第1页 / 共452页
第2页 / 共452页
第3页 / 共452页
第4页 / 共452页
第5页 / 共452页
第6页 / 共452页
第7页 / 共452页
第8页 / 共452页
Network Analysis Using Wireshark Cookbook 无水印pdf.pdf
Cover
Copyright
Credits
About the Author
Acknowledgments
About the Reviewers
Table of Contents
Preface
1: Introducing Wireshark
Introduction
Locating Wireshark
Starting the capture of data
Configuring the start window
Using time values and summaries
Configuring coloring rules and navigation techniques
Saving, printing, and exporting data
2: Using Capture Filters
Introduction
Configuring capture filters
Configuring Ethernet filters
Configuring host and network filters
Configuring TCP/UDP and port filters
Configuring compound filters
Configuring byte offset and payload matching filters
3: Using Display Filters
Introduction
Configuring display filters
Configuring Ethernet, ARP, host, and network filters
Configuring TCP/UDP filters
Configuring specific protocol filters
Configuring substring operator filters
Configuring macros
4: Using Basic Statistics Tools
Introduction
Using the Conversations tool from the Statistics menu
Using the Endpoints tool from the Statistics menu
Creating IP-based statistics
5: Using Advanced Statistics Tools
Introduction
Throughput measurements with IO Graph
Advanced IO Graph configurations with advanced Y-Axis parameters
Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
6: Using the Expert Infos Window
Introduction
The Expert Infos window and how to use it for network troubleshooting
Error events and understanding them
Warnings events and understanding them
Notes events and understanding them
7: Ethernet, LAN Switching, and Wireless LAN
Introduction
Discovering broadcast and error storms
Analyzing Spanning Tree Protocols
Analyzing wireless (Wi-Fi) problems
8: ARP and IP Analysis
Introduction
Analyzing connectivity problems with ARP
Using IP traffic analysis tools
Using GeoIP to look up physical locations of the IP address
Analyzing routing problems
Finding duplicate IPs
Analyzing DHCP problems
9: UDP/TCP Analysis
Introduction
Configuring TCP and UDP preferences for troubleshooting
TCP connection problems
TCP retransmission – where do they come from and why
Duplicate ACKs and fast retransmissions
TCP out-of-order packets events
TCP Zero Window, Window Full, Window Change, and other Window indicators
TCP resets and why they happen
10: HTTP and DNS
Introduction
Filtering DNS traffic
Analyzing regular DNS operations
Analysing DNS problems
Filtering HTTP traffic
Analyzing HTTP problems
Exporting HTTP objects
HTTP flow analysis and the Follow TCP Stream window
Analyzing HTTPS traffic – SSL/TLS basics
11: Analyzing Enterprise Applications' Behavior
Introduction
Finding out what is running over your network
Analyzing FTP problems
Analyzing e-mail traffic and troubleshooting e-mail problems: POP, IMAP, and SMTP
Analyzing MS-TS and Citrix communications problems
Analyzing problems in the NetBIOS protocols
12: SIP, Multimedia, and IP Telephony
Introduction
Using Wireshark's features for telephony and multimedia analysis
Analyzing SIP connectivity
Analyzing RTP/RTCP connectivity
Troubleshooting scenarios for video and surveillance applications
Troubleshooting scenarios for IPTV applications
Troubleshooting scenarios for video conferencing applications
Troubleshooting RTSP
13: Troubleshooting Bandwidth and Delay Problems
Introduction
Measuring total bandwidth on a communication link
Measuring bandwidth and throughput per
user and per application over a network connection
Monitoring jitter and delay using Wireshark
Discovering delay/jitter-related application problems
14: Understanding Network Security
Introduction
Discovering unusual traffic patterns
Discovering MAC- and ARP-based attacks
Discovering ICMP and TCP SYN/Port scans
Discovering DoS and DDoS attacks
Locating smart TCP attacks
Discovering brute-force and application attacks
Appendix: Links, Tools, and Reading
Useful Wireshark links
tcpdump
Some additional tools
Network analysers
Interesting websites
Books
Index
Network Analysis
Using Wireshark
Cookbook
Over 80 recipes to analyze and troubleshoot network
problems using Wireshark
Yoram Orzach
BIRMINGHAM - MUMBAI
Network Analysis Using Wireshark
Cookbook
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the
information presented. However, the information contained in this book is sold without
warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers
and distributors will be held liable for any damages caused or alleged to be caused directly
or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: December 2013
Production Reference: 1171213
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-84951-764-5
www.packtpub.com
Cover Image by iStockPhoto
Credits
Author
Yoram Orzach
Reviewers
Charles L. Brooks
Praveen Darshanam
Ritwik Ghoshal
Gilbert Ramirez
Acquisition Editors
Nikhil Chinnari
Akram Hussain
Antony Lowe
Lead Technical Editor
Ritika Dewani
Copy Editors
Roshni Banerjee
Janbal Dharmaraj
Brandt D'Mello
Kirti Pai
Shambhavi Pai
Alfida Paiva
Lavina Pereira
Sayanee Mukherjee
Karuna Narayanan
Technical Editors
Vrinda Nitesh Bhosale
Amit Ramadas
Pratik More
Anita Nayak
Project Coordinator
Anugya Khurana
Proofreader
Bridget Braund
Indexers
Monica Ajmera Mehta
Rekha Nair
Priya Subramani
Graphics
Disha Haria
Abhinash Sahu
Production Coordinator
Nitesh Thakur
Cover Work
Nitesh Thakur
About the Author
Yoram Orzach gained his Bachelor's degree in Science from the Technion in Haifa, Israel,
and worked in Bezeq as a systems engineer in the fields of transmission and access networks
from 1991 to 1995. In 1995, he joined Netplus from the Leadcom group as technical manager,
and since 1999 he has worked as the CTO of NDI Communications (www.ndi-com.com),
involved in the design, implementation, and troubleshooting of data communication networks
worldwide. Yoram's experience is both with corporate networks, service providers, and Internet
service provider's networks, and among his customers are companies such as Comverse,
Motorola, Intel, Ceragon networks, Marvel, HP, and others. Yoram's experience is in design,
implementation, and troubleshooting, along with training for R&D, engineering, and IT groups.
Acknowledgments
First and foremost, I would like to thank my family: my parents Israel and Selma; my father,
the smartest man on earth, who survived the holocaust weighing 35 kilos alone in the world,
and 40 years later became a leading expert in telecommunications; my mother, who taught
me so many things; my amazing wife Ena, who has been tolerating me being at work over the
last 20 years and more; my children Nadav, Dana, and Idan, whose achievements made my
work look so simple. Thanks to my sister Hana, her husband Ofer, and their children.
I would also like to thank many colleagues. First, Reuven Matzliach, who started the Comverse
IP college with me in the later 90s, transferring Comverse from TDM to IP networks, and
helped me through some difficult times. Along with him, I would like to thank Omer Fuchs and
Moshe Sakal for their assistance in this great project. Thanks to many colleagues and friends,
who this paper is too short to mention.
Thanks to Lior Tzuberi, for many tips and case studies. Hanan Man, for a very interesting
network. Yoel Saban and Rami Kletshevsky for very interesting network designs; your design
groups are one of the best I've ever seen. Zvi Shacham, for the data-communication teaching
experience I've gained from him. Asi Alajem for a very interesting network and Oren Gerstner for
very interesting wireless cases. Chen Heffer, the best security expert I've ever known. Yoni Zini,
for helping me with the system part. Ibrahim Jubram, for very interesting cellular cases. Ofer
Sela, for very interesting projects. Amir Lavi and Eran Niditz, for very interesting cases. Dimitrios
Liappis, for interesting cellular cases. Avner Mimon, for great tips and so many others.
Thanks to many training professionals that I've learned so much from. Thirty years ago I
thought giving courses is fun; you taught me it's a profession. Harriet Rubin, Merav Sagi,
Rvital Keinan, Guy Einav, Raanan Dagan, and many others.
Special thanks to Yoav Nokrean and his son Eran, who assisted me with many ideas,
giving me assistance in all possible ways.
I would also like to thank the many colleagues who worked with me over the years; to
customers at home, in Europe, North America, Eastern Asia, and other exotic places.
Troubleshooting a network is always the same, the only question is, is it snowing outside
or is there an exotic coast nearby with tequila?
Special thanks to the many designers that designed bad networks, to developers that
wrote strange implementations for TCP/IP, to IT guys who connected the wrong cables, to
engineering departments who thought that you just connect the cables to the boxes and it
works. That's the best way to learn networking.
To many thousands of students, thanks to all of them for all the hard questions and the
interesting cases that you brought with you; I've learned new things in every course. There
is nothing that is more fun than connecting to networks and fixing problems in real time.
My admiration to the networking and security pioneers—Vint Cerf, Bob Kahn, Radia Perlman,
Adi Shamir, Ronald Rivest, Van Jacobson, Steven McCanne, and so many others. Without you,
we wouldn't have all this.
And lastly to Packt Publishing, for coming up with the idea to write this book and very patiently
accompanying me through the process.
About the Reviewers
Charles L. Brooks is the founder and principal consultant at Security Technical Education,
where he offers services in technical writing, reviewing, instructional design, and education.
Charles also facilitates online courses at Boston University in data communications and
networking, and teaches courses in network security, secure software development, securing
virtualized and cloud infrastructures at Brandeis University, Rabb School of Graduate
Professional Studies, in the MS in Information Security program. Prior to founding Security
Technical Education (www.securityteched.com), Charles worked at EMC and at RSA as a
senior technical education consultant, developing courseware for storage security, Big Data,
network security analysis, and network forensics. Prior to EMC, Charles worked for many years
as a software engineer, team leader, and software architect; and most recently as a systems
architect for a managed VPN service offered by GTE Internetworking and Genuity.
Charles earned a BS and MA degree in English from Clark University, a MSCIS degree
from Boston University, and holds several industry certifications including the CISSP, CEH,
and CHFI.
I want to thank Helyn Pultz for her encouragement, support, and timely
counsel for all these many years.
Praveen Darshanam has over seven years of experience in Information Security with
companies such as McAfee, Cisco Systems, and iPolicy Networks. His core expertise and
passions are vulnerability research, signature development, Snort, application security,
and malware analysis. He pursued B.Tech in Electrical Engineering (EE) and ME/M.Tech in
Control and Instrumentation; EE from one of the premier institutes of India. He holds industry
certifications such as CHFI, CEH, and ECSA.
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
