第1页 / 共188页
第2页 / 共188页
第3页 / 共188页
第4页 / 共188页
第5页 / 共188页
第6页 / 共188页
第7页 / 共188页
第8页 / 共188页
Practical Packet Analysis 无水印pdf.pdf
PRACTICAL PACKET ANALYSIS
CONTENTS IN DETAIL
Acknowledgments
Introduction
Why This Book?
Concepts and Approach
How to Use This Book
About the Example Capture Files
1: Packet Analysis and Network Basics
What Is Packet Analysis?
Evaluating a Packet Sniffer
Supported Protocols
User Friendliness
Cost
Program Support
Operating System Support
How Packet Sniffers Work
Collection
Conversion
Analysis
How Computers Communicate
Networking Protocols
The Seven-Layer OSI Model
Protocol Interaction
Data Encapsulation
The Protocol Data Unit
Network Hardware
Traffic Classifications
2: Tapping into the Wire
Living Promiscuously
Sniffing Around Hubs
Sniffing in a Switched Environment
Port Mirroring
Hubbing Out
ARP Cache Poisoning
Using Cain & Abel
Sniffing in a Routed Environment
Network Maps
3: Introduction to Wireshark
A Brief History of Wireshark
The Benefits of Wireshark
Supported Protocols
User Friendliness
Cost
Program Support
Operating System Support
Installing Wireshark
System Requirements
Installing on Windows Systems
Installing on Linux Systems
Wireshark Fundamentals
Your First Packet Capture
The Main Window
The Preferences Dialog
Packet Color Coding
4: Working with Captured Packets
Finding and Marking Packets
Finding Packets
Marking Packets
Saving and Exporting Capture Files
Saving Capture Files
Exporting Capture Data
Merging Capture Files
Printing Packets
Time Display Formats and References
Time Display Formats
Packet Time Referencing
Capture and Display Filters
Capture Filters
Display Filters
The Filter Expression Dialog (the Easy Way)
The Filter Expression Syntax Structure (the Hard Way)
Saving Filters
5: Advanced Wireshark Features
Name Resolution
Types of Name Resolution Tools in Wireshark
Enabling Name Resolution
Potential Drawbacks to Name Resolution
Protocol Dissection
Following TCP Streams
The Protocol Hierarchy Statistics Window
Viewing Endpoints
Conversations
The IO Graphs Window
6: Common Protocols
Address Resolution Protocol
Dynamic Host Configuration Protocol
TCP/IP and HTTP
TCP/IP
Establishing the Session
Beginning the Flow of Data
HTTP Request and Transmission
Terminating the Session
Domain Name System
File Transfer Protocol
CWD Command
SIZE Command
RETR Command
Telnet Protocol
MSN Messenger Service
Internet Control Message Protocol
Final Thoughts
7: Basic Case Scenarios
A Lost TCP Connection
Unreachable Destinations and ICMP Codes
Unreachable Destination
Unreachable Port
Fragmented Packets
Determining Whether a Packet Is Fragmented
Keeping Things in Order
No Connectivity
What We Know
Tapping into the Wire
Analysis
Summary
The Ghost in Internet Explorer
What We Know
Tapping into the Wire
Analysis
Summary
Inbound FTP
What We Know
Tapping into the Wire
Analysis
Summary
It’s Not My Fault!
What We Know
Tapping into the Wire
Analysis
Summary
An Evil Program
What We Know
Tapping into the Wire
Analysis
Summary
Final Thoughts
8: Fighting a Slow Network
Anatomy of a Slow Download
A Slow Route
What We Know
Tapping into the Wire
Analysis
Summary
Double Vision
What We Know
Tapping into the Wire
Analysis
Summary
Did That Server Flash Me?
What We Know
Tapping into the Wire
Analysis
Summary
A Torrential Downfall
What We Know
Tapping into the Wire
Analysis
Summary
POP Goes the Email Server
What We Know
Tapping into the Wire
Analysis
Summary
Here’s Something Gnu
What We Know
Tapping into the Wire
Analysis
Summary
Final Thoughts
9: Security-based Analysis
OS Fingerprinting
A Simple Port Scan
The Flooded Printer
What We Know
Tapping into the Wire
Analysis
Summary
An FTP Break-In
What We Know
Tapping into the Wire
Analysis
Summary
Blaster Worm
What We Know
Tapping into the Wire
Analysis
Summary
Covert Information
What We Know
Tapping into the Wire
Analysis
Summary
A Hacker’s Point of View
What We Know
Tapping into the Wire
Analysis
Summary
10: Sniffing into Thin Air
Sniffing One Channel at a Time
Wireless Signal Interference
Wireless Card Modes
Sniffing Wirelessly in Windows
Configuring AirPcap
Capturing Traffic with AirPcap
Sniffing Wirelessly in Linux
802.11 Packet Extras
802.11 Flags
The Beacon Frame
Wireless-Specific Columns
Wireless-Specific Filters
Filtering Traffic for a Specific BSS Id
Filtering Specific Wireless Packet Types
Filtering Specific Data Types
A Bad Connection Attempt
What We Know
Tapping into the Wire Air
Analysis
Summary
Final Thoughts
11: Further Reading
Afterword
Index
D O N ’ T J U S T S T A R E
D O N ’ T J U S T S T A R E
A T C A P T U R E D
A T C A P T U R E D
P A C K E T S .
P A C K E T S .
A N A LY Z E T H E M .
A N A LY Z E T H E M .
Download the capture files
used in this book from
www.nostarch.com/packet.htm
It’s easy enough to install Wireshark and begin capturing
packets off the wire—or from the air. But how do you
interpret those packets once you’ve captured them? And
how can those packets help you to better understand
what’s going on under the hood of your network?
Practical Packet Analysis shows how to use Wireshark
to capture and then analyze packets as you take an in-
depth look at real-world packet analysis and network
troubleshooting. The way the pros do it.
Wireshark (derived from the Ethereal project), has
become the world’s most popular network sniffing appli-
cation. But while Wireshark comes with documentation,
there’s not a whole lot of information to show you how
to use it in real-world scenarios. Practical Packet Analysis
shows you how to:
• Use packet analysis to tackle common network
problems, such as loss of connectivity, slow networks,
malware infections, and more
• Build customized capture and display filters
• Tap into live network communication
• Graph traffic patterns to visualize the data flowing
across your network
• Use advanced Wireshark features to understand
confusing packets
• Build statistics and reports to help you better explain
technical network information to non-technical users
Because net-centric computing requires a deep under-
standing of network communication at the packet level,
Practical Packet Analysis is a must have for any network
technician, administrator, or engineer troubleshooting
network problems of any kind.
A B O U T T H E A U T H O R
Chris Sanders is the network administrator for the
Graves County Schools in Kentucky, where he
manages more than 1,800 workstations, 20 servers,
and a user base of nearly 5,000. His website,
ChrisSanders.org, offers tutorials, guides, and
technical commentary, including the very popular
Packet School 101. He is also a staff writer for
WindowsNetworking.com and WindowsDevCenter.com.
He uses Wireshark for packet analysis almost daily.
T E C H N I C A L R E V I E W B Y G E R A L D C O M B S, C R E AT O R O F W I R E S H A R K
TH E FI N EST I N G E E K E NTE RTAI N M E NT ™
www.nostarch.com
®
“I LAY FLAT.”
This book uses RepKover —a durable binding that won’t snap shut.
Printed on recycled paper
$39.95 ($49.95 CDN)
PR ACTICAL
PACKE T ANALYSIS
U S I N G W I R E S H A R K T O S O L V E R E A L - W O R L D
N E T W O R K P R O B L E M S
C H R I S S A N D E R S
P
R
A
C
T
I
C
A
L
P
A
C
K
E
T
A
N
A
L
Y
S
I
S
S
A
N
D
E
R
S
N
E
T
W
O
R
K
S
H
E
L
V
E
I
N
I
:
N
G
/
S
E
C
U
R
I
T
Y
www.it-ebooks.info
®
TECHNICAL REVIEW BY GERALD COMBS, CREATOR OF WIRESHARKPRACTICAL PACKET ANALYSISPRACTICAL PACKET ANALYSIS
www.it-ebooks.info
PRACTICAL PACKET ANALYSIS
www.it-ebooks.info
www.it-ebooks.info
PRACTICAL PACKET
ANALYSIS
Using Wireshark to Solve
Real-World Network
Problems
by Chris Sanders
®
San Francisco
www.it-ebooks.info
PRACTICAL PACKET ANALYSIS. Copyright © 2007 by Chris Sanders.
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior
written permission of the copyright owner and the publisher.
Printed on recycled paper in the United States of America
11 10 09 08 07
1 2 3 4 5 6 7 8 9
ISBN-10: 1-59327-149-2
ISBN-13: 978-1-59327-149-7
Publisher: William Pollock
Production Editor: Christina Samuell
Cover and Interior Design: Octopod Studios
Developmental Editor: William Pollock
Technical Reviewer: Gerald Combs
Copyeditor: Megan Dunchak
Compositor: Riley Hoffman
Proofreader: Elizabeth Campbell
Indexer: Nancy Guenther
For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
555 De Haro Street, Suite 250, San Francisco, CA 94107
phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com
Library of Congress Cataloging-in-Publication Data
Sanders, Chris, 1986-
Practical packet analysis : using Wireshark to solve real-world network problems / Chris Sanders.
p. cm.
ISBN-13: 978-1-59327-149-7
ISBN-10: 1-59327-149-2
1. Computer network protocols. 2. Packet switching (Data transmission) I. Title.
TK5105.55.S265 2007
004.6'6--dc22
2007013453
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and
company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark
symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the
benefit of the trademark owner, with no intention of infringement of the trademark.
The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been
taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any
person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the
information contained in it.
www.it-ebooks.info
This book is dedicated to my parents, who bought
the first computer I ever programmed.
www.it-ebooks.info
www.it-ebooks.info
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
