Ethical Hacking and Network Analysis with Wireshark provides you with the tools and expertise to demystify the invisible conversations coursing through your cables. This definitive guide, meticulously allows you to leverage the industry-leading Wireshark to gain an unparalleled perspective on your digital landscape.
This book teaches foundational protocols like TCP/IP, SSL/TLS and SNMP, explaining how data silently traverses the digital frontier. With each chapter, Wireshark transforms from a formidable tool into an intuitive extension of your analytical skills. Discover lurking vulnerabilities before they morph into full-blown cyberattacks.
Dissect network threats like a forensic scientist and wield Wireshark to trace the digital pulse of your network, identifying and resolving performance bottlenecks with precision. Restructure your network for optimal efficiency, banish sluggish connections and lag to the digital scrapheap.
Cover
Title Page
Copyright Page
Dedication Page
About the Author
About the Reviewer
Acknowledgement
Preface
Table of Contents
1. Ethical Hacking and Networking Concepts
Introduction
Structure
Objectives
Introduction to ethical hacking
The history of ethical hacking
Importance of ethical hacking
Benefits of ethical hacking
Introduction to networking concepts
The OSI model
Importance of OSI model
Seven layers of the OSI model
The application layer
The presentation layer
The session layer
The transport layer
The network layer
The data link layer
The physical layer
Example of data flow in the OSI model
The TCP/IP model
Five layers of the TCP/IP model
The application layer
The host-to-host/transport layer
The network /internet layer
The network interface layer
The hardware/physical layer
Difference between OSI and TCP/IP models
Understanding network protocols
Communication protocols
Transmission control protocol/Internet protocol
Hypertext Transfer Protocol
File Transfer Protocol
Simple Mail Transfer Protocol
Secure Shell
Internet Mail Access Protocol
Post Office Protocol
Lightweight Directory Access Protocol
Telnet
X.25
Integrated Services Digital Network
Asynchronous Transfer Mode
Multiprotocol Label Switching
Session Initiation Protocol
Real-time Transport Protocol
Network management protocols
Simple Network Management Protocol
Remote Monitoring
Network Time Protocol
Syslog
NetFlow
Border Gateway Protocol
Open Shortest Path First
Enhanced Interior Gateway Routing Protocol
Internet Control Message Protocol
Domain Name System
Dynamic Host Configuration Protocol
Address Resolution Protocol
Link Layer Discovery Protocol
Cisco Discovery Protocol
Web-Based Enterprise Management
Security protocols
Secure Sockets Layer and Transport Layer Security
Secure Shell
Internet Protocol Security
Wi-Fi Protected Access and WPA2
Kerberos
Hypertext Transfer Protocol Secure
Pretty Good Privacy
IP networks and subnets
IP address
IPv4 and IPv6
Subnet
The breakdown and significance of IP addresses
The benefits of subnetting
What is a subnet mask
Switching and routing packets
Switching packets
Routing packets
WAN links
Wireless networking
What is network traffic
Overview of network packet sniffing
The purpose of network packet sniffing
Active and passive sniffing
Wireshark in ethical hacking and traffic analysis
Conclusion
Questions
Answers
2. Getting Acquainted with Wireshark and Setting up the Environment
Introduction
Structure
Objectives
What is Wireshark
The origin of Wireshark by Gerald Combs
The future of Wireshark
Wireshark's functionality
Wireshark's operation
Wireshark core features
Wireshark's purpose
Limitations of Wireshark
Downloading and Installing Wireshark with Libraries
System requirements
For Windows
For Linux/Unix
For macOS
Installing Wireshark on Windows
Installing Wireshark on Linux/Unix
Installing Wireshark on macOS
Exploring the Wireshark user interface
Wireshark’s Start-up screen
The menu
The main toolbar
The filter toolbar
The packet list pane
The packet details pane
The packet bytes pane
The packet diagram pane
The statusbar
Understanding Wireshark command-line tools
Running Wireshark command-line tools
Sniffing packets using Dumpcap and Tshark
Filtering packets using Dumpcap, Tshark, and Editcap
Merging trace files with Mergecap
Analyzing Pcaps using Tshark
Working with Text2pcap
Conclusion
Questions
Answers
3. Getting Started with Packet Sniffing
Introduction
Structure
Objectives
Define your sniffing targets
Choosing network interfaces
Performing a packet sniffing
Capture options: Input Tab
Capture options: Output tab
Capture options: Options tab
Remote network packet
Installing SSH on Remote Windows
Installing SSH on Remote Linux
Display and capture filters
Capture filters
Display filters
Maximizing packet capture performance
Stop sniffing, saving, and exporting packets
Stop sniffing
Saving the captured data packets
Exporting packets
Challenges/limitations of packet capturing
Conclusion
Questions
Answers
4. Sniffing on 802.11 Wireless Networks
Introduction
Structure
Objectives
802.11 wireless networks
802.11 wireless network architecture
802.11 packet structure
Wireless card modes
Difference between monitor mode and promiscuous mode
WLAN capture setup
Enabling monitor mode in Linux
Enabling monitor mode in Windows
Sniffing WLAN Network Traffic
Wi-Fi sniffer: WPA/WPA2
802.11 Client Authentication Process
802.11 Sniffer Capture Analysis: Multicast
802.11 Sniffer Capture Analysis: Web authentication
Challenges of sniffing 802.11 wireless networks
Conclusion
Questions
Answers
5. Sniffing Sensitive Information, Credentials and Files
Introduction
Structure
Objectives
Sniffing the activity over USB interfaces
Sniffing USB traffic on Windows
Sniffing USB traffic on Linux
Finding the target device
Capturing credentials on HTTP
Extracting images from PCAP file using Wireshark
PDF and ZIP files saving from Wireshark
Extracting a PDF file using Wireshark
Extracting a ZIP file using Wireshark
Capturing Telnet password
Capturing SMTP password
Identifying hosts and users with Wireshark
Conclusion
Exercises
Answers
6. Analyzing Network Traffic Based on Protocols
Introduction
Structure
Objectives
IPv4 and IPv6
IPv4 protocol analysis using Wireshark
IPv6 protocol analysis using Wireshark
ARP
ARP protocol analysis using Wireshark
ICMP
ICMP protocol analysis using Wireshark
TCP
TCP protocol analysis using Wireshark
UDP
UDP protocol analysis using Wireshark
HTTP
HTTP protocol analysis using Wireshark
FTP
FTP protocol analysis using Wireshark
SMTP
SMTP protocol analysis using Wireshark
DHCPv6
DHCPv6 protocol analysis using Wireshark
DNS
DNS protocol analysis using Wireshark
Conclusion
Questions
Answers
7. Analyzing and Decrypting SSL/TLS Traffic
Introduction
Structure
Objectives
Introduction to SSL/TLS
The history of SSL/TLS
SSL/TLS architecture and components
The SSL/TLS Handshake
TLS versus SSL Handshakes
The TLS Handshake process
What happens during a TLS Handshake
What are the steps of a TLS handshake
What is different about a handshake in TLS 1.3
Key exchange
Key exchange: A must for secure File Transfers
SSL key exchange
Popular key exchange algorithms
Decrypting SSL/TLS traffic using Wireshark
Conclusion
Questions
Answers
8. Analyzing Enterprise Applications
Introduction
Structure
Objectives
Identifying the service running over the network
Analyzing Microsoft Terminal Server and Citrix communications
Analyzing the database traffic
Analyzing SNMP traffic
Conclusion
Questions
Answers
9. Analysing VoIP Calls Using Wireshark
Introduction
Structure
Objectives
Introduction to VoIP technology
Benefits of using VoIP
VoIP architecture
Session Border Controller
Media servers
Application server
Database services
SIP services
IP PBX
Endpoint devices
IP network
Codecs
Working of VoIP
VoIP supporting protocols
Session Initiation Protocol
Real Time Transport Protocol
Real-time Transport Control Protocol
Secure Real-time Transport Protocol
H.323
Media Gateway Control Protocol
H.248 or Media Gateway Control
Signalling Connection Control Part
Session Description Protocol
Sniffing VoIP traffic
SIP call analysis
Analysing RTP Streams in VoIP Traffic
Challenges/limitations in analyzing VoIP calls through Wireshark
Conclusion
Questions
Answers
10. Analyzing Traffic of IoT Devices
Introduction
Structure
Objectives
Introduction to IoT
What are IoT devices
Major components of the IoT ecosystem
IoT architecture
Perception layer
Transport layer
Edge layer
Processing layer
Application layer
Business layer
Security layer
How IoT works
Benefits of IoT
Limitations of IoT
IoT devices: Use cases for network sniffing
Sniffing traffic of IoT devices
Analyzing traffic of IoT devices
MQTT Direct
Understanding the MQTT communication
Connect command
Subscribe request
Publish message
Conclusion
Questions
Answers
11. Detecting Network Attacks with Wireshark
Introduction
Structure
Objectives
Detecting suspicious network traffic patterns
Understanding suspicious network traffic patterns
Detecting suspicious network traffic patterns using Wireshark
Analyzing patterns and signatures of Ping sweeps
Analyzing patterns and signatures of ARP sweeps
Analyzing patterns and signatures of SYN flood attacks
Detecting port scanning
Understanding port scanning
Detecting port scanning using Wireshark
Analyzing patterns and signatures of TCP full connect scans
Detecting Denial of Service and Distributed Denial of Service attacks
Understanding DoS and DDoS attacks
Detecting DoS and DDoS attacks using Wireshark
Analyzing patterns and signatures of DoS attacks
Detecting Brute-force and application attacks
Understanding Brute-force and application attacks
Detecting Brute-force and application attacks using Wireshark
Detecting ARP poisoning
Understanding ARP poisoning
Detecting ARP poisoning using Wireshark
Detecting session hijacking
Understanding session hijacking
Detecting session hijacking using Wireshark
Detecting honeypot traffic
Understanding honeypot traffic
Detecting honeypot traffic with Wireshark
Detecting Heartbleed bug
Understanding the Heartbleed bug
Detecting the Heartbleed bug using Wireshark
Challenges/limitations of analysis of network attacks using Wireshark
Conclusion
Questions
Answers
12. Troubleshooting and Performance Analysis Using Wireshark
Introduction
Structure
Objectives
Troubleshooting methodology
Collecting the right information
Classify the problem
Divide-and-Conquer troubleshooting technique
Troubleshooting connectivity issues
Getting the workstation IP configuration
Getting network service IP addresses
Basic network connectivity
Connecting to the application services
Troubleshooting functional issues
Performance analysis methodology
Troubleshooting TCP protocol issues
The case of the challenge ACK
Troubleshooting slow application response time
Using Packet captures to analyze web application performance
Finding slow application performance with HTTP flows
Adding http.time to your capture view
Digging deeper
Addressing challenges in the troubleshooting process using Wireshark
Ethical Hacking and Network Analysis with Wireshark provides you with the tools and expertise to demystify the invisible conversations coursing through your cables. This definitive guide, meticulously allows you to leverage the industry-leading Wireshark to gain an unparalleled perspective on your digital landscape.
This book teaches foundational protocols like TCP/IP, SSL/TLS and SNMP, explaining how data silently traverses the digital frontier. With each chapter, Wireshark transforms from a formidable tool into an intuitive extension of your analytical skills. Discover lurking vulnerabilities before they morph into full-blown cyberattacks.
Dissect network threats like a forensic scientist and wield Wireshark to trace the digital pulse of your network, identifying and resolving performance bottlenecks with precision. Restructure your network for optimal efficiency, banish sluggish connections and lag to the digital scrapheap.
Table of contents
Cover
Title Page
Copyright Page
Dedication Page
About the Author
About the Reviewer
Acknowledgement
Preface
Table of Contents
1. Ethical Hacking and Networking Concepts
Introduction
Structure
Objectives
Introduction to ethical hacking
The history of ethical hacking
Importance of ethical hacking
Benefits of ethical hacking
Introduction to networking concepts
The OSI model
Importance of OSI model
Seven layers of the OSI model
The application layer
The presentation layer
The session layer
The transport layer
The network layer
The data link layer
The physical layer
Example of data flow in the OSI model
The TCP/IP model
Five layers of the TCP/IP model
The application layer
The host-to-host/transport layer
The network /internet layer
The network interface layer
The hardware/physical layer
Difference between OSI and TCP/IP models
Understanding network protocols
Communication protocols
Transmission control protocol/Internet protocol
Hypertext Transfer Protocol
File Transfer Protocol
Simple Mail Transfer Protocol
Secure Shell
Internet Mail Access Protocol
Post Office Protocol
Lightweight Directory Access Protocol
Telnet
X.25
Integrated Services Digital Network
Asynchronous Transfer Mode
Multiprotocol Label Switching
Session Initiation Protocol
Real-time Transport Protocol
Network management protocols
Simple Network Management Protocol
Remote Monitoring
Network Time Protocol
Syslog
NetFlow
Border Gateway Protocol
Open Shortest Path First
Enhanced Interior Gateway Routing Protocol
Internet Control Message Protocol
Domain Name System
Dynamic Host Configuration Protocol
Address Resolution Protocol
Link Layer Discovery Protocol
Cisco Discovery Protocol
Web-Based Enterprise Management
Security protocols
Secure Sockets Layer and Transport Layer Security
Secure Shell
Internet Protocol Security
Wi-Fi Protected Access and WPA2
Kerberos
Hypertext Transfer Protocol Secure
Pretty Good Privacy
IP networks and subnets
IP address
IPv4 and IPv6
Subnet
The breakdown and significance of IP addresses
The benefits of subnetting
What is a subnet mask
Switching and routing packets
Switching packets
Routing packets
WAN links
Wireless networking
What is network traffic
Overview of network packet sniffing
The purpose of network packet sniffing
Active and passive sniffing
Wireshark in ethical hacking and traffic analysis
Conclusion
Questions
Answers
2. Getting Acquainted with Wireshark and Setting up the Environment
Introduction
Structure
Objectives
What is Wireshark
The origin of Wireshark by Gerald Combs
The future of Wireshark
Wireshark's functionality
Wireshark's operation
Wireshark core features
Wireshark's purpose
Limitations of Wireshark
Downloading and Installing Wireshark with Libraries
System requirements
For Windows
For Linux/Unix
For macOS
Installing Wireshark on Windows
Installing Wireshark on Linux/Unix
Installing Wireshark on macOS
Exploring the Wireshark user interface
Wireshark’s Start-up screen
The menu
The main toolbar
The filter toolbar
The packet list pane
The packet details pane
The packet bytes pane
The packet diagram pane
The statusbar
Understanding Wireshark command-line tools
Running Wireshark command-line tools
Sniffing packets using Dumpcap and Tshark
Filtering packets using Dumpcap, Tshark, and Editcap
Merging trace files with Mergecap
Analyzing Pcaps using Tshark
Working with Text2pcap
Conclusion
Questions
Answers
3. Getting Started with Packet Sniffing
Introduction
Structure
Objectives
Define your sniffing targets
Choosing network interfaces
Performing a packet sniffing
Capture options: Input Tab
Capture options: Output tab
Capture options: Options tab
Remote network packet
Installing SSH on Remote Windows
Installing SSH on Remote Linux
Display and capture filters
Capture filters
Display filters
Maximizing packet capture performance
Stop sniffing, saving, and exporting packets
Stop sniffing
Saving the captured data packets
Exporting packets
Challenges/limitations of packet capturing
Conclusion
Questions
Answers
4. Sniffing on 802.11 Wireless Networks
Introduction
Structure
Objectives
802.11 wireless networks
802.11 wireless network architecture
802.11 packet structure
Wireless card modes
Difference between monitor mode and promiscuous mode
WLAN capture setup
Enabling monitor mode in Linux
Enabling monitor mode in Windows
Sniffing WLAN Network Traffic
Wi-Fi sniffer: WPA/WPA2
802.11 Client Authentication Process
802.11 Sniffer Capture Analysis: Multicast
802.11 Sniffer Capture Analysis: Web authentication
Challenges of sniffing 802.11 wireless networks
Conclusion
Questions
Answers
5. Sniffing Sensitive Information, Credentials and Files
Introduction
Structure
Objectives
Sniffing the activity over USB interfaces
Sniffing USB traffic on Windows
Sniffing USB traffic on Linux
Finding the target device
Capturing credentials on HTTP
Extracting images from PCAP file using Wireshark
PDF and ZIP files saving from Wireshark
Extracting a PDF file using Wireshark
Extracting a ZIP file using Wireshark
Capturing Telnet password
Capturing SMTP password
Identifying hosts and users with Wireshark
Conclusion
Exercises
Answers
6. Analyzing Network Traffic Based on Protocols
Introduction
Structure
Objectives
IPv4 and IPv6
IPv4 protocol analysis using Wireshark
IPv6 protocol analysis using Wireshark
ARP
ARP protocol analysis using Wireshark
ICMP
ICMP protocol analysis using Wireshark
TCP
TCP protocol analysis using Wireshark
UDP
UDP protocol analysis using Wireshark
HTTP
HTTP protocol analysis using Wireshark
FTP
FTP protocol analysis using Wireshark
SMTP
SMTP protocol analysis using Wireshark
DHCPv6
DHCPv6 protocol analysis using Wireshark
DNS
DNS protocol analysis using Wireshark
Conclusion
Questions
Answers
7. Analyzing and Decrypting SSL/TLS Traffic
Introduction
Structure
Objectives
Introduction to SSL/TLS
The history of SSL/TLS
SSL/TLS architecture and components
The SSL/TLS Handshake
TLS versus SSL Handshakes
The TLS Handshake process
What happens during a TLS Handshake
What are the steps of a TLS handshake
What is different about a handshake in TLS 1.3
Key exchange
Key exchange: A must for secure File Transfers
SSL key exchange
Popular key exchange algorithms
Decrypting SSL/TLS traffic using Wireshark
Conclusion
Questions
Answers
8. Analyzing Enterprise Applications
Introduction
Structure
Objectives
Identifying the service running over the network
Analyzing Microsoft Terminal Server and Citrix communications
Analyzing the database traffic
Analyzing SNMP traffic
Conclusion
Questions
Answers
9. Analysing VoIP Calls Using Wireshark
Introduction
Structure
Objectives
Introduction to VoIP technology
Benefits of using VoIP
VoIP architecture
Session Border Controller
Media servers
Application server
Database services
SIP services
IP PBX
Endpoint devices
IP network
Codecs
Working of VoIP
VoIP supporting protocols
Session Initiation Protocol
Real Time Transport Protocol
Real-time Transport Control Protocol
Secure Real-time Transport Protocol
H.323
Media Gateway Control Protocol
H.248 or Media Gateway Control
Signalling Connection Control Part
Session Description Protocol
Sniffing VoIP traffic
SIP call analysis
Analysing RTP Streams in VoIP Traffic
Challenges/limitations in analyzing VoIP calls through Wireshark
Conclusion
Questions
Answers
10. Analyzing Traffic of IoT Devices
Introduction
Structure
Objectives
Introduction to IoT
What are IoT devices
Major components of the IoT ecosystem
IoT architecture
Perception layer
Transport layer
Edge layer
Processing layer
Application layer
Business layer
Security layer
How IoT works
Benefits of IoT
Limitations of IoT
IoT devices: Use cases for network sniffing
Sniffing traffic of IoT devices
Analyzing traffic of IoT devices
MQTT Direct
Understanding the MQTT communication
Connect command
Subscribe request
Publish message
Conclusion
Questions
Answers
11. Detecting Network Attacks with Wireshark
Introduction
Structure
Objectives
Detecting suspicious network traffic patterns
Understanding suspicious network traffic patterns
Detecting suspicious network traffic patterns using Wireshark
Analyzing patterns and signatures of Ping sweeps
Analyzing patterns and signatures of ARP sweeps
Analyzing patterns and signatures of SYN flood attacks
Detecting port scanning
Understanding port scanning
Detecting port scanning using Wireshark
Analyzing patterns and signatures of TCP full connect scans
Detecting Denial of Service and Distributed Denial of Service attacks
Understanding DoS and DDoS attacks
Detecting DoS and DDoS attacks using Wireshark
Analyzing patterns and signatures of DoS attacks
Detecting Brute-force and application attacks
Understanding Brute-force and application attacks
Detecting Brute-force and application attacks using Wireshark
Detecting ARP poisoning
Understanding ARP poisoning
Detecting ARP poisoning using Wireshark
Detecting session hijacking
Understanding session hijacking
Detecting session hijacking using Wireshark
Detecting honeypot traffic
Understanding honeypot traffic
Detecting honeypot traffic with Wireshark
Detecting Heartbleed bug
Understanding the Heartbleed bug
Detecting the Heartbleed bug using Wireshark
Challenges/limitations of analysis of network attacks using Wireshark
Conclusion
Questions
Answers
12. Troubleshooting and Performance Analysis Using Wireshark
Introduction
Structure
Objectives
Troubleshooting methodology
Collecting the right information
Classify the problem
Divide-and-Conquer troubleshooting technique
Troubleshooting connectivity issues
Getting the workstation IP configuration
Getting network service IP addresses
Basic network connectivity
Connecting to the application services
Troubleshooting functional issues
Performance analysis methodology
Troubleshooting TCP protocol issues
The case of the challenge ACK
Troubleshooting slow application response time
Using Packet captures to analyze web application performance
Finding slow application performance with HTTP flows
Adding http.time to your capture view
Digging deeper
Addressing challenges in the troubleshooting process using Wireshark
Facebook
Twitter
Linkedin
Whatsapp