application problems

14. Understanding Network Security

• Introduction
• Discovering unusual traffic patterns
• Discovering MAC- and ARP-based attacks
• Discovering ICMP and TCP SYN/Port scans
• Discovering DoS and DDoS attacks
• Locating smart TCP attacks
• Discovering brute-force and application attacks

A. Links, Tools, and Reading

• Useful Wireshark links
• tcpdump
• Some additional tools
• Network analysers
• Interesting websites
• Books

Index